Re: [PLUG] Ubuntu 24.04 LTS released
On Thu, 25 Apr 2024, Paul Heinlein wrote: https://u35970666.ct.sendgrid.net/ls/click?upn=u001.6Dgli3a5-2FDN4jL9NBXBO-2FaRTtgndBr5bC5o2-2BEv1MnV6I-2BpTCuZHue6YBUpqjW-2B7qGJbqGU5yZDa5s7AS5z2UW7pL6xlCL2ZDaEboE8cTLVyfZX1zaXpjKn40QoIcPueqSgdmZx2K0oekKvlKHgAIoKHbRDMqYz4D3cu-2Bssby6awCYBM8nAE6Oa1DiQa6i-2Bxfeo3sJmoHBcUArx138XfABnJODns4-2B-2FJtcYMxkg9af-2B0ARGNdjKfkoqqyS6QEJ1QQY8CDsiE7bZSacvcLylC-2F9D9CWyUAh-2BhtohCpWRFT8I-2BaudiQQcqVlne5aM0xlDo0P0JK0-2BNUfOOz9YxFA4fctx8PWSHri2hQszoWIuy9-2F6Q6S7QM6UfLH-2FsaYMWhJybgPHN06JSGUQaj8hYowIJPjc1y7XpyFiJXWbc1qZiLFNchK-2Bel-2BFKTUfNYU85H9kZh-2B0c7S-2Bn-2BhzfEYCoV48Cvq-2B1Z7C0uPGe0t1Ixnce-2BWFa647m0Ho2Dx3tPy3dFjirmtPn2wzTuosw2imoAjRN7yIS4F14jqLXvwGnrLp1zqmU88lwXkdw-2FHTWVA-2Fj3rcnVouJ_iXqIkgBxBxb26PG-2Fm1NQLP1zi48-2FfNafwEuvhX2aMn7t6JWWMuykQ64hjZFJWCSBmtcyhxic0j0KnZpAGElnQw3bRVO8EULLUbAa2r9Gd7QHl58f23gVAPd02e3BiPSji7lzviT7xX-2Bk7ooEkQINf0SjGsqTF9px7ar3WIVsogiExXJeIP9yPdM1098MbdySgeWLnhSiCOQh23vlps1l1w-3D-3D I have done no testing yet, so this is merely passing on the announcement. I apologize for the unsanitized URL. Lazy on my part. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
[PLUG] Ubuntu 24.04 LTS released
https://u35970666.ct.sendgrid.net/ls/click?upn=u001.6Dgli3a5-2FDN4jL9NBXBO-2FeY63o04ugA-2BNPqlSv8Hnmly5wtPRp6gbCKMVLtoTl5wiRZpEOB55PtCXnlk8YiaDJGIlNU9ZLL9llPzW7EA-2Bms-3DL5QU_iXqIkgBxBxb26PG-2Fm1NQLP1zi48-2FfNafwEuvhX2aMn7Qvk5-2Bp4zRRGLJHCuDpBVULvhK-2B51GzXofYdnzIGVYCXDV6-2FEtrpNcrR08CP50hIfvZ19ifAtckuND8F2YQcn2EiBS7zICvW5kaBIA9or5HoDlmj6CdS4g0v1nkt4C-2Bs4Tmc2gOFkxqW6hlHCE9V6UnX-2FREeY0Ot5Ja3nudjkdnQ-3D-3D I have done no testing yet, so this is merely passing on the announcement. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Radio silence since Apr 16
On Tue, 23 Apr 2024, Russell Senior wrote: Welfare check, accomplished! :-) -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Radio silence since Apr 16
On Tue, 23 Apr 2024, Dick Steffens wrote: I don't see anything after April 16 either. Maybe it's just been a quiet week in Lake Wobegon? Indeed. All the sysadmins are above average around here. Maybe they're all at the conference where the ushers competed to see who could clear the hall the fastest. Keillor one time told the story of the ushers from Lake Wobegon Lutheran traveling to the national ushering competition; maybe they did so well they hire themselves out for conventions. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Radio silence since Apr 16
On Tue, 23 Apr 2024, Dick Steffens wrote: On 4/23/24 10:02, Paul Heinlein wrote: Is this list dead? Neither my inbox nor the online archives show any traffic since April 16. I don't see anything after April 16 either. Maybe it's just been a quiet week in Lake Wobegon? Indeed. All the sysadmins are above average around here. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
[PLUG] Radio silence since Apr 16
Is this list dead? Neither my inbox nor the online archives show any traffic since April 16. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Comcast to Ziply fiber migration, plus Ooma phone
On Fri, 12 Apr 2024, Keith Lofstrom wrote: Bottom line: after we cancel Comcast, we will pay $60 per month for very fast internet, and $0 per month for a voice phone and a fax phone. Much better than $170 per month for slow and intermittent Comcast. I hope - failure is (sadly) always an option. We don't have Ziply in our neighborhood, but our transition to Quantum Fiber (nee CenturyLink) was similarly smooth and beneficial. During the workday, we consistently see upload and download speeds that hover around 900Mb/s. (I suspect speeds are a bit lower during prime streaming hours in the evening, but I've never tested that theory and our Internet connection does experience any noticable slowness.) We too decided to avoid future questions and opted for the guaranteed $65/month pricing. Even when Quantum raised its base rate for newer subscribers to $75, it honored the existing pricing agreement so we still pay $65. I will note that Comcast was very good for us for a long time, but once we starting noticing problems, the tech folks were either uninterested in troubleshooting or incompetent to do so. Either way, the drop off from "very good" to "maddeningly bad" was steep and quick. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Secure shell from/to laptop [RESOLVED--Partially]
On Wed, 3 Apr 2024, Tomas Kuchta wrote: The best way, IMHO, is to delete/move the configs, including your .ssh directory. Restart ssh and try to login somewhere. Then merge in the config changes you need, and only those you need. ssh -F /dev/null is the quicker way to ignore your configuration files. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Linux man pages and documentation?
On Mon, 25 Mar 2024, MC_Sequoia wrote: "I will leave aside the fact that no one submits an executable file to Linux; each distribution (Red Hat, Debian, etc) picks the executable files to include with the Linux kernel." Ah,so executable files are only developed and maintained by the Linux kernel team? Please re-read the paragraph you quoted. In particular, note the subject of the verb "picks." If I were to write an app, ROFL!, but for the sake of discussion, I'd rely on already established executable files that are hopefully documented enough for me to hook into? And not every executable is worthy of its own manual page? And the Linux kernel team makes the decision on how exes are documented or if documented? -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Linux man pages and documentation?
On Mon, 25 Mar 2024, MC_Sequoia wrote: "I was surprised to find < 15% of the command executables were documented. Naturally I was hoping for something like 50% to 75%." I'm starting a new thread from Randall's thread about man pages, because I'm getting lost and confused with all the scripting and I'm kind of stuck on one very simple common sense idea and that is, how can anyone submit an executable file to Linux without documentation? I will leave aside the fact that no one submits an executable file to Linux; each distribution (Red Hat, Debian, etc) picks the executable files to include with the Linux kernel. Here's one scenario where several executable files have no documentation. The Texinfo suite, usually accessed via /usr/bin/info, includes a program called /usr/sbin/fix-info-dir. It's a shell script that replaces missing menu items in info sections. The script has a --help option, but no man page. It's there mostly for developers who are writing info pages, not for users. Python's pydoc utility sort of falls into this category too. Similarly, the "less" pager distribution often includes a shell script called lesspipe.sh. The latter has no man page, though its use is documented in the main less man page. There are other application suites, like git, that come with several example or template executables; none has a man page and, honestly, who would write a man page for a sample program? Other program suites like sudo include, e.g., /usr/libexec/sudo/sesh, which I can only imagine to be some sort of helper program for the main sudo application, but sesh is otherwise undocumented. The same is true of the grcat and pwcat utilities distributed with gawk. The dovecot imap/pop server goes hog-wild in this manner! -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] something I am considering doing...
On Sun, 24 Mar 2024, American Citizen wrote: Paul: Thanks for your post. Exactly what would you consider a valid statement for locating the executables? Finding executable files is not, to my mind, the same as find executable files for which I'd expect a man page. I'd suppose expect a man page for most occupants of * /bin * /usr/bin * /usr/sbin * /sbin Some denizens of /usr/libexec might warrant man pages too. One problem is that a lot of files in /usr/bin are symlinks or wrapper scripts; I'm not sure there's any "right" way to deal with them. Another problem is utilities that are often superceded by shell builtin commands. Most people don't run /usr/bin/test; they use the shell builtin 'test' or '['. So a man page for /usr/bin/test might be deceptive if its operations are not identical with those of your shell. Yet another problem is with schemes like /etc/alternatives that map a common utility name to a specific release. Different distributions handle alternatives differently; I don't have a suse system, so you'd need to look at your own setup to see what alternatives can be set there. I guess this is my long-winded way of saying that I'm not sure I know how I'd go about identifying "executables I should reasonably expect to have a man page" on my systems. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] something I am considering doing...
On Sat, 23 Mar 2024, American Citizen wrote: Paul: Good question from you. for executables I used $ find . -executable -print This is not a query I would expect to return accurate results because it will include files I would not consider candidates for man pages, including: * basic shared libraries ex: /usr/lib64/libsqlite3.so.0.8.6 * support scripts and libraries for interpreted languages ex: /usr/lib64/python3.11/smtpd.py * modules or subprograms for larger application suites ex: /usr/lib64/ImageMagick-6.9.12/modules-Q16/coders/jpeg.so * example scripts ex: /usr/share/git-core/templates/hooks/pre-push.sample * files given +x bits probably by mistake ex (CentOS 8): /usr/share/licenses/gd/COPYING Even the most conscientious developer wouldn't write man pages for files in those categories. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] something I am considering doing...
On Fri, 22 Mar 2024, American Citizen wrote: A few years ago, I took my Linux OS which is openSuse Leap v15.3 or so and ran a check on the documentation such as the man1 through man9 pages (run the %man man command to pull all this up) versus the actual executables on the system. I was surprised to find < 15% of the command executables were documented. Naturally I was hoping for something like 50% to 75%. If I am going to talk to an AI program, such as ChatBot or one of the newer popular AI program and ask it to generate the documentation for the complete OS, what AI chatbot would you choose? My idea is to clue the AI program into the actual OS, then ask it to finish documenting 100% of all the executables, or report to me all executables which have no available documentation at all, period. I'd be interested to know your definition of "command executables." Is it everything in /bin, /usr/bin, /sbin, and /usr/sbin, with perhaps /usr/libexec thrown in for good measure? If not, can you provide your criteria for inclusion? Presumably, you ruled out all hard and symbolic links, and you accounted for documentation in Texinfo format, not just man pages. I have no hands-on AI experience, but I do offer couple alternative strategies that might assist: First, try invoking each executable with common help options: -h, --help, -?, or even 'help' itself. If there's good output, I suspect you could pipe it into txt2man or a similar utility to generate a basic man page. Second, on rpm-based systems, the package might catalog other documentation (likely, but not necessarily, in /usr/share/doc). The shell-ish logic to unwrap this might be something like for PROG in /usr/bin/* /usr/sbin/*; do # rule out symlinks, though this is debatable if test -L $PROG; then continue; fi # see if rpm thinks a package owns $PROG PKG=$(rpm -qf $PROG 2>/dev/null) # if so, do a cursory look for documentation if test -n "$PKG"; then rpm -qd $PKG | grep -i $PROG fi done The "grep" in there might be a bit limiting, but "rpm -qd" can be quite verbose for some packages. Season to taste. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Backup Solutions
On Wed, 21 Feb 2024, Charles Sliger wrote: Looking for recommendations for Linux backups. Anyone use theirs for actual restoring of files or disks? Yes. At work, we use Bacula and an actual in-operation tape library. We've never had trouble with restoring data, but we don't image or restore whole block devices. We maintain a few petabytes of data on tape. We also use a product that I believe now goes by the name MSB Backup. We have a licensed version, but there's a free version for desktop machines. We use that product to back files up to Amazon S3/Glacier; we do test restorations at least once a year, and we've not yet had any problems. But, really, first things first: Are you concerned with hardware failure (e.g., failed disk), human failure (e.g, mistakenly deleted file), or both? Human failure can largely be mitigated with some sort of copy-on-write file snapshotting system, which can be provided by ZFS, LVM, and related technologies. If hardware failure, what is the scope of failure against which you want to protect? Failed hard drive? Stolen computer? Burned-down domicile? Cascadia under water? Your answer will tall you a lot about where to store your files: a second hard drive, a removable hard drive kept in a secure location, a local off-site venue, an out-of-region venue. What is the timeframe of failure you want to guard against? A day? A week? Month? Year? Longer? Do you need your backups stored in multiple locations? -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] SSL/TSL only for web sites?
On Mon, 29 Jan 2024, Rich Shepard wrote: I'm developing a Python script to send email messages. Researching SSL/TLS on the web suggests that these are used with web applications (along with HTTPS). Since I'm sending messages from the command line (or Python script) out through my local Postfix MTA, are these security layers necessary or needed? If you're sending via Postfix, no, you don't need them for SMTP stuff. Postfix itself can be configured to use SSL/TLS, but that's completely separate from what you're trying to accomplish. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] 'Linux devices are under attack by a never-before-seen worm' - ArsTechnica
On Thu, 11 Jan 2024, Russell Senior wrote: TL;DR, this is using password guessing. Solution: use better passwords or turn off passwords altogether and use ssh authorized_keys. Or, if some local operations rely on passwords but you want remote users to use keys instead, then add a Host stanza to sshd_config, e.g., # most of sshd_config here, then at the end, altering the # cidr block as necessary PasswordAuthentication no PermitRootLogin no Match Address 192.168.30.0/24 PasswordAuthentication yes PermitRootLogin yes -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Email services
On Tue, 9 Jan 2024, Rich Shepard wrote: Has anyone here experiences with SendGrid or MailJet? If so, please share them with me, good and bad. I use SendGrid for outbound mail from madboa.com because most large mail services nowadays don't trust one-off cloud VMs to send mail. (Which isn't stupid, per se, but is frustrating since I have gone out of the way to do all the right things regarding DMARC, DKIM, SPF, etc.) Anyway, I use smtp.sendgrid.net as my relay host; it requires a (free, for me, since I don't send much mail) API key to use. It mostly works. There are two irritations for me: First, sendgrid must either sell its mailing list or there is a known way to harvest sendgrid user accounts because I get phishing/spam concerning (not from, just concerning) sendgrid with some frequency. Second, if you send mail to a non-existent account, you don't get a direct SMTP notice. I've had to log into sendgrid's web interface to inspect and/or empty that list. Until you remove the address from that online list, you can't send mail to it again. (This is an issue for me at work, for reasons I don't care to explain here.) -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Run crontab script using sudo
On Tue, 2 Jan 2024, Rich Shepard wrote: On Tue, 2 Jan 2024, Paul Heinlein wrote: The Linux distributions I use all have an /etc/cron.d directory that allows you to run scripts under any UID, no sudo required. Paul, Yes, Slackware has an /etc/cron.d directory. The modified crontab entries for snippets in that directory are documented in the crontab(5) man page, at least on my systems. When I run `man crontab(5)' nothing happens: $ man crontab(5) -bash: syntax error near unexpected token `(' As Galen noted, it's "man 5 crontab." I specified it because many systems have two crontab man pages, one in section 1, the other in section 5. The section 1 page becomes the default. My web searches for cron.d examples found 1 entry specific to debian and ubuntu. This is my update-tlmgr.sh: cd /usr/local/texlive/2023/bin/x86_64-linux/ tlmgr update --self --all fmtutil-sys --sys -all cd Do I put that script in the now empty /etc/cron.d/? No. Keep your update-tlmgr.sh script where it is. Your /etc/cron.d fragment might be something like this # /etc/cron.d/update-tlmgr.cron 27 05 * * * tlmgruser /path/to/update-tlmgr.sh Please note that "tlmgruser" is just a placeholder for the sake of discussion. I don't know what user you want to run that script. It might be root, or it might be a Slackware-specific users. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Run crontab script using sudo
On Tue, 2 Jan 2024, Rich Shepard wrote: I've added my username to /etc/sudoers. I have a script that needs to run using sudo with a user rather than by root. When I run the script's commands in a console I enter my password when requested by sudo. How can I have the script provide the password? Or, do I modify /etc/sudoers to allow me to run these commands without a password? The Linux distributions I use all have an /etc/cron.d directory that allows you to run scripts under any UID, no sudo required. The modified crontab entries for snippets in that directory are documented in the crontab(5) man page, at least on my systems. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] email issues
On Mon, 1 Jan 2024, markcasi...@comcast.net wrote: Here is my issue. I have put in a lot of time trying to solve this, but have made zip progress. I even posted on the Xfinity forum but have received no replies (lots of views though) My Comcast/Charter email is unreliable [... lots of good testing material snipped ...] Mail from charter to comcast does not arrive at comcast Mail from comcast to charter does arrive at charter Mail from charter to Gmail does arrive at Gmail Mail from Gmail to charter does arrive at charter My initial assessment is that it's Comcast's problem. Without any further information, I'd say that Comcast is silently deleting or withholding the messages from Charter. I've never used Comcast e-mail, and I don't know what filtering techniques its system employes, so here are two WAGs: Have you checked your Comcast spam folder for your Charter messages? Does Comcast have a way to check (and hopefully whitelist) messages it thinks might be spam? Since you never received a "message not delivered" error regarding your Charter-to-Comcast messages, my thinking is that they were delivered but were somehow blacklisted or marked as spam. But that's all I've got. Your testing is otherwise very thorough and exactly what I would have done. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Restoring MS Backup QIC and BKF files via Samba?
On Wed, 8 Nov 2023, Ben Koenig wrote: What you may want to try is setting up your old windows OS with multiple virtual disks. C:\ for the os, then a D:\ that can hold the backup files. Some of the virtual disk formats used by qemu can be mounted directly. So you copy the data over via the host, boot the VM, and all necessary files are accessible in your virtual D:\. Unburdened by any recent experience with these ancient Windows releases, I'd suggest the same thing. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Simultaneously horrifying and amazing!
On Fri, 27 Oct 2023, Russell Senior wrote: It wasn't the RS-232 that surprised me, it was the combination of RS-232 and PCI-E, when I expected that modern RS-232 interfaces to just use a USB converter. It is kind of like finding someone putting a Pratt and Whitney turbo fan on a Sopwith Camel. I'd say it's the opposite, more like putting Model T engine in a Formula One chassis. :-) Of course, most IPMI controllers emulate serial communications over ethernet (serial-over-LAN), because out-of-band serial connections are ever-so helpful, even (especially?) today. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks MediaWiki - why?)
On Sun, 30 Jul 2023, Russell Senior wrote: A slightly related story: Debian's wiki is moinmoin. Moinmoin v1.x is based on python 2. Python2 is (of course) deprecated and pretty much abandoned as of Debian Bullseye. It seems somewhat ironic that the wiki that proudly announces Debian 12 (bookworm) as of July 22, has to run Debian 10 (buster, i.e. oldoldstable) because that's the last version that supports python2 enough to run the wiki. https://u35970666.ct.sendgrid.net/ls/click?upn=TqJK0v-2BTL1dmkjS-2FZRBwGRDG4t3PuCk88LFqqcTvyYGDJGeFNIjwU8pGkcA3tIrkXxPogHNGRue04tX0s41yELyVT2kQTzNKeJ1a3JRIU5c-3DkyL0_VIYZ4N8dmyIPGy7Y8nsPO1q5dom4O0HMDO1WKXG4iy6cRPYqUFHozao-2Fpbo-2BoZqOchXuKORABSzW180gWYBHeRPNrdK7edxBEXDVaeFmkWm4xnUhizY9EOtln7Mj8LEiArb78-2BbHAD0AsaSTK9AWj1JB0cOk7hkn-2BvgslB0tXdYqMV8BZkiZeBlgfBwozTDycTSoXvNA4kNrtVykLP6PwQ-3D-3D I have a particularly acute awareness of this because Personal Telco's wiki also uses moinmoin, and it stopped working when I tried to update to Debian 11 (bullseye) about a year ago. We had a brief outage while I figured out what had gone wrong. This is a sadly familiar story. A high-level software package depends on dozens, perhaps hundreds, of lower-level language runtimes, libraries, and even utilities. One or more of those lower-level packages gets deprecated, drops features, becomes orphaned, or simply doesn't keep up with the rest of the dependency ecosystem. Voila -- a dead-end solution with a future of pain, fragility, and (probably) unpatched security vulnerabilities while people scramble to find and implement a solution (that may no longer exist within even a reasonable set of parameters). I feel vaguely guilty every time I say it, but if computers were easy I wouldn't have a job. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] A hardware issue [UPDATE]
On Thu, 15 Jun 2023, Rich Shepard wrote: On Thu, 15 Jun 2023, Paul Heinlein wrote: I usually rely on a live CD (or a modern equivalent on a USB stick) to fsck the /boot partition. Paul, I have a Slackware64-15.0 installation on a USB drive. But the desktop's running -14.2. For a vfat filesystem, I cannot imagine that the version difference will have any adverse impact. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] A hardware issue [UPDATE]
On Thu, 15 Jun 2023, Rich Shepard wrote: /var/log/syslog tells me: Jun 15 05:35:10 salmo kernel: [ 36.853148] FAT-fs (sda1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. /dev/sda1 is /boot/efi type vfat (rw) How do I fsck the /boot partition? I doubt this is the underlying problem, and may be a symptom of the deeper issue, but in general ... I usually rely on a live CD (or a modern equivalent on a USB stick) to fsck the /boot partition. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Is this something to worry about?
On Sun, 23 Apr 2023, American Citizen wrote: Hello: A friend bought me a new Kuesuny KSPro100 USB stick, size 512Gb which claims to have very fast read/write transfer rates. I ran f3write and f3read and found 156 MiB/sec write and 310MiB/sec read which definitely is faster than any other USB stick I have (I have some SanDisk flash drives) Question, when I went to check this USB for the format, it came up as exfat, which is fine, but then the gparted program posted and said that it could NOT read all the filesystem (this even after I reformatted the USB back to exfat again, after removing the partition) I do have the exfatprogs module installed on my openSuse Leap 15.4 system, so I am puzzled by the gparted message [see attached] Should I worry about this? It sounds like the drive was formatted without being partitioned. If that's the case, there's no cause to worry. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Transferring public key shows error
On Wed, 19 Apr 2023, Rich Shepard wrote: Generated a key pair and, following the Slackware OpenSSH instructions tried to use scp to put the laptop's public key on the desktop: $ scp id_ed25519.pub rshep...@salmo.appl-ecosys.com:/home/rshepard/.ssh/authorized_keys The authenticity of host '[salmo.appl-ecosys.com]: ([192.168.55.1]:ED25519 key fingerprint is SHA256:/RInRdtcIMbpPu3LZmpg5wfAWi9ozQwgKLPnTQEDcxg. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[salmo.appl-ecosys.com]:14982' (ED25519) to the list of known hosts. rshep...@salmo.appl-ecosys.com: Permission denied (publickey). lost connection What have I done incorrectly here? It looks to me like sshd on salmo is configured to accept only public key authentication. It won't take your password. If you don't have local access to an SSH key already in your .ssh/authorized_keys file on salmo, well, you've locked yourself out. If you do have access to an SSH recognized by salmo, you'll need to load it locally before attempted the scp operation. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] a question for Google Bard
On Thu, 30 Mar 2023, American Citizen wrote: I would love to see Google Bard's answer on how to redo the openSuse Network Manager openvpn software in such a way as to permit easy debugging, so that the hidden vpn established by the NM can be uncovered and understood. Randall, You typically ask questions only after doing your own research, so it's with some fear of suggesting what you've already done to point to nmcli as a way to get to stuff: # list NetworkManager connections nmcli co # note the NAME of the vpn connection, then export # its configuration nmcli co export $vpnName /path/to/vpn.conf -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Migrating content - MediaWiki or WordPress?
On Tue, 7 Mar 2023, Keith Lofstrom wrote: So - which format may be less prone to long term bit-rot and security fails, MediaWiki or WordPress? What will be easier for a future disciple (if any) to host and expand on their own website? This seems like asking which 1980 BBS system or Usenet UUCP mailing list is easiest to migrate to Twitter. It is difficult to make predictions, especially about the future. You're asking which publication software will last, which seems an odd question because yo want to know about keeping your content alive, not about keeping its current html presentation. If I were asking, my question would concern which markup language will be most resistant to deprecation over the next several years. Were I betting, I'd say markdown currently has the inside track for longevity since it's github's current markup of choice -- and several other content generators can use it as well. This assumes that you don't have dynamic content of a sort that requires an database that can be queried. If that's the case, I have no answer for you. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Remote work on downed server ( Re: ANNOUNCEMENT: March PLUG Meeting: Anatomy of a Mailing List Meltdown )
On Mon, 27 Feb 2023, Ted Mittelstaedt wrote: The problem with that is that the assessment itself is biased. If a business owner is doing the assessment they tend to bias against cost. But, what happens if a customer calls at the very moment your receptionist's PC is crashed, and she says "sorry I can't help my computer is down" And that customer says "no problem" hangs up, calls someone else, then over the next decade develops $200k of business with that vendor? In this hypothetical exchange, a business owner who didn't realize that a single PC would make or break a significant customer relationship would in all likelihood not be in business for very long. If your core competencies depend on 100% uptime during business hours of all your computing systems, you're in a business that will sooner or later demand commensurate IT spending. Lost opportunity cost. It's not easy to quantify so the business owners doing the assessment on new gear tend to discount $downtimeRisk. Which is why So many small businesses remain small, to be perfectly frank. Personally as a 1 man shop I'm OK with remaining small. But if you are a small business owner who employs others, you have a responsibility to provide continued employment for them, and that means prioritizing $downtimeRisk. At least, that's my take on it. It's not that I disagree with your assessment, but I don't back off my initial opinion that most IT decisions are based on risk assessment, not technology assessement. The latter can inform but will rarely trump the former. To pursue the "I get to choose the hypothetical the proves my case" tack you took, consider the business owner who is cash poor but relatively time rich. Keeping cash on hand can justify the owner's need to spend extra time keeping a fragile set of systems working. I say "can," not "will" or "must," but I think the point is reasonable. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Remote work on downed server ( Re: ANNOUNCEMENT: March PLUG Meeting: Anatomy of a Mailing List Meltdown )
On Mon, 27 Feb 2023, Ted Mittelstaedt wrote: The Dell and HP systems require an extra license fee be paid to enable the remote tools and most of my customers are smaller. Their tendency is to try to press workstations into use as servers, it's a big stretch to get them to actually buy a real server like a Proliant, [...] Once I get them setup with real server hardware and they notice wow - the server isn't going down every week - then they start to become believers. [...] Caveat lector: I was Ted's editor long ago at the long-defunct Computer Bits magazine, and his articles became a key foundation for my jump from Windows to *nix systems. IT systems, like every other business asset, are assessed primarily from a risk-management POV, not a technological one. And, frankly, this is appropriate. Business owners need justifications for expenses. If spending ($cheapGear + ($serviceCall * 3) + $downtimeRisk) is lower than ($bestGear), then the argument for the best gear is dicey. That's not to say that the business owner's risk assessments may not change or even mature over time, but I've given up pretending I always understand a customer's overall risk profile. So Ted is perfectly right: the best gear fits a certain risk assessment. Perhaps an experienced consultant understands what the owner will only see at a later date. Perhaps. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Testing the new OSUOSL hosted mailman set up
On Tue, 21 Feb 2023, Russell Senior wrote: A BIG THANK YOU to OSUOSL and Lance Albertson for his work in helping get this set up. And to you all on the PLUG side of things. Mailman migrations are not for the faint of heart! _ __ / | | | | | || |__ ___ ___ _ __ ___| | | || '_ \ / _ \/ _ \ '__/ __| | | || | | | __/ __/ | \__ \_| \_|_| |_|\___|\___|_| |___(_) -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: LO Writer not converting M$ Outlook .msg file
On Sat, 11 Feb 2023, Rich Shepard wrote: > A web search found a page telling me that LO's Writer could import > an Outlook .msg file and make it readable. I tried on one and after > a while had to kill the LO process because all that was displayed > was a bunch of junk characters. In the past, Outlook e-mail files could be extracted using a command-line utility called tnef. A quick Internet search suggests that Slackware has a package for it. Caveat: in my experience, Outlook files end with .dat, not .msg, so my recommendation may be way off base. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Is it dead, Jim?
On Thu, 9 Feb 2023, Paul Heinlein wrote: > On Thu, 9 Feb 2023, Paul Heinlein wrote: > >> Has the PLUG mailing list died? > > Evidently not! Huzzah. The SMTP path of this message is interesting. I'm using the timestamps provided by each server, so you'll need to take timezones into account when calculating elapsed times. All transactions were on Feb 9 (today), so I'm omitting the date and year sections from timestamps. * Sent from my workstation to my SMTP server at 15:18:42 GMT * My SMTP server tried sending it to mx2.tidalhosting.net at 15:18:48 GMT but the message was greylisted (which is perfectly legitimate). * Finally sent from my SMTP server to mx2.tidalhosting.net at 10:39:02 -0500. * Sent from mx2.tidalhosting.net to mx1.tidalhosting.net at 10:39:20 -0500. * Sent from mx1.tidalhosting.net to mrtr.tidalhosting.net at 12:50:03 -0500. * Sent from mrtr.tidalhosting.net to gw2.tidalhosting.net at 12:50:30 -0500. * Sent from gw2.tidalhosting.net back to my SMTP server at 17:50:43 GMT. The greylisting delay I understand, but the two-hour delay between mx1.tidalhosting.net and mrtr.tidalhosting.net confuses me. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Is it dead, Jim?
On Thu, 9 Feb 2023, Paul Heinlein wrote: > Has the PLUG mailing list died? Evidently not! Huzzah. -- Paul Heinlein heinl...@madboa.com 45?22'48" N, 122?35'36" W
Re: [PLUG] Bacula in Ubuntu
On Thu, 19 Jan 2023, Paul Heinlein wrote: On Thu, 19 Jan 2023, Paul Goins wrote: Seems like this was intentional due to a Debian bug at the time. Note this from https://launchpad.net/ubuntu/jammy/amd64/bacula: Removed from disk on 2022-07-23. Removal requested on 2021-12-08. Deleted on 2021-12-08 by Steve Langasek FTBFS, removed from Debian testing, blocks libssl transition; Debian bug #997139 Thank you for the lead on that. I will wander down the path when my schedule allows. I finally found a working bug report on the issue: * https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/1973322 A thread message by Alex Murray dated yesterday (2023-01-19) says, FYI I have prepared a backport from the current version in kinetic to jammy - this is now sitting in the New queue - https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text=bacula - and needs assistance from the SRU team (or perhaps an AA?) to get it into jammy-proposed. So ... progress! -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Bacula in Ubuntu
On Thu, 19 Jan 2023, Galen Seitz wrote: Purely out of curiosity, what kind of tapes drives are you using, and what type of interface is used to connect them? We're using a mix of LTO-6 and LTO-7 tapes in a Quantum library with four IBM Ultrium-TD7 drives. The drives are connected to the backup server via an Emulex fibre channel HBA. Does that answer your question? Yes, thanks. I have old DLT IV drives here, and it was tricky to keep them streaming. Getting an LTO-7 (300 MB/s raw, up to 750 MB/s compressed) seems like quite the feat. Stage it all to an SSD? We do spool to disk prior to writing to tape, but we use a ZFS-managed array of spinning platters rather than SSDs. Backup work typically involves a lot of sequential reading and writing, and traditional hard drives handle that work load just fine for our purposes. We do use SSDs to host the postgresql database Bacula uses to manage its metadata. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Bacula in Ubuntu
On Thu, 19 Jan 2023, Galen Seitz wrote: On 1/19/23 14:47, Paul Heinlein wrote: On Thu, 19 Jan 2023, Jason Barnett wrote: Page 3 of their setup guide documents how to install it. A quick perusal suggests that you need a licence key to use even the community version. I could be wrong as I do not use it and only spent about 30 seconds in researching it. https://bacula.org/whitepapers/CommunityInstallationGuide.pdf https://www.bacula.org/bacula-binary-package-download/ I've been using Bacula since 2007 or so and have never been asked for nor needed a license key. We currently back up several hundred terabytes to tape every month (which I think qualifies as "real use"), plus a bunch more to disk, all without a licence. Purely out of curiosity, what kind of tapes drives are you using, and what type of interface is used to connect them? We're using a mix of LTO-6 and LTO-7 tapes in a Quantum library with four IBM Ultrium-TD7 drives. The drives are connected to the backup server via an Emulex fibre channel HBA. Does that answer your question? -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Bacula in Ubuntu
On Thu, 19 Jan 2023, Paul Goins wrote: Seems like this was intentional due to a Debian bug at the time. Note this from https://launchpad.net/ubuntu/jammy/amd64/bacula: Removed from disk on 2022-07-23. Removal requested on 2021-12-08. Deleted on 2021-12-08 by Steve Langasek FTBFS, removed from Debian testing, blocks libssl transition; Debian bug #997139 Thank you for the lead on that. I will wander down the path when my schedule allows. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Bacula in Ubuntu
On Thu, 19 Jan 2023, Jason Barnett wrote: Page 3 of their setup guide documents how to install it. A quick perusal suggests that you need a licence key to use even the community version. I could be wrong as I do not use it and only spent about 30 seconds in researching it. https://bacula.org/whitepapers/CommunityInstallationGuide.pdf https://www.bacula.org/bacula-binary-package-download/ I've been using Bacula since 2007 or so and have never been asked for nor needed a license key. We currently back up several hundred terabytes to tape every month (which I think qualifies as "real use"), plus a bunch more to disk, all without a licence. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
[PLUG] Bacula in Ubuntu
I am stumped at Ubuntu's package offerings for Bacula, a widely used backup utility. Ubuntu 18.04 LTS had version 9.0.6. 20.04 LTS has 9.4.4. 22.04 LTS has absolutely no Bacula packages other than (of all things) bacula-doc. And 22.10 (not LTS) has version 9.6.7. The LTS distros are more likely to be used by enterprises and are more likely to run backups, but bacula is a no-show in 22.04 LTS. So if you want to run Bacula on Jammy, you need grab 9.4 from Focal or 9.6 from Kinetic and hope one runs. Otherwise, no current LTS for you! -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Seeking web developer who knows the Hugo framework
On Fri, 28 Oct 2022, Russell Senior wrote: I can honestly say that I have never heard of the Hugo framework. My general advice would be to stick with something widely adopted and understood. But I don't have any particular expertise in web dev. I use Hugo for madboa.com. It's reasonably good at what it does, but the Go templating language is ... quirky. I like it because it allows me to manage a fully templated site but using all static content and not a live system like PHP. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Off topic but not sure who to ask
On Thu, 22 Sep 2022, Michael Ewan wrote: I had to call Comcast once about a connection problem. They started with the script, I interrupted and said I was a Senior Systems Programmer at Intel Corporation, please just tell me what you want me to test and I will do that. The response was great, "thank goodness, someone intelligent, lets start with a trace route." I've sometimes had similar, human-scale responses when I let the support tech know my experience level. On those occasions when that's not the case, I usually say -- for the benefit of anyone listening to a recorded version of the call -- something like, "It's clear to me that you are not able to solve my problem. Please escalate my call to someone who can." The tech (in sane firms) will get a pass because the escalation occurs specifically at the customer's request. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Whitespace in Ubuntu 22.04 rsyslog.conf
On Tue, 13 Sep 2022, Tomas Kuchta wrote: On Tue, Sep 13, 2022, 13:34 Paul Heinlein wrote: Just an FYI: At work, we use a puppet template to generate /etc/rsyslog.conf on all our *nix machines. That template was failing on the first Ubuntu 22.04 host we tried to integrate with our puppet configs. In short, certain directives that encountered two spaces between directive and setting would fail, e.g., $FileOwner syslog $FileGroup adm Replacing the two spaces with a single space fixed the problem. I scoured the changelogs but couldn't find evidence that this is an intentional change. . Could this be UTF issue in rsyslog config parser/regexp? I have been encountering strange invisible simple parsing issues recently. If this is related, I usually resolve them by replacing [ \t] or \s or \S with [[:space:]] patterns and it often helps. I piped the offending lines through "od -a" and they were reported as standard "sp" spaces. If it's a UTF-8 issue, I can't see how I fixed it. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
[PLUG] Whitespace in Ubuntu 22.04 rsyslog.conf
Just an FYI: At work, we use a puppet template to generate /etc/rsyslog.conf on all our *nix machines. That template was failing on the first Ubuntu 22.04 host we tried to integrate with our puppet configs. In short, certain directives that encountered two spaces between directive and setting would fail, e.g., $FileOwner syslog $FileGroup adm Replacing the two spaces with a single space fixed the problem. I scoured the changelogs but couldn't find evidence that this is an intentional change. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] IPv6 TCP connect timeout puzzler
On Fri, 9 Sep 2022, Russell Senior wrote: I'm seeing bizarre behavior: host A initiates an ssh -6 to host B; host B is a qemu-kvm guest of a kvm host, C. Tcpdump (on the initiating host A shows A -> B TCP SYN packet, and a B -> A TCP SYN-ACK reply, but host A apparently doesn't recognize it as valid (although, in wireshark they look reasonable to an eyeball), because the connect syscall never returns (until it times out), and the A -> B ACK handshake is never sent. Works fine for ssh -4. If A and C are the same host, I see the same behavior. Another wrinkle: if A is also a kvm guest of C, I don't see the SYN-ACK, just the SYN. The kvm clients are connected via a network bridge on C, e.g. "brctl show" sees N+1 real ethernet interfaces eth0, ... ethN, and the M+1 virtual interfaces associated with the kvm guests: vnet0 ... vnetM. There are no netfilter rules to be seen on any of the hosts involved. Oh, and A can ping6 B, and vice versa, just fine. I'm only seeing this weirdness with TCP. Anybody have any thoughts? This is violating my expectations. That is weird. Weirder still is the fact that I can duplicate those symptoms on my Mac that's hosting a Linux VM using the UTM hypervisor. ssh -6 fails but ping6 succeeds. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Ubuntu 22.04.1, firefox snap, alternatives?
On Tue, 23 Aug 2022, Ben Koenig wrote: And if I'm going to be brutally honest with you, just use Rocky Linux. All this effort to switch to deb distros seems pointless given why you started in the first place. Word on the street is that Rocky 9.0 is set to go EOL in 2032 ... I know that Keith asked specifically for distributions with deb-based packages, so this reply isn't for him per se but anyone interested in Ben's recommendation for Rocky 9.0 (Linux, not a movie). Here are the versions it offers of some packages that might be of general interest: kernel: 4.18 glibc: 2.28 gcc: 8.5.0 Apache: 2.4.37 nginx: 1.14.1 (1.16, 1.18, and 1.20 available) php: 7.2 (7.3, 7.4, and 8.0 available) python: 3.6.8 (3.8 and 3.9 available) perl: 5.26 (5.30 and 5.32 available) mariadb: 10.3 (10.5 available) postgresql: 10 (9.6, 12, and 13 available) The packages with alternate versions available are visible via the "dnf module" family of commands, e.g., dnf module list php dnf module info php -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Temperature recorder
On Fri, 12 Aug 2022, Rich Shepard wrote: On Thu, 11 Aug 2022, Keith Lofstrom wrote: Maybe not; I presume roasting coffee beans emit a lot of steam, with a crazy-varying specific heat compared to room air. Keith, It's not steam, but smoke. Heavy smoke. Now I use a 3" corrugated hose (the type used for clothes dryer exhaust) through a hole in a wood panel set in the kitchen window. The smoke has attracted neighbors who come over to check out what I'm doing. :-) I can attest to the volume of smoke produced during the roasting of coffee beans. I roasted beans in very small quantities, and I still had to keep the garage door open for anything more than a single batch -- even during the Colorado winters. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Direct access to web page from alpine message
On Tue, 26 Jul 2022, Rich Shepard wrote: On Tue, 26 Jul 2022, Bill Barry wrote: This is not set in the browser, it is an OS setting. In XFCE there is a GUI called Default Applications where you can set those types of things. Bill, I assumed the setting was somewhere in alpine. In xfce4's settings -> preferred appications the browser is set to Brave and the email clent is set to alpine. The "url-viewers" setting in .pinerc is what you want, probably something like url-viewers="/usr/bin/brave _URL_" -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Did PLUG Mailman change?
On Fri, 22 Jul 2022, wes wrote: it's complicated, but the short version is that I would call it intentional, yes. Thank you for the confirmation! - Paul -wes On Fri, Jul 22, 2022 at 3:09 PM Paul Heinlein wrote: I'm seeing new List-Id headers in the PLUG-TALK traffic. They were and have become . Was that change planned? I only ask because I key on those headers for shuffling PLUG messages to a certain inbox. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Did PLUG Mailman change?
On Fri, 22 Jul 2022, Rich Shepard wrote: On Fri, 22 Jul 2022, Paul Heinlein wrote: I'm seeing new List-Id headers in the PLUG-TALK traffic. They were and have become . Was that change planned? I only ask because I key on those headers for shuffling PLUG messages to a certain inbox. Paul, I've seen multiple List-Id headers on several mail lists. My solution is to add a new recipe to .procmailrc. I was simply curious if the change was intentional. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
[PLUG] Did PLUG Mailman change?
I'm seeing new List-Id headers in the PLUG-TALK traffic. They were and have become . Was that change planned? I only ask because I key on those headers for shuffling PLUG messages to a certain inbox. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [CentOS] bash script input password automatically.
On Fri, 22 Jul 2022, Kaushal Shriyan wrote: Hi, I have the below commands to generate keystore.pkcs12 and keystore.jks files on CentOS Linux release 7.9.2009 (Core) openssl pkcs12 -export -clcerts -in fullchain1.pem -inkey privkey1.pem -out keystore.pkcs12 -name javasso keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype jks -alias javasso I have created a small shell script to generate both keystore.pkcs12 and keystore.jks files. It prompts for a password. Is there a way to key in a password without prompt or non-interactive way? For example password is stored in a file and the bash script will source it instead of manually typing the password. Please suggest. Thanks in advance. See the "PASS PHRASE ARGUMENTS" section of the openssl(1) man page for the various ways openssl can get a password. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] Does an Open Source Thermostat exist?
On Thu, 14 Jul 2022, Frank Filz wrote: Program a single preferred temperature (the thermostat won't let us set heat to and cool to temperatures closer than 3 degrees - I understand that is necessary to keep the system from over heating so it has to turn on air conditioning only to over cool, and turn heat back on.). With programing I could have it not turn on cooling if the temperature is slightly high IF the system had just been heating and visa versa. In the grand PLUG tradition of not really answering your question, I'll note that my Nest thermostat has "heat only" and "cool only" modes in addition to "heat/cool". In "heat only" mode, the AC never kicks in regardless of how hot it is in the house -- and vice-versa for "cool only" mode. I find those modes much more predictable and energy-efficient than the combined "heat/cool" mode. I know Nest is a commerical product and that there are privacy concerns. I'm just reporting my experience. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] Ubuntu LTS upgrade timing
On Wed, 13 Apr 2022, Keith Lofstrom wrote: After decades of Redhat/CentOS (and recent unwelcome IBM "stream" ephemeralizations, opposite of LTS) I am transitioning my systems to Mate-Ubuntu LTS. Questions for you folks with years of Ubuntu experience: 1) How easy/fraught is a dist-upgrade, say 16.04 to 20.04? It's pretty easy, and I've never had a machine fail from a dist upgrade. That said, once you've gone from 16.04 to 20.04 you will find yourself dealing with unexpected problems and dead-ends. I usually allow myself one major upgrade before a full reinstallation. 2) Should I wait for 22.04.1 (estimated 3+ months from now) before playing with 22.04 Jammy? I've got a jammy VM running and it's in pretty good shape. I've noticed at least one package on which I rely, bacula, hasn't yet made its way to jammy, but I suspect it will before the final release. If I had a system that was currently working, I'd wait until 22.04.0 was released and use it rather than, say, installing 20.04.x and then upgrade. If you've got multiple filesystems (rather than just a big root partition), you might consider using ZFS for them. The Ubuntu ZFS implementation has for me been very stable, and I find it far more useful than LVM + ext/xfs. These days, I use Ubuntu strictly on servers, so my experience of desktop Ubuntu is no longer relevant. But I think I read that jammy will complete the move to Wayland, away from X11. You may need to research how or if that will impact you. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [PLUG] switch with Fast Boot PoE
On Fri, 18 Mar 2022, Galen Seitz wrote: Hi, For a project I'm working on we have a need for a switch with PoE+ that will power the ports quickly, say less than 15 seconds after power up. The switch that is currently specified is a Cisco cbs250-16P-2g. This switch takes at least a minute, if not more, to enable power to the ports. With a bit of searching I discovered that some Cisco switches have a pair of features called Perpetual PoE and Fast Boot PoE. We don't have a need for Perpetual PoE, but Fast Boot PoE seems to fit our needs. Some other vendors have a similar sounding feature. So far I have only seen this offered on higher end switches(Cisco, Juniper, etc.). Does anyone know of any switches that are more in the SOHO class that have this type of feature? I had pretty good luck with Netgear ProSafe PoE; the model I used was GS724TP. It's managed and definitely SOHO. I have no distinct memory of time-to-power, but I don't recall long waits. I cannot find any specs in a quick Google search, but that line might be worth investigating. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W
Re: [CentOS] ceph beginner, how to initialize a new node on a blank system?
On Mon, 21 Feb 2022, Ralf Prengel wrote: Hallo, first steps in the ceph world. My question: Is there a way to initialise an empty system to be fully configured and active in a ceph cluster. My idea: Booting an empty system using an iso and everything is working some minutes later. Unsig for example pxe and kickstart surely works too but my idea is that an new node perfectly fits in every aspect. Do you mean something like ceph-ansible? https://docs.ceph.com/projects/ceph-ansible/en/latest/ -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] Login keyring
On Sun, 13 Feb 2022, Tomas Kuchta wrote: security zealots who implemented authentication for just about anything (filesystem, video, sound, usb, applications, etc.) They may be zealots to you, but to many of us they are Lawyer Avoidance Gurus. The number of people waiting to sue institutions for not implementing every last bit of security theater is large and growing. Obviously, my point of view on the subject is not definitive, and I'm not trying to justify the situation, but the indisputable fact is that there are thousands of IT professionals who -- supporting open source software by filing tickets, submitting patches, and writing documentation -- increasingly answer to their legal departments. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [CentOS] [CentOS Stream 8] Update of IPA server broken - bind-dyndb-ldap needs to be rebuilt?
On Wed, 9 Feb 2022, Johnny Hughes wrote: Caused by a rebase of bind, but the new idm:DL1 module lagged behind a little bit. Was fixed with the push about 9 hours ago. Johnny, I see idm:DL1 (and idm:client) in Stream 9, but not Stream 8. I just refreshed the dnf cache in the latter, so I think I'm fully up to date. Am I missing something? -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] Slackware 15.0 finally happened!
On Fri, 4 Feb 2022, Chuck Hast wrote: My grandmother who ran a plumbing shop until she was 87 and was taken by a heart attack, told me that there are two types of people, those that get old and those that get ripe, she said to get ripe, not old. She was quite a character up to the night she passed on. There's the hardware side of age -- how many trips around the sun have you made? -- and the software side -- do you "act your age"? The two are obviously linked, limitations imposed by the former cannot always be ignored by the latter, and yet there are choices involved along the whole of the aging process that leave much of "acting your age" up to the individual. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] Slackware 15.0 finally happened!
On Thu, 3 Feb 2022, Ben Koenig wrote: It finally happened! Slackware 15.0 has been released! http://www.slackware.com/ The world's oldest active Linux distro lives on! Praise Bob! I remember installing Slackware '95. It was my first experience with Linux and difficult for me to fully understand. But it ran, and I got X11 configured. So chuffed was I! :-) -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] Switch ISP to CenturyLink
On Wed, 29 Dec 2021, a...@clueserver.org wrote: IPv6 is supported. I did a short write-up of getting IPv6 working for me on CenturyLink. The first part of the article is general setup on the company-provided Zyxel C3000 router, while the second part is specific to FreeBSD: https://www.madboa.com/blog/2020/08/29/freebsd-ipv6/ -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] ABC Plus?
On Sun, 12 Dec 2021, Dick Steffens wrote: On 12/12/21 1:55 PM, Robert Citek wrote: Now that’s a name I’ve not heard in a long time, a long time. "My uncle told me he's dead." "Oh, he's not dead, not yet." After ABC 2 comes "ABC: Revenge of the Clef" -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] ABC Plus?
On Sat, 11 Dec 2021, Dick Steffens wrote: Is anybody using ABC Plus to typeset music? http://abcplus.sourceforge.net/ I used ABC a long, long time ago. I'm glad to see it's still being developed. Unfortunately, I have no answer for you... (It's a PLUG tradition to not really answer the question, isn't it?) -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] Why does my computer seem to be running slow?
On Mon, 6 Dec 2021, Dick Steffens wrote: For some weeks I've been experiencing "slowness" with my Xubuntu box and with my Linux Mint box. I know I can run top to see what programs are using resources, but I don't really understand how to make use of that, since there are programs I don't recognize. [... snip ...] top - 08:43:46 up 3 days, 22:55, 1 user, load average: 0.47, 0.73, 1.38 Tasks: 219 total, 2 running, 216 sleeping, 0 stopped, 1 zombie %Cpu(s): 4.4 us, 10.5 sy, 1.6 ni, 83.3 id, 0.0 wa, 0.0 hi, 0.2 si, 0.0 st MiB Mem : 7865.4 total, 1060.9 free, 3791.2 used, 3013.3 buff/cache MiB Swap: 2048.0 total, 1408.5 free, 639.5 used. 3359.7 avail Mem Sigh. Monday morning rant. Among the issues I would check: * Are any of your hard drives approaching full? * Do logs or utilities like smartctl show any disk errors? * Have you recently upgraded any major packages? * Is your machine running hot? I'm vaguely concerned about the 639MB of swapped used. That number sits for me somewhere between comfortable and uncomfortable. If you reboot your machine, I'd suggest keeping an eye on your swap-used number. Perhaps it's fine, but it's just high enough to warrant a notice. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [CentOS] Introducing CentOS Stream 9
On Fri, 3 Dec 2021, Josh Boyer wrote: Josh, Thank you for the reply! I'm still poking around Stream 9, trying to devise some site-specific configuration-management rules, so I appreciate all the information I can get. Of note: java, perl and ruby are entirely streams now, while python remains tied to the base OS. All RDBMS releases are streams. There is no Tomcat! libgcc is part of the base OS but is also a stream. I'm not sure how that will work. I can clarify that a bit. We have Application Streams and separately the AppStream repo. The AppStream repo contains the Application Streams, but it also contains things that are still part of the standard OS that aren't what we'd consider "Base" or "core". Ah! I hadn't understood that distinction. Thanks for the clarification. We'll have a similar page for RHEL 9 when that is released, but your list of languages and RDBMS in CentOS Stream 9 is a good start. Also, the python language stack will be slightly different in 9. We still have a system python (platform-python in RHEL8/CentOS Stream 8), which is python 3.9 but the packaging format is a more traditional RPM packaging. The same concept applies to the system level gcc, and therefore libgcc. Does that mean there might be, say, a python310 or gcc12 stream? RHEL 8 does not include Tomcat either, so that is not new. Heh. I guess I should have looked at that. None of our internal Tomcat users have yet moved to EL8. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Introducing CentOS Stream 9
On Fri, 3 Dec 2021, Johnny Hughes wrote: Rich Bowen has posted a blog entry "Introducing CentOS Stream 9" https://blog.centos.org/2021/12/introducing-centos-stream-9/ More details here: https://centos.org/stream9/ I installed CentOS 9 Stream on Nov 17 as a VM. (VMware note: to install from the DVD ISO, you must use UEFI boot and the "Secure" option must be deselected.) I did a quick summary of some of the packages that are important to us at work; obviously, our work priorities may not align with your needs, but you might find the list useful in case you're interested in CentOS itself or in what RHEL 9 or its clones (Oracle, Rocky, etc) is likely to resemble: Base OS: * glibc 2.34 * kernel 5.14.0 * openssh 8.7p1 * openssl 3.0.3 * python3 3.9.8 * samba 4.14.5 AppStream: * Bacula 11.0.1 * gcc 11.2.1 * httpd 2.4.48 * java 8, java 11, java 17 * mariadb 10.5.12 * mysql 8.0.22 * nginx 1.20.1 * openmpi 4.1.1 * perl 5.32.1 + all modules * php 8.0.6 * postgresql 13.3 * python3 modules Of note: java, perl and ruby are entirely streams now, while python remains tied to the base OS. All RDBMS releases are streams. There is no Tomcat! libgcc is part of the base OS but is also a stream. I'm not sure how that will work. As of yesterday, "dnf module list" is pretty sparse. I assume that will change over time. So far, my overall impression is that it behaves not too differently from EL8/CentOS 8. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running Centos 8 Stream: Do I need to remove any of the repos?
On Mon, 29 Nov 2021, Jay Hart wrote: Using the same command shows: # dnf repolist repo id repo name appstream CentOS Stream 8 - AppStream baseosCentOS Stream 8 - BaseOS epel Extra Packages for Enterprise Linux 8 - x86_64 epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 extrasCentOS Stream 8 - Extras remi-modular Remi's Modular repository for Enterprise Linux 8 - x86_64 remi-safe Safe Remi's RPM repository for Enterprise Linux 8 - x86_64 I'll assume you know what you're doing with the "Remi" repository, since it's an unknown to me. Otherwise, your repository list looks good to me. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running Centos 8 Stream: Do I need to remove any of the repos?
On Sun, 28 Nov 2021, Jay Hart wrote: Here is a list of the repos I have. As I am now running Centos 8 Stream, should I remove any of the repos below to avoid package versioning issues? # ls -al /etc/yum.repos.d/ total 108 drwxr-xr-x. 2 root root 4096 Nov 15 16:18 . drwxr-xr-x. 152 root root 12288 Nov 28 10:17 .. -rw-r--r--. 1 root root 790 Jun 7 2020 CentOS-AppStream.repo.rpmsave -rw-r--r--. 1 root root 771 Jun 7 2020 CentOS-Base.repo.rpmsave -rw-r--r--. 1 root root 792 Jun 7 2020 CentOS-PowerTools.repo.rpmsave -rw-r--r--. 1 root root 713 Sep 14 21:11 CentOS-Stream-AppStream.repo -rw-r--r--. 1 root root 698 Sep 14 21:11 CentOS-Stream-BaseOS.repo -rw-r--r--. 1 root root 316 Sep 14 21:11 CentOS-Stream-Debuginfo.repo -rw-r--r--. 1 root root 698 Sep 14 21:11 CentOS-Stream-Extras.repo -rw-r--r--. 1 root root 734 Sep 14 21:11 CentOS-Stream-HighAvailability.repo -rw-r--r--. 1 root root 696 Sep 14 21:11 CentOS-Stream-Media.repo -rw-r--r--. 1 root root 718 Sep 14 21:11 CentOS-Stream-PowerTools.repo -rw-r--r--. 1 root root 690 Sep 14 21:11 CentOS-Stream-RealTime.repo -rw-r--r--. 1 root root 748 Sep 14 21:11 CentOS-Stream-ResilientStorage.repo -rw-r--r--. 1 root root 1568 Sep 14 21:11 CentOS-Stream-Sources.repo -rw-r--r--. 1 root root 1485 Sep 4 13:28 epel-modular.repo -rw-r--r--. 1 root root 1564 Sep 4 13:28 epel-playground.repo -rw-r--r--. 1 root root 1422 Sep 4 13:28 epel.repo -rw-r--r--. 1 root root 1584 Sep 4 13:28 epel-testing-modular.repo -rw-r--r--. 1 root root 1521 Sep 4 13:28 epel-testing.repo -rw-r--r--. 1 root root 358 Nov 15 16:18 redhat.repo -rw-r--r--. 1 root root 935 Jul 5 10:00 remi-modular.repo -rw-r--r--. 1 root root 1448 Jul 5 10:00 remi.repo -rw-r--r--. 1 root root 810 Jul 5 10:00 remi-safe.repo The file listing doesn't show which repositories are enabled or disabled. On my Stream 8 machine, which does light duty as a mail and web server, dnf reports only six active repos: [root@omega ~]# dnf repolist repo id repo name appstream CentOS Stream 8 - AppStream baseosCentOS Stream 8 - BaseOS epel Extra Packages for Enterprise Linux 8 - x86_64 epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 epel-next Extra Packages for Enterprise Linux 8 - Next - x86_64 extrasCentOS Stream 8 - Extras I don't know anything about the remi* repositories, so I can't speak to them. I suspect the redhat.repo file is nothing but comments, but you'd need to verify its contents. Otherwise, your *.repo list looks pretty functional. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] Early Overview CentOS 9 Stream
On Thu, 18 Nov 2021, Robert Citek wrote: On Thu, Nov 18, 2021 at 8:29 AM Paul Heinlein wrote: I installed CentOS 9 Stream yesterday as a VM. (VMware note: to install from the DVD ISO, you must use UEFI boot and the "Secure" option must be deselected.) Thanks, Paul, for going through these steps and sharing your experiences. Do you have an Infrastructure as Code ( IaC ) file that details your VM installation process, e.g. vagrant, ansible? If so, given that this was a work project, are you allowed to share, e.g. GitHub? Good question! I'm working on some ansible roles, but I doubt I'll be able to share them. If I can abstract some stuff (e.g., disabling the unnecessary dnf subscription manager pluging), I'll see about posting the code somewhere. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] Early Overview CentOS 9 Stream
On Thu, 18 Nov 2021, Ben Koenig wrote: What is an 'AppStream' in this context? Is it an arbitrary label applied to certain packages in the repo? In the past, Red Hat (and CentOS et al) allowed you only one choice of, say, PostgreSQL version. Either you installed that version or you needed to find a different repository or build your own. Starting with Red Hat 8, some applications come as "modules" or "streams," e.g., postgresql. Here's an example from a RHEL 8 machine: [~]# dnf module list postgresql Name StreamProfiles postgresql9.6 client, server [d] postgresql10 [d]client, server [d] postgresql12client, server [d] postgresql13client, server [d] Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled You cannot install more than one stream at a time -- that is, I can't have versions 10 and 13 installed simultaneously -- but admins now have a choice of which _officially supported_ version to install. So far, the module/stream list is empty in CentOS 9. This is a fairly early release, so I'm only mildly surprised by this. As the repository matures, I suspect that will change. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
[PLUG] Early Overview CentOS 9 Stream
I installed CentOS 9 Stream yesterday as a VM. (VMware note: to install from the DVD ISO, you must use UEFI boot and the "Secure" option must be deselected.) I really don't care if you (a) have moved on from CentOS, (b) carry a grudge against Red Hat, or (c) think $OtherDistro is superior. This information is provided just as a matter of interest. I did a quick summary of some of the packages that are important to us at work; obviously, our work priorities may not align with your needs, but you might find the list useful in case you're interested in CentOS itself or in what RHEL 9 or its clones (Oracle, Rocky, etc) is likely to resemble: Base OS: * glibc 2.34 * kernel 5.14.0 * openssh 8.7p1 * openssl 3.0.3 * python3 3.9.8 * samba 4.14.5 AppStream: * Bacula 11.0.1 * gcc 11.2.1 * httpd 2.4.48 * java 8, java 11, java 17 * mariadb 10.5.12 * mysql 8.0.22 * nginx 1.20.1 * openmpi 4.1.1 * perl 5.32.1 + all modules * php 8.0.6 * postgresql 13.3 * python3 modules Of note: java, perl and ruby are entirely streams now, while python remains tied to the base OS. All RDBMS releases are streams. There is no Tomcat! libgcc is part of the base OS but is also a stream. I'm not sure how that will work. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] DNS Provider
On Wed, 3 Nov 2021, Tomas Kuchta wrote: Wes is correct + it makes sense - IP owner is the entity which can create reverse DNS record for the IP. Right. I think DNS has a built-in assumption that domain owners also manage their own IP space, which is mostly untrue for personal domains. If you want to do your own email server, on Linode for example, you will go to your DNS provider and set Linode's DNS server as your domain DNS or just email DNS. Then create your zone + reverse record on Linode's DNS server. I'm willing to pay for an always-on VM, which may be an unnecessary expense for someone else, but Digital Ocean created the reverse pointers for my VM when I spun it up. I didn't need to change my DNS zone provider at all. I've used Zoneedit's free DNS service for years now; it's always been solid for me: https://www.zoneedit.com/free-dns/ -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] Dovecot Problem
On Mon, 1 Nov 2021, Galen Seitz wrote: On 10/31/21 16:04, Randy Bush wrote: Here is the relevant part of the 10-director.conf file (Line 30 is "service director {) # To enable director service, uncomment the modes and assign a port. service director { unix_listener login/director { #mode = 0666 } fifo_listener login/proxy-notify { #mode = 0666 } unix_listener director-userdb { #mode = 0600 } inet_listener { #port = } } likely a missing closing brace in teh stanza *above* the service director Agreed. If you didn't touch the 10-director.conf file (and it looks like you didn't, as what you posted matches mine), then the problem is likely to be in 10-auth.conf or dovecot.conf itself. I think the *.conf files in /etc/dovecot/conf.d are parsed alphabetically. Any *.conf file may include other files (typically, *.ext, but that's a convention not a necessity). So you'll need to parse from dovecot.conf downward through that file progression. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] PLUG Constituent Poll 2021
On Wed, 22 Sep 2021, John Jason Jordan wrote: A virtual clinic is a possible alternative, but I can foresee some difficulties. For example, quite often at the clinics we have someone bring in a computer and want to install Linux on it. Usually the person has already tried and failed. Usually we are successful, but getting the job done often requires sitting in front of the screen. How can we help when the person's computer doesn't have an OS yet? There are lots of other software problems that are hard to troubleshoot without seeing the user's screen. I have used Zoom a few times, but I don't know if there is a way to make my full screen viewable by others, i.e., seeing error messages or terminal windows that are not part of the browser window. I might add that we also frequently have hardware issues that require screwdrivers and other tools to deal with. Does Zoom have a feature where I can stick my hand through the Zoom tab in my browser and have it come out on another user's screen, complete with a screwdriver? The other limitation of Zoom (or Webex or Teams) meetings is that there is only One Conversation. In real life, a group meeting allows side chats or walking away from an uninteresting conversation. Virtual meetings, as far as I know, don't have the technology to support conversations between subsets of the larger group. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] Belated RIP for former PLUGer, Karl Hegbloom
On Sun, 15 Aug 2021, Russell Senior wrote: https://www.wiscombememorial.com/obituaries/Karl-Hegbloom/#!/Obituary I remember Karl as an enthusiastic Debian guy. If there was a problem, Debian was likely to be the answer. As a person on the .deb side of the planet, I couldn't help but find that endearing. I spotted his name on the OpenWrt git log and had a brief email conversation with him in 2013. I think he was living in Salt Lake City by then. I only met Karl once or twice, back in the late 90s. He was the first to show me the Ctrl-R (reverse search) function in bash, which I had never seen before. He was definitely a Debian guy and full-throated advocate of fully free, GPL-licensed software. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [CentOS] Centos versions in the future?
On Thu, 8 Jul 2021, Jonathan Billings wrote: Long uptimes are a thing of the past. Build redundancy into your infrastructure so you can handle reboots. +1 Beyond building redundancy, I'd suggest building the culture that sees regular maintenance windows as a provider of, not a drag on, value. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating
On Mon, 5 Jul 2021, Adrian Jenzer wrote: Hi Paul Thanks, but how do you "skip the crypto-policy for Apache"? It seems like crypto-policies configuration is overwriting my values in httpd-configuration. How I enforce the values in httpd.conf ? I haven't taken the time necessary to figure out where exactly the 'PROFILE=SYSTEM' string gets parsed and replaced, so I can't answer your specific question. In my case, I don't use any Include or IncludeOptional statements in the main httpd.conf; it's all there in one file. Obviously, my solution won't work for everyone. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] Refresh keyboard
On Fri, 2 Jul 2021, John Jason Jordan wrote: On Fri, 2 Jul 2021 21:11:54 -0700 Russell Senior dijo: Yeah, sounds like an out of control browser tab. Once I finally decided that I had no choice but to reboot, I started shutting things down. At the time I had about 20 tabs open in Chromium and another ten in Firefox. I suspected them the same as you, so they were the first things I shut down, and after each one was down I tried typing somewhere, and there was no change to the problem. That's not firm proof, 'cause sometimes things keep running when they should be dead. ps auxwww | egrep -i 'firefox|chrom' That will usually show any hung browser processes. It's been a long time since I've worked in a Linux GUI, but on my Macs Chrome runs a bunch of helper processes that occasionally run amok. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating
On Wed, 30 Jun 2021, Adrian Jenzer wrote: Dear Community I try to get an SSL Labs A rating for my CentOS8 Apache-server. I'am sure it has to do with my lack of understanding the crypto-policies configuration, can anybody give me an advice where i am wrong? My understanding is that the configuration in the pmod-file will override the ssl.conf values if PROFILE=SYSTEM is active. I personally skip the crypto-policy for Apache, relying on a traditional httpd.conf stanza instead: # ... SSLCipherSuite "EECDH+AESGCM:EDH+AESGCM" SSLProtocol -all +TLSv1.3 +TLSv1.2 In conjunction with other TLS best practices, these settings seem to do the trick (read: Qualys likes them), albeit while excluding some older browsers. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] Reading a file with a dash
On Tue, 29 Jun 2021, Michael Barnes wrote: Somehow, I managed to create a file named -u. I cannot figure out how to look at it as any command I give thinks -u is an option, not the filename. I cannot read, edit, move, delete, or anything. Ideas appreciated. Most GNU utilities will stop interpreting options when they encounter a bare ' -- ' string. So this should work mv -- -u newfilename Or, just use the . directory in the filename: less ./-u -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] How to tell where you're putting stuff
On Fri, 18 Jun 2021, Rich Shepard wrote: Are you familiar with the PWD environment variable? At the shell prompt type $ echo PWD and the present working directory will be displayed. From the "Yes, I'm old and cranky" Department: just use the pwd utility and save yourself some typing. [heinlein@omega ~]$ echo $PWD /home/heinlein [heinlein@omega ~]$ pwd /home/heinlein pwd is part of the GNU coreutils application suite, so it's probably installed just about everywhere outside of appliance-y machines. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] Canonical Mailman page not reachable
On Fri, 11 Jun 2021, Rich Shepard wrote: Canonical provides a python ORM (Object Relational Mapper) that allows python objects and relational database classes to seamlessly exchange data. Every time I try to subscribe to their mailman-hosted mailing list I get a message saying, "OpenID failed Unknown user." The page URL is <https://lists.canonical.com/mailman3/openid/complete/?next=%2Fmailman3%2Fpostorius%2Flists%2Fmailman.lists.canonical.com%2F_nonce=2021-06-11T13%3A36%3A11ZL8rjHw> and the link to it is <https://lists.canonical.com/mailman/listinfo/storm>. Has anyone else had difficulties signing up for a canonical mail list? Rich, It looks like you need an Ubuntu Single Sign-On (aka Ubuntu One) account to join a Canonical mailing list. Did you sign up for such an account? -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W
Re: [PLUG] Logging network use while using Zoom
On Thu, 13 May 2021, Russell Senior wrote: You do want to be looking at the whole picture though, not just firefox. Those numbers are way too low to be your online meeting. You might want to track total in/out bytes of the interface. Before and after your meeting run ifconfig -a. For each interface, you should see a line like: RX bytes:7251003175 (7.2 GB) TX bytes:282820023 (282.8 MB) Or, if you like iproute2 tools instead, ip -s link, where you will see lines like this: RX: bytes packets errors dropped overrun mcast 7255250852 7218804 0 0 0 0 TX: bytes packets errors dropped carrier collsns 284958814 1699378 0 0 0 0 Subtracting the before numbers from the after numbers, you should get the aggregate "during" numbers. I know that Russell is aware of this, but it's worth noting that aggregate numbers won't necessarily be limited to your Zoom session. Your package manager may be configured to look for updates every once in a while; a cron job may kick off a network session; any local network filesystem activity can bump the aggregate. Perhaps none of those scenarios applies to your system during the Zoom call, but beware that they will impact your numbers. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W___ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Fire the umn.edu IRB?
On Thu, 22 Apr 2021, Russell Senior wrote: https://cse.umn.edu/cs/statement-cse-linux-kernel-research-april-21-2021 One thing is certain: the web designers at The U* are certainly committed to the school colors. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W * My mom was an alum of the University of MN, so I've always known the University of Minnesota as "The U." Plus, I did my undergraduate work in the Twin Cities, where the nomenclature was heavily reinforced.___ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Fire the umn.edu IRB?
On Wed, 21 Apr 2021, Russell Senior wrote: https://lore.kernel.org/linux-nfs/yh%2ffm%2ftsbmczz...@kroah.com/ https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf Holy crap, way to step on it with golf shoes! I wonder if anyone has ever written anything on the subject of Patterns of Abuse and Criminality. This looks like a version of gaslighting, but in a tech-community context. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W___ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [CentOS] rsync over ssh stalls after completing the job
On Wed, 14 Apr 2021, Leon Fauster via CentOS wrote: On 14.04.21 06:40, Frank Cox wrote: This doesn't work: Host * ForwardX11 yes host jeff ForwardX11 no IMHO - first win. It should be Host jeff ForwardX11 no Host * ForwardX11 yes I think that's right. My ssh config has what amounts to four sections: 1. Directives that should not be overridden, ever 2. Host-specific directives 3. Network-specific directives 4. Fall-through defaults For example: # = %< = # don't override StrictHostKeyChecking ask # host settings Host dev.my.net prod.my.net ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes # network settings Host *.my.net Compression yes IdentityFile ~/.ssh/id_ed25519 # defaults Host * Compression no ForwardAgent no ForwardX11 no ForwardX11Trusted no Protocol 2 # = %< = -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync over ssh stalls after completing the job
On Tue, 13 Apr 2021, Frank Cox wrote: Here's a weird one. I have two Centos 8 machines that use rsync-over-ssh to back up files between each other. (Each machine acts as a backup machine for the other one.) There's are nightly cronjobs that do the backing up, the commands look like this: rsync -av --delete /home/mydirectory jeff:/home/mydirectorybackup That command works fine when it's run through the cronjob. When I try to run a rsync command between mutt and jeff from the commandline, that's where the problem starts. It worked a few days ago but now when I log into jeff and do a rsync to or from mutt it works fine. When I log into mutt and do a rsync to or from jeff it works and does the job, but then it seems to stall afterward and I have to hit ctrl-c to get my cursor back. Is there any chance that your shell is configured to emit anything to stderr or stdout when you logout of jeff? It's fairly rare, but I've seen logout messages mess up rsync before. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XML parsing in shell script
On Thu, 18 Mar 2021, H wrote: I just checked and I cannot see that the organization publishing these data files offer any XSLT stylesheet. IOW, I am, perhaps incorrectly, assuming that the publisher of the data would be one with said stylesheet. (Although perhaps that is something an end-user could put together as well??) Some high-profile XML schemata (e.g., DocBook) have published stylesheets, but mostly I've written my own. I have a very trivial example in a blog post from several years ago: https://www.madboa.com/blog/2014/09/10/strip-rss/ (My site is completely non-commercial. I gain nothing by you visiting it -- or ignoring it.) -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XML parsing in shell script
On Thu, 18 Mar 2021, H wrote: I have a challenge I am interested in getting feedback on. I will on a regular basis download a series of data files from the web where the data is in XML-format. The format is known in advance but is different between the various data files. I then plan to extract the various data items ("elements?") from each data file, do some light formatting and then save desired parts of each original data file as a formatted CSV-file for later importing into a database. As the plan is to use a bash shell script using curl to get the files, I have begun looking at external XML parsers that I can call from my script, perhaps specify which elements I want, get the data back in some kind of bash data structure and finally format and save as CSV-files. There seems to be a number of XML parsers available but perhaps someone on the list has a recommendation for which one might suit my needs best? I should add that I am running CentOS 7. Will you be using an XSLT stylesheet to do the work? There's a somewhat steep learning curve, but in my experience it's the most reliable method for parsing XML except in the very simplest of cases. In that case, the libxslt stuff may be what you want: http://xmlsoft.org/libxslt/ The command-line tool is xsltproc. Again, it's not easy to use, but once you've built a toolchain, it will be reliable and fairly easy to modify if the source XML schema change. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] R730xd & SD card identfication
On Sun, 7 Mar 2021, Gregory P. Ennis wrote: Everyone, We have migrated a platform to a Centos 8 host using kvm guest machines Recently I tried to copy one of the guests to the external SD card on the back of the Dell R730xd, but I have not been able to get the Centos 8 host to recognize the SD card. I can use DRAC interface of the R730xd to see that the SD card is being recognized and the status of the external SD slot is turned from inactive to active when the card is inserted. On some of our machines (not Dell R730 series, so caveat emptor), I had to use the kmod-isci RPM from ELRepo.org to get EL8 hosts (both CentOS and RHEL) to recognize Intel SATA controllers. The same controller is recognized just fine by EL7 kernels, but the isci driver was removed in RHEL 8: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/considerations_in_adopting_rhel_8/index#removed-device-drivers_hardware-enablement My suggestion is that you try finding a driver at http://elrepo.org/. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] OpenStack Training Recommendations
Our team at work is looking for OpenStack training options. The training should cover * overview of widely used OpenStack services * network architecture * installation and configuration * ongoing administration, maintenance, and troubleshooting * upgrading We'd prefer workflows based around Puppet or Ansible, since we know those tools, but operational continuity is more important than the tools used. We'd likewise prefer solutions oriented toward CentOS or RHEL, but, again, it's just a preference. We've investigated kolla-ansible for deployment, but we're not adverse to changing toolsets if the upside is right. I'd characterize our team as journeymen to expert system administrators. We specialize in supporting research groups. The training would be to provide skills and knowledge for our team to support OpenStack as a long-term in-house virtualization option. I'd love to hear your first-hand experiences with any specific training offerings. Thanks! (Note: we have other virtualization solutions in place. OpenStack is specifically required by researchers whose wider scientific communities have built workflows for that environment. Suggestions to ditch OpenStack for OtherGreatSolution will be ignored.) -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permission denied when updating CentOS 8 Streams
On Fri, 19 Feb 2021, Mathieu Baudier wrote: Hello, On a remote server (in an IPv6-only infrastructure) I am getting the following error when trying to update CentOS 8 Streams x86_64: $ sudo dnf upgrade --refresh Failed to set locale, defaulting to C.UTF-8 CentOS Stream 8 - AppStream 0.0 B/s | 0 B 00:16 Errors during downloading metadata for repository 'appstream': - Curl error (7): Couldn't connect to server for http://mirrorlist.centos.org/?release=8-stream=x86_64=AppStream=stock [Failed to connect to mirrorlist.centos.org port 80: Permission denied] Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (7): Couldn't connect to server for http://mirrorlist.centos.org/?release=8-stream=x86_64=AppStream=stock [Failed to connect to mirrorlist.centos.org port 80: Permission denied] Try using an https:// URL. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] adding network name alias
On Mon, 15 Feb 2021, Keith Lofstrom wrote: On Sun, Feb 14, 2021 at 09:45:05PM -0800, Russell Senior wrote: I can understand it making sense in the context of a server with multiple interfaces. We used to have occasional problems with ethernet enumeration when we were using recycled PCs as gateway routers. I just don't see why that kind of corner case drove adoption for a problem that didn't exist for 99% of users. Seems to me like "predictable" names ought to be an opt-in rather than an opt-out. Thanks to all for the useful and informative replies. I'm grateful for Russell's helpful grub configuration advice. Still - it would cost almost nothing if one device had TWO names in /dev/, BOTH eth0 AND enp12s0. Perhaps a deft application of the cluestick will encourage whoever made the PredictableNetworkInterfaceNames decision to rewrite the boot loader to create (and log) BOTH names, allowing end users to choose the name they prefer. I can remember the ancient days, when source-empowered users made Linux do what they wanted, rather than Linux making users conform to the changing whims of a powerful and unaccountable elite. I don't mind people pissing in their soup until they like the flavor - as long as they don't piss in MY soup. If you really want to name your device 'Ethyl' then have at it: https://community.mellanox.com/s/article/howto-change-network-interface-name-in-linux-permanently Frankly, I've never dived too deeply into udev, but that looks like the place to go. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [CentOS] Certificate Authority (CA) in CentOS 7 to create digital certificates
On Tue, 16 Feb 2021, Jos Vos wrote: On Tue, Feb 16, 2021 at 11:03:14PM +0530, Kaushal Shriyan wrote: I am running CentOS Linux release 7.9.2009 (Core). Is there a way to configure a Certificate Authority (CA) in CentOS 7 to create digital certificates for servers on LAN or for VPN clients that need SSL Certificates? FWIW: I use the "easy-rsa" package for that (standard in Fedora, for RHEL/CentOS 7/8 it's in the EPEL 7/8 repository). I use the easyrsa package as well. It can be found in the OpenVPN source code, if you need to download it directly. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] Recommend a cheap-when-stopped VM provider?
On Fri, 8 Jan 2021, Eric House wrote: I've been using Linode for a few years (since SpiritOne got hijacked) for an always-on host. It's great. But I'm starting to play with building OpenWRT and need more disk space and CPU than I have at home right now. I'd love to fire up a powerful VM for when I'm working on it and not pay when I'm not -- but not lose the considerable time invested in setting up and downloading/building 20G of files. Linode doesn't do this. Who does? My wish list: * Just raw Debian. I'm happy ssh-ing in, and don't want to learn a whole new way of interacting with a VM (which is what AWS requires in my casual experience) * Powerful VMs available but billed only when running * Free, or at least really cheap, to leave a configured VM in a saved-but-not-running state In the grand and honored tradition of not really answering your question... Have you considered scripting your installation of packages, configuration, and data rather than having to save your VM? Ansible can handle the first two (packages and configuration) pretty easily, while any accessible git repo or S3 bucket can deal with data installation. That would be my goal: script from scratch, rather than rely on full-system backups. On to your question: My understanding is that Google Cloud does not charge computing expenses for a stopped instance, though you're still charged for resources (disk, etc) attached to the instance. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [CentOS] dovecot option PROFILE=SYSTEM
On Wed, 6 Jan 2021, Kenneth Porter wrote: --On Tuesday, January 05, 2021 7:40 PM -0800 david wrote: In examining the file /etc/dovecot/conf.d/10-ssl.conf I see the text line: ssl_cipher_list = PROFILE=SYSTEM Yet, I cannot find any documentation that explains what that causes, where the values are stored. I ask because I don't see that text line in other installations of Dovecot 2.3 on other distros. Can anyone point me to an explanation? The value of ssl_cipher_list is passed directly to OpenSSL's SSL_CTX_set_cipher_list(): <https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_cipher_list.html> See here for the meaning of PROFILE=SYSTEM: <https://fedoraproject.org/wiki/Changes/CryptoPolicy#Scope> Additionally, on your local system, look at * the crypto-policies(7) man page * the update-crypto-policies(8) man page * the contents of the /etc/crypto-policies directory tree Several applications use these policies, so it's worthwhile to take a look around. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [PLUG] Midnight Commander display borked
On Mon, 28 Dec 2020, Nat Taylor wrote: My midnight commander's output is all weird, it's framed with diamonds with question marks in them, The file listings on the left hand side have their beginnings obscured due to this. I recently installed progress, pv, and rsync. I uninstalled progress, thinking that it may have had something to do to it, but to no avail. I suspect it's one of two things. First, your language settings may be off. What is the output of the "locale" utility in the terminal you're using to launch mc? If it's not set to a unicode variant (e.g., en_US.UTF-8), you'll want to do that: export LANG=en_US.UTF-8 and try launching mc again. Second, if your LANG variable is set to a UTF-8 variant, then the problem may be that the terminal you're using is not unicode-compliant. Try "mc -a," which uses simpler glyphs. Finally, mc may be trying to use a typeface that doesn't exist on your system. I don't know Midnight Commander well enough to suggest a fix. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] ProxyJump Link
On Fri, 4 Dec 2020, Paul Heinlein wrote: On Thu, 3 Dec 2020, Paul Heinlein wrote: Someone asked about the link to SSH ProxyJump documentation. There's more to be said than this, but here's the link: https://www.madboa.com/blog/2017/11/02/ssh-proxyjump/ I'll post a follow-up with a real configuration that uses that sort of thing in the next day or two. tl;dr: search the Internet for "ssh controlmaster" My full setup includes a highly customized ssh config file plus a shell script to control my SSH proxying. [] Whew! That was long. I'll probably use this post as the rough draft for an article I'll post to my blog later. https://www.madboa.com/blog/2020/12/10/ssh-full-network/ It's my web site, but it's not commerical and uses no tracking cookies. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/
On Tue, 8 Dec 2020, Rich Bowen wrote: The future of the CentOS Project is CentOS Stream, and over the next year we’ll be shifting focus from CentOS Linux, the rebuild of Red Hat Enterprise Linux (RHEL), to CentOS Stream, which tracks just ahead of a current RHEL release. CentOS Linux 8, as a rebuild of RHEL 8, will end at the end of 2021. CentOS Stream continues after that date, serving as the upstream (development) branch of Red Hat Enterprise Linux. I suppose I understand the negative feedback -- CentOS 8.x will no longer be a rebuild of RHEL 8.x but will instead be some version of RHEL 8.(x + 1) -- but I'm much more interested in empirical results than in suppositions. I've taken a couple test VMs and set them to CentOS 8 Stream and will keep an eye on them. They will either prove stable or not, but (observation > guessing) in my book. If history is any guide, they will prove very stable. If not, then I'll pour one out for CentOS and look elsewhere. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos