Re: Virtual server host with reasonable mail policies?

[Ken D'Ambrosio]

On 2022-12-30 16:37, Benjamin Scott wrote:

> FWIW, my DO VM can initiate TCP to 25 outbound on both IPv4 and IPv6.
> It is likely grandfathered, however.  They have a somewhat
> vaguely-defined blocking policy:
> 
> https://docs.digitalocean.com/support/why-is-smtp-blocked/

O... nice to know.  Last time I'd checked -- when IPv6 suddenly was 
blocking my outbound -- it was an intentional block, with no intention 
to remove it.  I guess times have changed.  (The rationale was that, 
apparently, RBLs were blocking entire v6 subnets, so rather than maybe 
not be able to send email, they'd save everyone the unpleasantness of 
uncertainty, and simply block it entirely.)

> FYI, this was fixed in Postfix at some point.  I don't recall when.

Good deal.

> There seems to be an increasing trend of DO having their
> ASNs/netblocks ending up on blacklists.  Allegedly (according to the
> blacklists) this is because DO doesn't police their customers closely
> enough and/or respond to abuse reports in a good fashion.

Huh.  I did have to bounce the first IP I got some six(?) years ago, but 
been smooth sailing since.  However, it's good to know it's not a DO 
priority.  I'll keep my eyes open for bounced/bitbucketed e-mails.  
Indeed, right now, I'm waiting on a reply to an e-mail I sent to a guy 
who's usually really quick with replies.  But it's also a holiday, 
basically, so I'm not getting exercise jumping to conclusions.

> They also have an official position of very strongly discouraging
> running email within their systems:

Boo!  Hiss!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Virtual server host with reasonable mail policies?

[Ken D'Ambrosio]

On 2022-12-30 17:04, Ted Roche wrote:
> MS escalation and delisting is useless. I've had to hop IP addresses a
> couple of times (which Linode support is awesome about!) but it's a
> hassle. At this point, I don't want to abandon Linode after 15 years
> of sterling service, but I may have to route outgoing email through
> yet another (paid) service to get the mail delivered.

I had this same problem with DO.  I actually have not one, but _two_ VMs 
"out there," DO for $5/mo., and this other one -- I honestly don't even 
remember the vendor, but I can look if anyone's interested -- for 
something like 20 Euros a quarter or something.  It's a relatively 
unknown vendor, I think, but the box is in Canada, so my latency isn't 
horrible, and it's got a big disk, so I can store stuffs there (e.g., my 
~35 year-old mailbox is beginning to approach even the generous 25 GB on 
DO).  It does my primary job -- secondary DNS -- just fine, as well as a 
few other things, but ALSO, by dint of, presumably, being relatively 
unknown, is where I've had Postfix route my MS-bound e-mail.  It Just 
Works(tm).  Assuming static IPs, I'd happily relay for either/both of 
you, if you're interested.
And, yeah -- there are exactly zero guarantees that MS won't start 
rejecting e-mail from that host tomorrow, but so far, it's been ~5 
years, and working fine.  [Sidebar: I _think_ it's working fine.  It's 
been a while since I've had need to mail an 
MS/outlook.com/hotmail.com/etc. address.]

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Virtual server host with reasonable mail policies?

[Ken D'Ambrosio]

On 2022-12-30 14:33, Benjamin Scott wrote:
> Hi everybody!

Hi back!  I have a DO node, ad... well, it does most all that you 
mentioned.  I'll respond to particulars in-line.

> - Receive email directly (run an SMTP listener on TCP port 25)
Yes.
> - Send email directly (initiate outbound connections to TCP port 25)
NOT IPv6 -- which is annoying AF.  But IPv4 works fine.  NOTE: if you 
have both enabled, and are using (at least) Postfix, IPv6 apparently 
gets the ball, first, and will block _all_ outbound e-mail until 
disabled.  See again: annoying AF.
> - Run a web server (HTTP/SSL listener on TCP ports 80 and 443)
Yes.
> - Run an SSH listener on a non-standard port (remote access)
Yes.
> - Run a DNS server on UDP and TCP port 53 (authoritative name server)
Yes.
> - Install and run arbitrary Linux software
Yes.
> - Fairly low CPU, disk, and RAM usage
They've "recently" -- the past few years -- bumped their $5/mo. VM to 1 
GB.  25 GB of disk, and one vCPU.  Note that it's been a while since I 
set up my current VM, so these may have changed.
> - Hand-holding software like "CPanel" is actively unwanted
Not there (I don't think) unless you want it.

> All I/we want the provider to do is:
> - Provide some kind of UI for low-level VM maintenance
Yes.
>- Installation of operating system (canned images are fine)
Yes.
>- Recovery of OS when SSH can't be used
Yes.
> - Make sure the VM doesn't go down due to power or hardware fault
Haven't _had_ it go down, ever, except I think twice: once for a 
proactive remediation against one of the nastier attacks, and once for 
proactive migration because some storage was failing.
> - Make sure IP traffic keeps flowing
??  Not sure what you're looking for, here.
> - Respond to abuse reports to keep reputation at least somewhat OK
I generally go and do my own reputation maintenance by talking to RBLs 
directly.  Are there providers that do that for you??

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Book or online source on modern Linux system files and organization

[Ken D'Ambrosio]

On 2022-12-21 15:32, bruce.lab...@myfairpoint.net wrote:


My laptop keyboard works, at least many of the keys, but some don't.


I would wonder if this could mean your numlock is on -- either on your 
external keyboard, or your internal.  Either way, I've seen numlock on 
laptops turn the right-hand side of the keyboard into a number pad, 
which can be really annoying to figure out.  (This irrespective of OS.)


-Ken___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

CRM?

[Ken D'Ambrosio]

Hey, all.  My wife's taken a new(ish) job, and is the tech pubs manager 
at a company in upstate NY.  (She's 100% WFH with occasional visits to 
company offices.)  And they really need a way that "customers" -- both 
internal and for-real paying customers -- can interact with their 
documentation, access files, and file tickets.  Salesforce is the biggie 
here in CRM-land, of course, but it costs a boatload, and, for what she, 
specifically, is doing, is likely overkill.  If you've had exposure to a 
CRM solution, AND a vendor that can offer support, I'd be happy to pass 
suggestions on.  Open Source is winning, but the key "feature" is 
someone who can hand-hold during install, and be available post-install.

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ZFS vs btfrs

[Ken D'Ambrosio]

On 2022-02-24 12:42, Ian Kelling wrote:
>> So what I do:
>> 
>> * Create a copy on the destination host.
>> * Snapshot it.
>> * Mount the snapshot as my rsync backup destination.
>> * And make a snapshot of _that_.
> I'm confused by those bullets, I understand the general idea though.

Sorry.  It's been a Hell of a week.  What I _should_ have written:
* Create a copy, via rsync, on the destination host.  This is my 
"origin"
* Create a CoW snapshot of the origin -- giving snapshots datestamps
* rsync to the new snapshot
* create a (datestamped) snapshot of the newly-rsync'd-to snapshot
* rsync to *that*
* Rinse and repeat daily

And, finally, delete -- or, rather, "btrfs sub del" -- whatever 
snapshots are outside of my retention period.

-K
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ZFS vs btfrs

[Ken D'Ambrosio]

On Thu, Feb 24, 2022, 11:55 Ken D'Ambrosio  wrote:


I use the btrfs-send (which, of course, is modeled after zfs-send)...
except, I kinda don't.  And this isn't a dig at btrfs (or ZFS), but 
just

paranoia...

On 2022-02-24 13:24, Bill Ricker wrote:
SAN dutifully copied the block level writes to alternate site, so that 
panicked also. Oopsie. They had to restore Prod last backup onto UAT 
system (and recreate all logged transactions... a day of market!) to 
return to service. It was a bad week.


I much prefer semantic (vs block/bit) replication.


"Just because you're paranoid doesn't mean they're not out to get you."  
Dam.  OK!  I feel better about my belt-and-suspenders measures, now. 
;-)


-Ken___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ZFS vs btfrs

[Ken D'Ambrosio]

On 2022-02-24 11:31, Ian Kelling wrote:
> Chuck McAndrew  writes:
> 
>> I would add one feature about ZFS that is super useful and that is the 
>> ability to replicate datasets to a remote server. I don't know if 
>> btrfs has a
>> similar feature, but the ability to have a backup server offsite and 
>> just setup a cron job to replicate it was awesome for DR. It makes 
>> backing up
>> your snapshots very very easy.
>> 
> 
> Yes, btrfs has this. I use it mostly through this tool:
> https://github.com/digint/btrbk . I recommend it.

I use the btrfs-send (which, of course, is modeled after zfs-send)... 
except, I kinda don't.  And this isn't a dig at btrfs (or ZFS), but just 
paranoia: I'm afraid that, if there were corruption on the source FS, 
using a FS-specific/replicating tool to do the data transfer might bring 
over whatever corruption was on the source in the first place.  So what 
I do:

* Create a copy on the destination host.
* Snapshot it.
* Mount the snapshot as my rsync backup destination.
* And make a snapshot of _that_.

That way, I have two essentially identical CoW hierarchies, but that 
have "left" the source FS, and gone to the destination one.  Not as 
efficient as sending CoW deltas, but it gives me a little more peace of 
mind.  Yes, my scenario seems awfully unlikely, buut...
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ZFS vs btfrs

[Ken D'Ambrosio]

On 2022-02-23 11:25, Ben Scott wrote:
> Hi all,
> 
> Btfrs vs ZFS. I was wondering if others would like to share their
> opinions on either or both?

So... really, the two filesystems have a lot in in common.  ZFS is 
absolutely more mature, especially WRT RAID (more below).  But btrfs has 
some really nifty features, and with its arrival in Fedora, is getting 
the support it so badly needed.  So, for me, the big win for btrfs is:
alias clone='cp --reflink=always'
Hey, presto!  You just cloned your base 5 GB virtual image in under a 
second.  You now have tow CoW "copies" of the exact same file, and 
unlike hard links, you are now free to munge them to your heart's 
content.  NOW: the last time I checked for this on ZFS was sometime 
around the Sauron's revealing himself as a Dark Power, so maybe ZFS 
supports it now.  And I totally know that ZFS supports lightweight 
snapshots (as does btrfs), but being able to clone a file -- or an 
entire hierarchy, such as all of my company's repos -- just so I can 
have a "play" hierarchy, and a not-play one is handy.  Likewise, when 
editing video files, you can have the original and the tweaked one, with 
only the delta as additionally used storage.  tl;dr: it's handy, 
especially for lots and lots of files in a hierarchy, or really big, 
related files.

The bad: DO NOT DO RAID =~ /[56]/ ON btrfs.  What I do is a ye-olde mdm 
RAID, and lay btrfs on top of that.  Works the bomb.  Doesn't give all 
the bells and whistles that a RAID-savvy FS would (e.g., only rebuilding 
places with data, instead of the entire volume), but I've had no 
problems.

Last thing: Timeshift is really cool.  I wrote my own scripts, but I 
admit, Timeshift gets 'er done.  I assume, but do not know, that there's 
a similar utility that can make use of ZFS.

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Have suggestions for a "roll your own file server"?

[Ken D'Ambrosio]

On 2021-05-26 12:13, Tom Buskey wrote:


My Fedora /etc/fstab has spaces
UUID=54103729-6e0a-4345-a2b8-8b8cded29ee1 /boot   ext4  
  defaults1 2


I've had clients initiate rsync for security.  I think the client 
initiation would offload the rsync compute from the server.
For a home server, it's nice to just monitor the server instead of 
multiple clients.


I'm not sure which you guys are considering client, and which server.  I 
like to initiate from the thing I'm backing up *to*; that way, if the 
host being backed up is compromised, they won't have direct access to 
the backups, themselves, which, in the days of ransomware, seems like a 
valid concern.  (I'd also lock down the host doing the backups pretty 
tightly.)


$.02,

-Ken


Nice buiild

On Wed, May 26, 2021 at 11:00 AM Bruce Labitt 
 wrote:


Finally back to this.  Built a stack of metal plates that house my 
RPI4, a boot SSD, a 1TB RAID1 array, and both active and passive USB3 
hubs.  Machined parts so everything is bolted and clamped down.  Have a 
PWM fan that cools the RPI4 proportional to load that runs under 
systemd.  System boots from SSD.  (No SD card.)  It's kind of a brick 
sh!thouse, but it's sturdy.  Have created the RAID1 device - or it will 
be finished in 45 minutes.  It is still syncing.


Now I'd like to add the md0 device to /etc/fstab.  The example I see is 
with the device name.  From 
https://www.tecmint.com/create-raid1-in-linux/

/dev/md0/mnt/raid1ext4defaults0 0

I've read it is better to use the UUID.  Is the following the correct 
syntax?


PARTUUID=my_complete_md0_UUID  /mnt/raid1ext4defaults  0 0

where my_complete_md0_UUID comes from
$ lsblk -o UUID /dev/md0

Does one need to use tabs in fstab, or are spaces ok?

Once I figure this out - I have to figure out some rsync magic.  Is it 
better for the server to initiate the rsync, or the remote devices?


After all this I have to make another one.  That shouldn't take as long 
as the first time!  For some pictures of the hardware build see 
https://www.hobby-machinist.com/threads/an-rpi4-based-file-server.92273/#post-846939


On 3/10/21 8:49 PM, Bruce Labitt wrote:
I'll take a look at that.  Thanks for the link.

On Wed, Mar 10, 2021 at 8:15 PM Marc Nozell (m...@nozell.com) 
 wrote:
Just to put a plug in for a colleague's work: 
https://perfectmediaserver.com/It covers everything from disk 
purchasing strategies, burn-in, filesystems (ZFS, SnapRAID, etc).


He also hosts a podcast that folks here may find interesting: 
https://selfhosted.show/


-marc

On Wed, Mar 10, 2021 at 8:08 PM  wrote: OK:

s/RPi4/some-other-cheap-computer-with-USB-3.x>/g

Unless you build multiple Ethernet or WiFi or LTE modem connections 
your networking will still be the slowest thing.


You do not need huge amounts of CPU power, or huge amounts of RAM.

My basic point is that if you stick with simple RAID (like mirroring) 
but also set up a unit that is remote from your own home you could 
protect your own data from fire, flood and theft to a reasonable level 
and even protect your friend's data by backing up their data to your 
device.


Add snapshots as suggested by Tom Buskey,perhaps encryption of file 
systems and data-streams and you can have a rather simple, server where 
you learn a lot by planning it out and setting it up rather than buying 
an "off the shelf" solution or simply using a "web backup".


And good catch on the USB power supply.

md
On 03/10/2021 6:53 PM Joshua Judson Rosen  
wrote:



I'm not sure about the Raspberry Pi 4, but up thru the raspi 3+ there 
are... problems, e.g.:


Beware of USB on the raspi: there are some bugs in the silicon that 
pretty severely
cripple performance when multiple `bulk' devices are used at 
simultaneously,
sometimes to the point of making it unusable (e.g. if you want to use 
a better Wi-Fi
adapter/antenna than the one built onto the board, and connect an LTE 
modem so that
your raspi roam onto that if Wi-Fi becomes unavailable, throughput on 
whichever of those
interfaces you're actually using can become abysmal). IIRC the issue 
is basically
that the number of USB endpoints that can be assigned interrupts by 
the raspi controller
is _incredibly small_; and it's common for high-throughput devices to 
have multiple endpoints per device--
sometimes even one USB device will have more endpoints that the raspi 
USB controller can handle.


Also, `network fileserver with USB-attached hard drives' is kind of 
the `peak unfitness'
for the raspberry pi. Specifically if you've got it attached to 
ethernet,
the ethernet is attached through the same slow-ish USB bus as your 
HDDs.


(the onboard Wi-Fi BTW is SDIO; so if you avoid using the onboard 
Wi-Fi, I guess you might also

be able to make your µSD card faster...)

ALSO: you'll really want to use an externally-powered USB hub for USB 
devices
that are not totally trivial, because the raspi's µUSB power supply is 
already
strained... (and 

Re: rsync question

[Ken D'Ambrosio]

On 2021-03-09 21:29, Bruce Labitt wrote:


A maybe not so smart rsync question...

If one uses rsync -avz src/bar  /disk2will that copy over 
everything from src/bar and create a directory bar on disk2?  What if 
src/bar has other users or root?  In other words, does the -a mean that 
it will preserve ownership and links and copy to /disk2?  Just don't 
know if I need sudo or not.


I dumbly did a copy.  Well, that didn't preserve permissions or 
attributes.  So deleting that...  Since I'm trying to back up 100's of 
GB, thought I'd ask.  This is taking a long time, even with USB3 drives 
and nvme.


The '-a' flag is one of the few flags that actually means the same thing 
for both rsync and cp -- and does much the same thing, too.  You should 
be able to use cp -av /src/bar /disk2 and have it copy 
attributes/permissions.  You need the "sudo" in there to preserve 
ownership, as non-root can't assign other users' ownerships to the 
files.  The main reason I might recommend "cp" over "rsync" is simply 
because I find "cp" a little less confusing -- what "rsync" does can 
vary depending on whether or not there are trailing slashes and so 
forth, and I never quite remember which is which.  But the best thing 
about rsync is that if it barfs in the middle, you just up-arrow, and it 
starts over from where you left off.  As with "cp", if you want the 
ownerships preserved, don't forget the "sudo".  Note that unless you're 
transiting a network, I'd leave the "-z" off, because it'll just slow 
you down (substantially).


-Ken___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Access public IP from NAT.

[Ken D'Ambrosio]

Hey, all.  So I finally yanked my Comcast modem ("for reasons," largely
having to do with lack of static routes), and put in my own cable modem,
a WAP, and a RasPi-4 that's doing routing/NAT.  It all works great. 
But... I have services exposed that I want to access on the public IP. 
It works *great* from out there, but if I try to access the public IP

from my NATted network, no dice.  And, sadly, if there's one Linux place
where there's a truck-sized hole in my knowledge, it's IP Tables.  I've
googled the Interwebs to no avail on what magic IPTables stuff would be
needed to make it work.  Here's my current script:

root@ubuntu:/usr/local/bin# cat start-NAT.sh 
#!/bin/bash

export PUBLIC=eth1
export PRIVATE=eth0

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $PUBLIC -j MASQUERADE
iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m state --state
RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $PRIVATE -o $PUBLIC -j ACCEPT

=
root@ubuntu:/usr/local/bin# cat start-port-forwarding.sh 
#!/bin/bash


export PRIVATE=eth0
export PRIV_IP=192.168.10.1
export PUBLIC=eth1 
export JELLYFIN=192.168.10.12 


iptables -A FORWARD -i $PUBLIC -o $PRIVATE -p tcp --syn --dport 8096 -m
conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m conntrack --ctstate
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $PRIVATE -o $PUBLIC -m conntrack --ctstate
ESTABLISHED,RELATED -j ACCEPT
iptables -P FORWARD DROP
iptables -t nat -A PREROUTING -i $PUBLIC -p tcp --dport 8096 -j DNAT
--to-destination $JELLYFIN
iptables -t nat -A POSTROUTING -o $PRIVATE -p tcp --dport 8096 -d
$JELLYFIN -j SNAT --to-source $PRIV_IP
=
If anyone could be kind enough to let me know what extra magic(tm) I
need to employ to get at my public IP from inside, I'd be most
interested to hear. 

Thanks! 


-Ken___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: How was the get-together?

[Ken D'Ambrosio]

On 2020-02-24 14:57, Ben Scott wrote:
> On Fri, Feb 21, 2020 at 10:00 AM Ken D'Ambrosio  wrote:

>   Everyone was so devastated by your inability to attend, they all
> left after learning of the news.

The price of fame.

>> Should we consider getting together again on a regular
>> (probably quarterly) basis, maybe with an actual agenda, etc.?
> 
>   My personal opinion (and not that of any other person, organization,
> or entity) has long been that regular meetings should come before
> formal meetings.

I'm somewhere in the middle: I've been to the Chelmsford Linux meetup, 
and they're nice people, etc., etc., but they never seem to actually 
have anything to talk about.  Now, I don't want to scare people away 
with a desire for formality, but on the flipside, we're getting together 
"because Linux" and it might be nice to be able to have a way to further 
that.

>   So I would suggest picking a date and recurrence interval and
> getting that going.

Amen.

>   Perhaps at the next meeting, the question of topics of interest
> could be the discussed.  (See?  Already the synthesis occurs.)

Woot!

>   One concern I do have is: It is often difficult to hear and be heard
> in a restaurant venue.  It certainly was the other night.  At the same
> time, it seems like food and drink are an appealing aspect for many.

Second, third and fourthed.  I'm all ears.  I might have a local locale 
(sorry) that fits the bill for food and a quiet room, but am not sure.  
I admit I'd prefer to have the two combined -- I liked the old GNHLUG 
meetings, but it was (if you will) Very Formal when we left Martha's 
proper and headed upstairs.  I'd love to combine food with the ability 
to discuss stuff.  Hmmm... we *did* have that Icinga/IPv6 discussion 
somewhere in Manchester, and that seemed to work.

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

How was the get-together?

[Ken D'Ambrosio]

Hey, all.  I'm deeply, deeply sorry I missed the fun.  Tow truck finally 
got me to Amherst around 7:00, and I still had to walk home from the 
shop.  But enough about me: I'm curious how things went!  Was a good 
time had by all?  Should we consider getting together again on a regular 
(probably quarterly) basis, maybe with an actual agenda, etc.?

Curious for input,  ideas, and so forth.

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Reminder/RSVP -- meet *this Thursday* for chat & beer.

[Ken D'Ambrosio]

Some days...
So! My clutch has gone to that junkyard in the sky, and it will take a 
miracle for me to make the meeting, being as I'm broken down on the side 
of the road in Billerica and the cops are gonna tow me for being in the 
wrong place. (Roadside said 90 minutes; given my situation, I have to 
agree with the cops.)

The table is reserved for "Linux" (or however they interpreted that) and 
is for 15 -- which as of now is one fewer than RSVP'd, given my absence.

Please accept my apologies...

-Ken

On 2020-02-18 15:17, Ken D'Ambrosio wrote:
> Hey, all!  Just a reminder that we're going to get together at
> Martha's Exchange this Thursday at 6:00.  Nothing formal, though
> Maddog has threatened to bring a PiDP-11.  (Note the add'l 'i' for
> those wondering if he needs help with the handtrucks.)
> 
> Trying to get a quick headcount so I know what to tell Martha's to set
> aside for us.
> 
> Looking forward to seeing whoever's able to show up!
> 
> -Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Reminder/RSVP -- meet *this Thursday* for chat & beer.

[Ken D'Ambrosio]

Hey, all!  Just a reminder that we're going to get together at Martha's 
Exchange this Thursday at 6:00.  Nothing formal, though Maddog has 
threatened to bring a PiDP-11.  (Note the add'l 'i' for those wondering 
if he needs help with the handtrucks.)

Trying to get a quick headcount so I know what to tell Martha's to set 
aside for us.

Looking forward to seeing whoever's able to show up!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Nashua-area folks -- meet up?

[Ken D'Ambrosio]

On 2020-01-28 15:29, Ben Scott wrote:
> On Tue, Jan 28, 2020 at 2:18 PM Ken D'Ambrosio  wrote:
>> > Should I send something to -announce and/or post it on the website?
>> 
>> That sounds like an excellent idea!
> 
>   It seems there is a "Time" field in the announcement template.  What
> should I put there?

"Time".  I suppose we shouldn't be blocking out the whole day. I imagine 
6:00 might be the way to fly...
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Nashua-area folks -- meet up?

[Ken D'Ambrosio]

On 2020-01-28 14:08, Ben Scott wrote:
> On Tue, Jan 21, 2020 at 1:23 PM Ken D'Ambrosio  wrote:
>>>> Maybe Thursday, the 20th of Feb.?  (Safely after Valentine's...)
> 
> Should I send something to -announce and/or post it on the website?

That sounds like an excellent idea!  "Make it so." (An allusion, of 
course, to the return of Picard.  Something that seems completely 
appropriate to a Linux mailing list.)

-K
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Nashua-area folks -- meet up?

[Ken D'Ambrosio]

Well, I'll take point on calling Martha's -- if, that is, enough people 
reply to warrant grabbing a bigger table.  Anybody got a preferred time? 
  It's heading toward Feb, and we should probably push it out far enough 
that there's a chance those that want to come can schedule for it.  
Maybe Thursday, the 20th of Feb.?  (Safely after Valentine's...)

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Nashua-area folks -- meet up?

[Ken D'Ambrosio]

It's been brought to my attention by someone (*cough*Ben*cough*) that 
it's been a long, long time since we got together for Linux, grub and 
suds.  While I think full-fledged meetings are probably not on the 
agenda (ha, ha), is there some interest out there?  Maybe crash Martha's 
some evening?
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: systemd and search domains.

[Ken D'Ambrosio]

On 2020-01-08 17:58, Joshua Judson Rosen wrote:
>> Nutshell: clearly, it's time for
>> a self-written inotify daemon and call it a day.
>> Because it's stupid easy to prepend a line with my domain name every 
>> time the file changes,
>> whereas I'm gettin' old trying to figure this out through a more 
>> elegant mechanism.
> 
> Ha! An inotify monitor actually seems like a pretty elegant solution to 
> me!
> (though maybe I should point out that I got some of my aesthetic sense
>  from growing up watching The Red Green Show...).

I done did it.  (Yeah, I use Ruby for my CLI stuffs; it's pretty much 
replaced Perl as my go-to for any systemy stuff.  But this time, I 
decided not to make it a Ruby script and just threw in a -pie one-liner 
like the olden Perl days.  It's not particularly pretty, but hey...)
--
gozer # cat /usr/local/bin/dnssearch.sh
#!/bin/bash

# Prepends my domain to DNS search line in resolv.conf

resolv="/run/systemd/resolve/stub-resolv.conf"

while true
do
 grep jots.org /run/systemd/resolve/stub-resolv.conf || \
echo "Prepending jots.org to domain search list"
 ruby -pi -e 'gsub(/search /, "search jots.org ")' "$resolv"
 inotifywait -e modify "$resolv" # Here and not at top to be sure 
fires once
 sleep 3
done
--
gozer # cat /etc/systemd/system/dnssearch.service
[Unit]
Description=Date to file on-disk
After=getty.target

[Service]
Type=simple
User=root
WorkingDirectory=/tmp
ExecStart=/usr/local/bin/dnssearch.sh
Restart=always

[Install]
WantedBy=multi-user.target
--
gozer systems # systemctl status dnssearch
● dnssearch.service - Date to file on-disk
Loaded: loaded (/etc/systemd/system/dnssearch.service; enabled; 
vendor preset: enabled)
Active: active (running) since Wed 2020-01-08 18:14:13 EST; 6min ago
  Main PID: 13429 (dnssearch.sh)
 Tasks: 2 (limit: 4915)
CGroup: /system.slice/dnssearch.service
├─13429 /bin/bash /usr/local/bin/dnssearch.sh
└─13700 inotifywait -e modify 
/run/systemd/resolve/stub-resolv.conf

Jan 08 18:14:16 gozer dnssearch.sh[13429]: Watches established.
Jan 08 18:14:28 gozer dnssearch.sh[13429]: 
/run/systemd/resolve/stub-resolv.conf MODIFY
Jan 08 18:14:28 gozer dnssearch.sh[13429]: # configured search jots.org 
domains.
Jan 08 18:14:28 gozer dnssearch.sh[13429]: search jots.org jots.org
Jan 08 18:14:31 gozer dnssearch.sh[13429]: Setting up watches.
Jan 08 18:14:31 gozer dnssearch.sh[13429]: Watches established.
Jan 08 18:14:53 gozer dnssearch.sh[13429]: 
/run/systemd/resolve/stub-resolv.conf MODIFY
Jan 08 18:14:53 gozer dnssearch.sh[13429]: Prepending jots.org to domain 
search list
Jan 08 18:14:56 gozer dnssearch.sh[13429]: Setting up watches.
Jan 08 18:14:56 gozer dnssearch.sh[13429]: Watches established.
--
First prepend was when I fired up the service and my domain wasn't 
already in there; second was when I launched the VPN.

> Watch out for the `inotify-handler writes and re-triggers itself
> resulting in an infinitely-long "search" line' problem,
> obviously? :)

Yeah, I've stubbed my toe on that w-a-y back when inotify first came 
out.  That, and just not firing too frequently should $stuff be 
happening, are the reasons for the three-second sleep.

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: systemd and search domains.

[Ken D'Ambrosio]

On 2020-01-08 16:22, Dennis Straffin wrote:


Newer Ubuntu systems use systemd-resolved which doesn't seem to support 
split-horizon dns (at least last time I looked).

One solution is to go back to using dnsmasq.


Wups.  Meant to reply with this to all, earlier.  Going to add verbiage
for dnsmasq, too. 

== 

Welp. 


* I used to do the dnsmasq thing, and it works really well, but it's
kind of a pain to set up all the DNS servers and stuff for internal use,
and you occasionally get stuff wrong.  It's a big enough win for VPN to
be handling that that I think I'll let it continue doing it. 


* I tried Joshua's suggestion of openresolv, and it's got exactly what I
want, and happily prepends the domain to resolv.conf... until the VPN
(GlobalProtect) steps on it. 


* I did some systemd reading, and realized that there's a way to do this
through systemd: edit /etc/systemd/resolved.conf.  Which likewise gets
stepped on by GlobalProtect 


* I tried Ted's idea, thinking maybe I hadn't looked closely enough at
the network UI, and I was right: I hadn't!  Except when I went to edit
the entries, they echoed exactly what I'd done with
/etc/systemd/resolved.conf.  So it's probably fronting exactly that. 


I *think* I'd be able to make it work through OpenConnect, except that
it seems OpenConnect isn't doing MFA (at least, with the GlobalProtect?)
Nutshell: clearly, it's time for a self-written inotify daemon and call
it a day.  Because it's stupid easy to prepend a line with my domain
name every time the file changes, whereas I'm gettin' old trying to
figure this out through a more elegant mechanism. 

Thanks for suggestions, all! 


-Ken


* Install dnsmasq:

apt get install dnsmasq

* Update /etc/NetworkManager/NetworkManager.conf:

[main]

...

dns=dnsmasq

* Add a dnsmasq config file to /etc/NetworkManager/dnsmasq.d/foo.conf with your 
servers:
server=/foo.bar/bar.baz/1.2.3.4

* Restart network manager:

sudo service network-manager restart

* You might have to stop and disable the dnsmasq and resolved units:

sudo systemctl stop systemd-resolved dnsmasq
sudo systemctl disable systemd-resolved dnsmasq

* You might also have to link /etc/resolv.conf to the network manager generated 
one:

sudo mv /etc/resolv.conf /etc/resolv.conf.orig
sudo ln -s /run/NetworkManager/resolv.conf /etc/resolv.conf

-Dennis

On 1/8/20 2:37 PM, Ken D'Ambrosio wrote: 

Hey, all.  When I fire up my VPN, it re-writes my /etc/resolv.conf.  
Shocker.  But I *want* it to, because then all my DNS stuff is good for 
my company.  But it's NOT good for my personal domain.  I'd like to have 
that added to the search domains.  I'm in Ubuntu; not sure if that 
matters.  From my reading:
* I can the search domains on a per-interface manner, but that seems 
hokey, and subject to issues if I use something (e.g., Bluetooth) to be 
my conduit to the 'Net.
* /etc/resolv.conf shouldn't be manually modified as it'll just get 
overwritten (and I don't want to make it immutable because I want it to 
change depending on whether I'm using VPN or no)
* /etc/dhclient/dhclient.conf (apparently) doesn't matter any more if 
you're running NetworkManager


So, my question: is there an elegant, global way to set/append to my DNS 
domain search list?  Or am I just gonna wind up writing a daemon to wham 
an resolv.conf in-place depending on the current network config?


Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

systemd and search domains.

[Ken D'Ambrosio]

Hey, all.  When I fire up my VPN, it re-writes my /etc/resolv.conf.  
Shocker.  But I *want* it to, because then all my DNS stuff is good for 
my company.  But it's NOT good for my personal domain.  I'd like to have 
that added to the search domains.  I'm in Ubuntu; not sure if that 
matters.  From my reading:
* I can the search domains on a per-interface manner, but that seems 
hokey, and subject to issues if I use something (e.g., Bluetooth) to be 
my conduit to the 'Net.
* /etc/resolv.conf shouldn't be manually modified as it'll just get 
overwritten (and I don't want to make it immutable because I want it to 
change depending on whether I'm using VPN or no)
* /etc/dhclient/dhclient.conf (apparently) doesn't matter any more if 
you're running NetworkManager

So, my question: is there an elegant, global way to set/append to my DNS 
domain search list?  Or am I just gonna wind up writing a daemon to wham 
an resolv.conf in-place depending on the current network config?

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: COBOL on HPUX

[Ken D'Ambrosio]

On 2020-01-06 22:44, R. Anthony Lomartire wrote:


So I recently landed a job working in COBOL on HP-UX. It's been a trip!


Oh, man.  You just had to go there.  Why, yes, as a matter of fact, I
*do* have a COBOL on HP-UX story.  I was working at a startup c. 2002,
and we wanted to use the PointMan ERP system on our HP-UX hosts.  (Linux
wasn't yet an option for PointMan.)  So I, a relative HP-UX neophyte,
ordered COBOL for some thousands of dollars.  I got, in a FedEx
envelope: one (1) sheet of paper with one (1) serial number and a phone
number to order more stuff. 

Period. 


I mean, silly me.  For a couple of thousand bucks, I'd expected install
media, release notes, some accompanying documentation.  *SOMETHING*  So
I call the phone number and am like, "What in the world do I *do* with
this??"  They transfer me to another number.  Which transfers me to
another number.  Which transfers me to another number.  Who gives me a
number they promise will be able to help.  It's only after I hang up
that I realize it's the first number I'd called -- the one on the piece
of paper.  At this point, I begin to doubt my sanity. 
Oh -- and did I mention the ERP system, itself, cost something north of

$150K, and I had the CFO breathing down my neck to get it installed,
like, yesterday? 
I finally find some poor woman who's at least, like, *heard* of COBOL. 
And she gets me to people who are willing to help me -- if I pay the

$750 (? -- I think that's right) maintenance fee.  So I do.  And get
connected with a very helpful engineer who explains the software is on
the install media that *came with the system*; I just needed the serial
number to activate it. 
"Except, oh, yeah, YOUR version of the install media has a bug, and

COBOL won't install.  I need to mail you a file."
"So, you mean, even if I knew HP-UX super-duper well, I *STILL* wouldn't
have been able to install it?"
"Yeah, that about sums it up." 


Again: release notes.  Errata.  An fscking URL.  ANYTHING.  I wrote our
HP rep a letter the likes of which I generally try not to write.  He
called me up and asked what he could do to make it right.  I said that
was impossible, but implored him not to screw over other customers. 


That's a top-five most-frustrating-thing ever.  I sincerely hope that
things have changed in the intervening time. 

-Ken 

This stuff is from before my time but it's been really interesting to learn. Have any of you folks worked with this stuff? We're looking to migrate away eventually, maybe anyone with experience there? I'd love to hear any stories about COBOL or old enterprise mainframe applications you've worked with. We're probably going to be hiring soon too if anyone would be interested in a similar gig. :) 
___

gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Runaway log...

[Ken D'Ambrosio]

On 2020-01-06 21:43, Joshua Judson Rosen wrote:
> On 1/6/20 8:45 PM, Ken D'Ambrosio wrote:
> 
> Buffered in journald,  maybe?

GNU bless you, good sir.  Did the trick -- and a good thing, as it was 
still happily spamming away.

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Runaway log...

[Ken D'Ambrosio]

OK, guys.  CentOS 7.1.  I've got an OpenStack process that wigged out 
and was logging like crazy to /var/log/messages.  So I killed it.  FORTY 
FIVE MINUTES AGO.  And still, log lines that must've been buffered... 
somewhere, are flying into the messages file.  Gigabytes of them, e.g.,

Jan  6 20:42:56 sca1-drstack01 neutron-server[27127]: Exception 
RuntimeError: 'maxiException mum RuntimeErrorr: e'cmuaxrismuim roencu 
rdsieonp tdehp the xecxcddede wdhi lew cahlillien gc aal lPiyntgh 
oan  Poybtjheocnt 'o in bject'> ignored

Now, 27127 is dead, gone, not in the process table.  Not a zombie, not 
nothing.  I restarted the syslog... and the logging stopped for a few 
seconds, and then restarted.  How in blazes do I find what's buffering 
the logs, and how do I flush it?!

I've run into this once before and did *something*, but damned if I can 
remember what.  All ears; my disk space is finite.  (I've already 
truncated the file twice.)

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: SSH and domain wildcards.

[Ken D'Ambrosio]

On 2019-11-07 14:54, Bobby Casey wrote:

On Wed, Nov 6, 2019 at 11:36 PM Joshua Judson Rosen  wrote: 


i.e.: you just got the order backward :)


So what you're trying to say is "Ken should read the fluffy manual"?


The *next* time you manage to blow all the caps on your video card,
buddy, go find someone *else* to help you troubleshoot.___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

SSH and domain wildcards.

[Ken D'Ambrosio]

OK.  Feeling kinda dumb.  So!

===
$ head -6 ~/.ssh/config
Compression yes
ForwardX11 yes
User kdambrosio

Host *.foo.com
   User ken
===
So I've got kdambrosio (my work username) as my default, however, when I 
try to log into bar.foo.com, it's not using "ken", it's using 
"kdambrosio".  Can someone show me where I'm screwing up?

Thank you kindly,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Edit over SSH.

[Ken D'Ambrosio]

Hi, all.  In Emacs, it's trivially easy to open a file on a remote host:

emacs /user@host:/path/to/file

And while I *do* enjoy Emacs, I admit that some of the other IDE/editors 
I've seen look kind of nifty.  But opening files via SSH is really, 
really handy -- to the point where I consider it a dealbreaker to not 
have it.  I found Visual Code can do SSH, but you have to (at least, by 
my reading) set up per-host profiles, etc.  Bleh.  I know that vim can 
do it, but I'm just not a vim guy.  I'm just not interested in doing 
some out-of-the-box thing like sshmount (or whatever it is).  So, at the 
end of the day, anyone have an editor they enjoy where it's as easy to 
open a file over SSH as it is in Emacs?

Thanks for any thoughts you might have...

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Multiple IPv4 addresses per NIC (w/o aliases, VLANs, etc.)

[Ken D'Ambrosio]

So, I didn't know this was "a thing."  And, apparently, "ifconfig" 
doesn't know it, either.  However, with "ip addr add", you can assign 
multiple IPv4 addresses to a given interface:

methusalah # ifconfig tun0
tun0: flags=4305  mtu 1500
 inet 192.168.23.50  netmask 255.255.255.255  destination 
192.168.23.49
 inet6 fe80::6d4d:9731:4512:1f75  prefixlen 64  scopeid 
0x20
 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
txqueuelen 100
(UNSPEC)
 RX packets 0  bytes 0 (0.0 B)
 RX errors 0  dropped 0  overruns 0  frame 0
 TX packets 9  bytes 432 (432.0 B)
 TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

methuselah FAQ # ip addr add 10.20.30.40/32 dev tun0

methuselah FAQ # ip addr show tun0
4: tun0:  mtu 1500 qdisc 
fq_codel
state UNKNOWN group default qlen 100
 link/none
 inet 192.168.23.50 peer 192.168.23.49/32 scope global tun0
valid_lft forever preferred_lft forever
 inet 10.20.30.40/32 scope global tun0
valid_lft forever preferred_lft forever

And yet ifconfig doesn't even show the new info.  Note that this is 
dinstinct from "tun.0" or "tun:0" (VLAN and alias, respectively).

Is the ability to have multiple v4 addresses against a given NIC a new 
feature?  Is it somehow bogus?  Maybe it's an extension of the way that 
v6 works, since v6 has always allowed multiple addresses/NIC -- perhaps 
aliases are deprecated?

Just wondering if anyone else has noticed this...

-Ken

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Russian incursion... to my bulletin board.

[Ken D'Ambrosio]

Hey, all. I belong to the last of a dying breed, a bulletin board.  (No, 
we no longer do dialup; it's accepted telnet since '90 or so.)  And it's 
currently under the purview of someone, though he hasn't been able to 
give it the attention it needs, so I think it's about to go to Digital 
Ocean.  (Indeed, as I type this, it's offline -- which is responsible 
for the whole line of thinking for this e-mail.)  Migration would 
normally be unremarkable, and not require an e-mail here, but... the 
damn Russian botnet problem (the one that brought Dyn down last year) 
has also caused us an issue.  The current admin has largely mitigated it 
through blacklists, but I was wondering if there might be a more 
graceful approach.  Issue: the botnet attempts to expand by searching 
for other embedded devices (generally, cameras)... by way of port 23.  
Telnet.  At any given time, we may have a dozen bogus connections from 
botnets, all trying to log in as "admin".  Of course, they fail, but 
they chew up ports, and seem to even have uncovered a bug in the BBS 
code, just by raw number of connections.  Can anyone think of a way to 
act as a proxy and:
* Accept a telnet connection
* Offer a login prompt
* Reject/close the connection if the username offered is "admin"
* Forward on the connection/credentials and act as a proxy if it's 
literally anything else?

I've taken a stab at it in Ruby, but seem to have issues understanding 
exactly how the telnet module works...

Thanks kindly for any thoughts or insights,

-Ken

P.S.  If/when it comes back up: telnet://bbs.iscabbs.com if you're that 
interested in logging in like it's 1993.  Apologies to Prince.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: bandwidth capture question

[Ken D'Ambrosio]

Hey, Joshua.  Honestly, you're "doing it wrong," for a few reasons. 

* Capturing *everything* would be huge -- almost certainly fill up your
hard disk in relatively short order. 

* Wireshark isn't the thing to capture it with.  If you want that, dump
it using "tcpdump" (or its Windows equivalent), and then look at it
later, with Wireshark. 

* But, as noted in the initial point, that gets big, VERY fast. 
Instead, I would recommend just watching metrics -- does Windows show
byte counts on an interface?  If so, monitor that minute-by-minute.  Or
-- probably an even better choice -- get some software that will monitor
per-IP usage.  Though others may have actual suggestions on software to
use, as I don't. 

However, NONE of that will even work if you don't have a switch set up
with port mirroring.  Ethernet these days is switched, which means that
simply plugging into the same switch will only show you broadcast
traffic, not point-to-point traffic.  So you'd miss out on something
like 99% of the data.  Given the scenario you mention (basically,
"Comcast modem"), I think you'll probably need to pick up a smart
Ethernet switch -- one that has port mirroring -- to even get started
down this road. 

All of this is relatively non-trivial, but could probably be worked
through if you're really trying to make it happen. 

-Ken 

On 2018-05-04 13:09, jsf wrote:

> Hi friends, 
> 
> I am IT dir. at a small independent school in CT nowadays.  I have a comcast 
> modem.  my firewall plugs into a wired port in the comcast modem.  I have an 
> old PC running windows 8.1.  I have installed wireshark on the old PC.  I 
> have plugged the old PC's network interface into another wired port on the 
> comcast modem.  Ideally I would like to use wireshark to capture EVERYTHING 
> going across the modem - basically everything that is going in and out of the 
> connection between the modem and my firewall.  I am at a loss w/r/t how to 
> set this up properly. 
> 
> a step-by-step how to, or even a quick shared screen session or phone call 
> would be appreciated. 
> 
> I am trying to get a sense regarding the schools' bandwidth usage.. we have 
> 150/25 over coax.  i think performance is pretty good most of the time (we 
> are a small school).. but not everyone agrees with me.  If we have too little 
> bandwidth (are hitting a max periodically) I'd like to know that. 
> 
> Thanks in advance for help with this and recommendations about anything else 
> I should put on this old PC to help with this exercise. 
> 
> best wishes, 
> 
> Joshua
> -- 
> 
> [1]
> 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

 

Links:
--
[1] http://www.linkedin.com/in/jfreeman___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Amusing "Wups."

[Ken D'Ambrosio]

I just told my daughter that there was another song, "Hello," that was 
popular before Adele's version.  Shockingly, however, Alexa seemed 
unfamiliar with it when I told her, "Alexa, play 'Hello', by Dennis 
Ritchie."

D'oh.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: ARP weirdness.

[Ken D'Ambrosio]

I'm guessing it was some sort of broadcast storm.  Though a very 
confusing one -- if I unplugged the cable, it stopped.  Plug it back in, 
and lo!  Starts again.  However, I finally gave up trying to supply the 
VLAN to the Linux box by way of a trunk, and just plugged the 
(still-tagged) interfaface straight in... and all was fine.  So I guess 
I don't care (the box has, like, a zillion interfaces), but I'm still 
pretty darn confused by it.

-Ken

On 2017-11-10 18:48, Ben Scott wrote:
> On Wed, Nov 8, 2017 at 4:49 PM, Ken D'Ambrosio <k...@jots.org> wrote:
>> Ubuntu box acting as a router for some subnets.
>> 
>> [192.168.200.12] <-1302 VLAN->[switch]<-1302 VLAN->switch<-1302 VLAN->
>> [router @ 192.168.200.1]
> 
> So, to clarify, the Ubuntu box is at .1?  What is .12?
> 
> Can you give a concise description of what else is on the VLAN?
> 
>> The link is getting utterly spammed with ARP requests for
>> 192.168.200.12.
> 
> How are you determining this?  Packet sniffer?  If so, where?
> 
> Are these ARP requests originating from the .1 box?  You have verified
> this by MAC address of the sending system?  If you unplug .1 to test,
> does the flood stop?
> 
> One thought that immediately occurs to me is a broadcast loop.  Any
> chance of a physical loop (e.g., cable plugged into two switch ports
> on the same VLAN)?  Are you running spanning tree any/everywhere?
> 
> What are the switches?  Any particular config applied to the VLANs,
> beyond the VLAN itself?  Any weird config applied to the switch in
> general?
> 
> -- Ben
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

ARP weirdness.

[Ken D'Ambrosio]

Hey, guys.  Have an Ubuntu box acting as a router for some subnets.  I 
have one VLAN, 1302, on which subnet 192.168.200.0/24 resides.  The 
network looks a bit like this:

[192.168.200.12] <-1302 VLAN->[switch]<-1302 VLAN->switch<-1302 VLAN-> 
[router @ 192.168.200.1]

The link is getting utterly spammed with ARP requests for 
192.168.200.12.  Tens of thousands a second.  AND it's also getting 
spammed (at a much reduced rate) with ARP responses.  That, in-and-of 
itself is already pretty confusing.  But what trumps it is the fact that 
the Linux box *already has 192.168.200.12 and the corresponding MAC in 
its local ARP table*.  Thus precluding the need to even make ARP 
requests, much less tens of thousands a second.  The box has been 
booted; it made no apparent difference.

W. T. F.

I'm kinda stumped on this, and would gladly accept any ideas...

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is Amazon AWS/EBS snapshotting just LVM, or what?

[Ken D'Ambrosio]

I would say it's unlikely to be LVM, because LVM is content-ignorant; it 
snapshots the entire volume, which is inefficient, and when you're 
Amazon, you care a LOT about being efficient.  Instead, I imagine 
they're using some content-aware CoW solution such as ZFS.  But, 
whatever mechanism, I agree with your opinion: I doubt that their 
solution -- almost certainly CoW of some sort -- stands a chance of 
being more than even slightly impactful.

$.02, YMMV and other assorted disclaimers,

-Ken


On 2017-09-28 13:16, Joshua Judson Rosen wrote:
> I'm working on a project that uses Amazon AWS-provided VPS instances,
> and the other guy on the project is telling me that "snapshotting
> hourly may degrade performance",
> and I'm trying to determine where that's actually true. My gut feeling
> is that it sounds kind of bogus.
> 
>> From the information I've been able to find about how Amazon's stuff 
>> works (either in terms
> of how it's _implemented_ [for which I'm finding basically no insight]
> or how it's _characterized_
> [in the engineering sense, not the literary sense]...), it really
> sounds a _lot_ like Amazon
> is just using LVM snapshots, e.g. from 
> :
> 
>   "snapshots can be done in real time while the volume is attached and 
> in use.
>However, snapshots only capture data that has been written to your
> Amazon EBS volume,
>which might exclude any data that has been locally cached by your
> application or OS."
> 
>   "By design, an EBS Snapshot of an entire 16 TB volume should take no
> longer than the time
>it takes to snapshot an entire 1 TB volume. However, the actual time
> taken to create
>a snapshot depends on several factors including the amount of data
> that has changed
>since the last snapshot of the EBS volume."
> 
> ... though I'm not entirely sure how to interpret that last bit about
> "time taken to create a snapshot
> depends on... the amount of data that has changed since the last 
> snapshot";
> the _first half of that statement_ reads as "creating a snapshot is
> constant time",
> which basically screams to me "copy-on-write just like LVM, and
> they're probably implemented
> in terms of LVM".
> 
> Any insight here as to whether my gut is correct on this, or whether
> I'm actually likely
> to notice an impact from hourly snapshots of, say, a 200-GB volume?
> How about a 1-TB volume?
> 
> The only thing I'm seeing from Amazon that seems to _vaguely_ support
> (maybe) the notion
> that `snapshotting too often' would be something to worry about is
> this bit from elsewhere
> in that same FAQ page (under the heading of "performance", whereas the
> others were
> under the heading of "snapshots" and a subheading of "performance
> consistency of my HDD-backed volumes":
> 
>   Another factor is taking a snapshot which will decrease expected
> write performance
>   down to the baseline rate, until the snapshot completes.
> 
> ... and, taken in the context of the previously-cited notes about
> snapshots being
> `not base on volume-size but maybe influenced by
> changed-since-last-snapshot set size'
> (and in the context of the explanations they give for HDD-backed vs.
> SSD-backed storage),
> I'm basically reading that as:
> 
>   `if you're using HDD-backed storage then it's because you care about
> *throughput*
>more than *response time* and are likely to be monitoring throughput,
>and if you're monitoring throughput you may notice a *momentary dip
> in throughput*
>as the *HDDs* need to seek around to find the volume boundaries and
> set up the COW records.'
> 
> Even if you don't have any insight into what's actually happening
> under the covers at Amazon,
> does my reading of all of this sound right to you?
> 
> And, perhaps more interestingly, are these same caveats from Amazon
> generally applicable to LVM?
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Ruby slow to launch (was L-o-n-g delay for rc.local in systemd on Ubuntu.)

[Ken D'Ambrosio]

Well, I don't know what was wrong with catting random data to 
/dev/random and /dev/urandom, but it didn't to diddly.  "apt install 
haveged", howver, and I'm now booting in ~20 seconds instead of 3 - 5 
minutes.  (It adds entropy -- or, if you prefer, "entropy" -- by seeing 
how long certain things take to execute, and then doing it again, and 
again, and looking for deltas.)

#winning

Thanks, all...

-Ken


On 2017-08-08 15:18, Joshua Judson Rosen wrote:
> On 08/08/2017 02:52 PM, Ken D'Ambrosio wrote:
>> On 2017-08-08 14:43, Bill Freeman wrote:
>>> I don't know, but getrandom() may well be using /dev/urandom (or a
>>> related facility).  And that, in turn, might be waiting to "collect
>>> sufficient entropy".  So some network traffic, keystrokes, whatever,
>>> need to happen between boot time and the first random emission, or
>>> that first "random" number becomes predictable.  Since random numbers
>>> are often used cryptographically, predictability is a bad thing.
>> 
>> True, but there's debate about just *how* predictable, etc. Not a
>> subject for this particular thread, but I'd be perfectly happy with 
>> udev
>> almost-as-random.
>> 
>>> As to why ruby is designed to require a random number before being
>>> asked to do something dependent on such a random number is a question
>>> for the ruby developers.
>> 
>> Email already sent. :-)
>> 
>>> Re-linking /dev/urandom will probably break lots of things.  Maybe 
>>> run
>>> your script in a chroot jail that has a different /dev/urandom could
>>> work.
>> 
>> Alas, no -- I'm doing various admin chores, and a chroot won't be
>> helpful.
>> 
>>> Is your script too complex to rewrite in bash?  Not a general
>>> solution, but as a workaround it has its appeal.
>> 
>> *sigh* This is probably where I'm gonna wind up (or Perl, or Python).
>> Except I've now written a good handful of scripts that people are
>> waiting on, and it's gonna cause me physical pain to have to re-do 
>> them
>> at this point.
>> 
>> C'est la vie.  I guess that's the way the Ruby crumbles...
> 
> Instead of rewriting the whole thing, why not just seed the RNG 
> manually?
> 
> Slightly relevant-looking discussion BTW:
> 
> https://bugs.ruby-lang.org/issues/9569#note-56
> 
> ... mainly in that it points to the updated random(4) Linux man page,
> which says:
> 
>The  /dev/random  interface  is  considered  a  legacy  
> interface,  and
>/dev/urandom is preferred and sufficient in all  use  cases,  
> with  the
>exception  of  applications  which require randomness during 
> early boot
>time; for  these  applications,  getrandom(2)  must  be  used  
> instead,
>because it will block until the entropy pool is initialized.
> 
> So, there you go. "until the entropy pool is initialized" is apparently
> about 3 minutes in your case ;)
> 
> You should be able to explicitly seed Ruby's internal RNG,
> or explicitly seed the system RNG by writing bytes into
> /dev/random or /dev/urandom.
> 
> If you want `instant good entropy' at boot, you can even store
> some random data into a file at shutdown and then seed from that file
> at boot (be sure to invalidate that cache before seeding from it 
> though,
> to ensure that you don't use the same seed twice!). IIRC there are
> some preexisting packages for this, and some distributions even do it
> by default.
> 
> If you write a systemd service, it looks like you can depend on
> systemd-random-seed.service.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Ruby slow to launch (was L-o-n-g delay for rc.local in systemd on Ubuntu.)

[Ken D'Ambrosio]

On 2017-08-08 15:18, Joshua Judson Rosen wrote:

>The  /dev/random  interface  is  considered  a  legacy  
> interface,  and
>/dev/urandom is preferred and sufficient in all  use  cases,  
> with  the
>exception  of  applications  which require randomness during 
> early boot
>time; for  these  applications,  getrandom(2)  must  be  used  
> instead,
>because it will block until the entropy pool is initialized.
> 
> So, there you go. "until the entropy pool is initialized" is apparently
> about 3 minutes in your case ;)

Yeah... getrandom() apparently pings /dev/urandom by default which, as 
per the getrandom manpage, blocks until it has entropy.  Sounds like 
we've wound up at much the same place: I took some data off of 
/dev/random, stored it in a file, and am feeding that to /dev/urandom at 
boot time (and re-seeding the file after five minutes' uptime).  Alas 
(because, you know, deadline), that doesn't seem to be working.  Which 
is really, really annoying.  I'm *still* blocking for three-to-five on 
getrandom().

I guess it's time to cut my losses and start this in a different 
language.  I mean, most of the hard stuff was figuring out *how* to do 
things, but I admit, my Perl and Python have grown rusty as I've enjoyed 
my Ruby...

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Ruby slow to launch (was L-o-n-g delay for rc.local in systemd on Ubuntu.)

[Ken D'Ambrosio]

On 2017-08-08 14:43, Bill Freeman wrote:
> I don't know, but getrandom() may well be using /dev/urandom (or a
> related facility).  And that, in turn, might be waiting to "collect
> sufficient entropy".  So some network traffic, keystrokes, whatever,
> need to happen between boot time and the first random emission, or
> that first "random" number becomes predictable.  Since random numbers
> are often used cryptographically, predictability is a bad thing.

True, but there's debate about just *how* predictable, etc. Not a 
subject for this particular thread, but I'd be perfectly happy with udev 
almost-as-random.

> As to why ruby is designed to require a random number before being
> asked to do something dependent on such a random number is a question
> for the ruby developers.

Email already sent. :-)

> Re-linking /dev/urandom will probably break lots of things.  Maybe run
> your script in a chroot jail that has a different /dev/urandom could
> work.

Alas, no -- I'm doing various admin chores, and a chroot won't be 
helpful.

> Is your script too complex to rewrite in bash?  Not a general
> solution, but as a workaround it has its appeal.

*sigh* This is probably where I'm gonna wind up (or Perl, or Python).  
Except I've now written a good handful of scripts that people are 
waiting on, and it's gonna cause me physical pain to have to re-do them 
at this point.

C'est la vie.  I guess that's the way the Ruby crumbles...

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Ruby slow to launch (was L-o-n-g delay for rc.local in systemd on Ubuntu.)

[Ken D'Ambrosio]

Well, I tried Tom's solution, and it made not a whit's worth of 
difference.  Because, assuming my ignorance about systemd equated with 
slow boot time, I hadn't troubleshot further than that.  Turns out that 
it's *Ruby's* fault.  A command like this:
ruby -e 'puts 1'
is blocking for *THREE MINUTES OR MORE* on getrandom() for the first 
post-boot execution.  (Subsequent ones run fine.)  Which leads to all 
sorts of questions:
* Why in the Hell do we care about getrandom() when we're printing an 
integer??
* Couldn't we just use /dev/urandom and be done with it?
* So much etc.

I love Ruby -- a lot -- but this is bash-my-head-against-the-monitor 
bad.

Any suggestions?  Simply renaming /dev/random to something else and 
doing "ln -s /dev/urandom /dev/random" doesn't seem to be doing the job.

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

L-o-n-g delay for rc.local in systemd on Ubuntu.

[Ken D'Ambrosio]

Hey, all.  I've got some stuff in my rc.local, and it takes *forever* to 
execute -- three+ minutes.  (Note that the machine -- a virtual one -- 
is up in something like 20 seconds.)  I *need* this stuff, which is 
lightweight in the extreme, to execute much more quickly than that.  
Anyone have any ideas on how to make that happen?

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Linux for time lapse and wifi?

[Ken D'Ambrosio]

On 2017-06-28 10:31, Richard Kolb II wrote:
> Hello all,
> 
> I'm looking into using a pine a64 running ubuntu mate to setup a time
> lapse photo using a standard digital camera controlled over USB. I
> haven't done a ton of research into it yet, but I wanted to see if
> anyone else has done something similar and had some advice/opinions. I
> was thinking of setting this up first as a way to capture an event
> going on, and second as a wildlife/security camera.

Well, I bought the Pinebook, and -- given its price, among other things 
-- seems like it would do a fine job using its webcam.  But if you want 
high quality stuff, I suppose a "real" camera is the way to fly, and not 
a webcam (be it part of a Pinebook or something external).

> I'm also thinking about using it as a wifi access point, the location
> that it'll be installed, a remote house in Maine, will have a dsl
> connection, but right now I don't have a wireless router, and since I
> have this handy I thought I'd take advantage.

I set up my RasPi 3 as a WAP, and I have to say, it just didn't work 
that well -- egregiously slow, and low power to boot.  I guess the 
system is underpowered for the task, based on the reading I did.  I'd 
have to recommend using a stock WAP to make that happen -- bet you could 
find one for $15 on Craigslist or something.

$.02,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Need to copy a 200GB directory

[Ken D'Ambrosio]

200 GB on locally mounted filesystems just isn't all *THAT* much.  I'm 
not quite sure how you'd use 'dd', but cp or rsync should do the trick 
just fine.  Note that rsync has the added benefit of being able to, 
essentially, start from where you failed -- but I usually reserve that 
for network file transfers that take long enough I'm worried a brownout 
or something might interrupt it.

$.02,

-Ken


On 2017-06-26 15:11, Charles Farinella wrote:
> We need to copy a large (200+GB) directory from one filesystem to
> another, both locally mounted.
> 
> I'm unsure as to what I should use to do this, cp, rsync, dd?
> 
> Any suggestions appreciated.
> 
> Thanks.
> 
> --charlie
> 
> Charlie Farinella
> Systems Administrator
> Appropriate Solutions, Inc.
> 1-603-924-6079
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: What's the strategy for bad guys guessing a few ssh passwords?

[Ken D'Ambrosio]

"What's the point?" C'mon, Ted. You know better than that. The point is people 
with weak passwords. Remember the Dyn DDoS? That was brought on entirely by 
devices with default passwords. As is a RasPi attack I read about on Slashdot 
just this AM. Say 90% of servers/devices follow good security practices -- that 
still leaves 10% that are susceptible. I imagine even a 1% return would still 
get you a pretty sweet botnet. So, in my estimation at least, that is the point.

$.02,

-Ken

On June 11, 2017 10:17:35 AM EDT, Ted Roche  wrote:
>For 36 hours now, one of my clients' servers has been logging ssh
>login attempts from around the world, low volume, persistent, but more
>frequent than usual. sshd is listening on a non-standard port, just to
>minimize the garbage in the logs.
>
>A couple of attempts is normal; we've seen that for years. But this is
>several each  hour, and each hour an IP from a different country:
>Belgium, Korea, Switzerland, Bangladesh, France, China, Germany,
>Dallas, Greece. Usernames vary: root, mythtv, rheal, etc.
>
>There's several levels of defense in use: firewalls, intrusion
>detection, log monitoring, etc, so each script gets a few guesses and
>the IP is then rejected.
>
>In theory, the defenses should be sufficient, but I have a concern
>that I'm missing their strategy here. It's not a DDOS, they are very
>low volume. It will take them several millennia to guess enough
>dictionary attack guesses to get through, so what's the point?
>
>-- 
>Ted Roche
>Ted Roche & Associates, LLC
>http://www.tedroche.com
>___
>gnhlug-discuss mailing list
>gnhlug-discuss@mail.gnhlug.org
>http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Multiple default gateways.

[Ken D'Ambrosio]

Hey, all.  This is something I've tried (and failed) to get working for 
time out of mind.  Recently, I'd come to need it yet again -- this time 
in virtualland: I needed multiple NICs on the same VM able to respond to 
external queries, often off the same subnet.  And I needed them 
responding via the NIC the query came in on.  We'd been making this 
"work" by setting up lots of static host routes and stuff, but it still 
felt as hokey as it had in years past.  Then someone on a BBS I'm on 
pasted this link:
https://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/

I'd fooled around with policy based routing -- even bought a book! -- 
but it just never "clicked," and none of the examples I saw online (as, 
indeed, the page also proclaims) showed exactly how to do what I wanted 
to do.  But now I have a VM with queries being responded to by the NIC 
the query comes in on.  The stock default gateway still works for 
internally originated packets, but inbound packets are now "bound" to 
the NIC they come in on.

And there was great rejoicing.  (I just won $10 from myself that I've 
had hanging on my cube wall for two years.)

Anyway... yeah.  I'm happy.  Thought others might find it useful, too.

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Avahi/mdns resolution.

[Ken D'Ambrosio]

Yay, strace.  I'm guessing people don't use Avahi for service discovery 
a whole bunch these days -- at least, on Ubuntu 16.04.  (Which makes me 
wonder what people *do* use -- if anyone has a suggestion for service 
discovery on a network where *no* IPs are known in advance, I'm all 
ears.)  Anyway:
Strace output:
connect(4, {sa_family=AF_LOCAL, 
sun_path="/var/run/avahi-daemon/socket"}, 110) = -1 EACCES (Permission 
denied)

root@clients-1:~# ls -ald /var/run/avahi-daemon/
drwx-- 2 avahi avahi 80 Mar 27 05:35 /var/run/avahi-daemon/

root@clients-1:~# chmod 777 /var/run/avahi-daemon/
root@clients-1:~# ping kentest.local
PING kentest.local (192.168.243.16) 56(84) bytes of data.
64 bytes from 192.168.243.16: icmp_seq=1 ttl=64 time=1.31 ms
64 bytes from 192.168.243.16: icmp_seq=2 ttl=64 time=0.742 ms

Weird, I tells ya'.  *wanders off to file a bug report*

-Ken

-

On 2017-03-27 10:17, Ken D'Ambrosio wrote:
> Hi, all.  For service discovery on a cloud subnet, I'm trying to get 
> the
> different VM's to resolve each other -- by strong preference, 
> seamlessly
> -- via Avahi.  And it works... kinda:
> 
> root@clients-1:~# avahi-resolve -n -4 kentest.local
> kentest.local 192.168.243.16   # This is a good thing
> 
> 
> These, not so much good:
> root@clients-1:~# ping kentest.local
> ping: unknown host kentest.local
> root@clients-1:~# host kentest.local
> Host kentest.local not found: 3(NXDOMAIN)
> 
> 
> Here's my pertinent nsswitch line:
> hosts:  files mdns4_minimal [NOTFOUND=return] dns
> 
> 
> Since the daemon is clearly replying with correct info, I assume I'm
> doing something wrong client-side (though as I've never done this
> before, I guess it could still be a server-side issue).  Any hints or
> ideas?
> 
> Thanks,
> 
> -Ken
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Avahi/mdns resolution.

[Ken D'Ambrosio]

Hi, all.  For service discovery on a cloud subnet, I'm trying to get the 
different VM's to resolve each other -- by strong preference, seamlessly 
-- via Avahi.  And it works... kinda:

root@clients-1:~# avahi-resolve -n -4 kentest.local
kentest.local   192.168.243.16   # This is a good thing


These, not so much good:
root@clients-1:~# ping kentest.local
ping: unknown host kentest.local
root@clients-1:~# host kentest.local
Host kentest.local not found: 3(NXDOMAIN)


Here's my pertinent nsswitch line:
hosts:  files mdns4_minimal [NOTFOUND=return] dns


Since the daemon is clearly replying with correct info, I assume I'm 
doing something wrong client-side (though as I've never done this 
before, I guess it could still be a server-side issue).  Any hints or 
ideas?

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Traffic shaping.

[Ken D'Ambrosio]

On 2017-01-10 14:17, Joshua Judson Rosen wrote:

> Well, that's the other thing that actually wasn't clear:
> whether "an OpenVPN network" meant a multitude of OpenVPN clients
> all connecting individually to a single server (N:1),
> or a network that's being routed (or bridged) through a single
> OpenVPN tunnel between local+remote OpenVPN nodes (1:1).
> 
> If you need the N:1 case to work, I'll have to defer to
> someone else who's actually familiar with QoS management. :\

And that's pretty much where I find myself. :)

Thanks for kicking the tires!!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Traffic shaping.

[Ken D'Ambrosio]

On 2017-01-10 13:47, Joshua Judson Rosen wrote:
> On 01/10/2017 01:28 PM, Ken D'Ambrosio wrote:
>> Hey, all.  I've got an OpenVPN network talking to a server at a remote
>> site over the corporate WAN.  (Reasons for this are complex, and I 
>> won't
>> bore you with them, but please trust me that this setup was required
>> "because IT.")  Anyway, I'd like to throttle the bandwidth going both
>> ways.  Unfortunately, OpenVPN only throttles on the client side going
>> one way, and not at all on the server side.
> 
> Are you actually setting the OpenVPN shaper option on both the client
> *and the server*, or only on the client?

Apparently, irrelevant: it does not work on server:

https://community.openvpn.net/openvpn/ticket/413
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Traffic shaping.

[Ken D'Ambrosio]

Hey, all.  I've got an OpenVPN network talking to a server at a remote 
site over the corporate WAN.  (Reasons for this are complex, and I won't 
bore you with them, but please trust me that this setup was required 
"because IT.")  Anyway, I'd like to throttle the bandwidth going both 
ways.  Unfortunately, OpenVPN only throttles on the client side going 
one way, and not at all on the server side.  I'm trying to use 
"wondershaper", but it's failing miserably; if I set it to send at 4000 
kpbs, it runs at 4000 kbps.  If I set it to throttle at 4, my 
traffic suddenly jumps to 128000 kbps.

"That's not right."

Can someone give me the magic incantation for throttling egress on tun0? 
  I've tried to pull from The Google, and have had spotty success (thus, 
the reason I'm trying wondershaper).

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Throttle everyone *except* one host.

[Ken D'Ambrosio]

 
Hey, all. I've got a geographically dispersed cloud -- the primary
control nodes are in MA, but compute nodes in Ottawa and Texas. I'd like
to throttle all traffic between the sites (said traffic goes through a
single Linux host I'll call a "firewall," though "nexus" would be
closer), EXCEPT for when they go to retrieve images, which reside on a
single server.

So, assuming (for simplicity's sake) that I have:


| - compute1 |
| - compute2 | - Ottawa/172.28.0.0/16
| - compute3 | 

 |
--
| eth0 |
| | - Firewall
| eth1 - 172.17.5.0/24 |
--
 | \
 --
| control1 | | image |
| control2 | | server |
 -- 
172.17.5.9 172.17.5.10 
172.17.5.8 

how would I go about throttling all communications through the host
(say, to 2 Mb/s), except for the image server? I'm afraid my iptables fu
is not strong enough to figure this out with certitude -- which is
something I'd really like to do, as someone's VM saturated our WAN
uplink overnight, and I've got IT mad at me now, so playing
whack-a-spike would be best to be avoided. 

Thanks, 

-Ken ___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Upstart issues with Ubuntu 14.04.

[Ken D'Ambrosio]

I believe Ubuntu is perhaps one of the lesser-used distros in GNHLUG 
land, but I'm hoping someone here might be able to offer some insight.

I've got an Openstack install on Ubuntu 14.04 host systems, and after a 
hurricane-induced power outage over the weekend, one of our hosts won't 
boot -- it fails (seemingly) at loading an Openstack Neutron service.  
So, I figure I'll go into /etc/init.d/ and just chmod -x all the suspect 
services, see if it boots, and then manually load services.  Not so 
much; that had zero apparent impact on the services loading.

So then I did some reading up on Upstart, and found a whole bunch of 
places that the services *might* be loading from... none of which seemed 
to impact stuff.  I currently have the host booted by some serious 
cheating (I pulled a disk, went to "manual repair mode" when it whined 
about not being able to mount devices, and loaded services from there -- 
it completely fails to boot single-user), but how in blazes do I:

* See what services want to be loaded?
* See *where* they get loaded?
* Load them individually?

I've found some of the services mentioned in /etc/init/, /etc/init.d/, 
/etc/systemd/system/multi-user.target.wants/, /lib/systemd/system/, 
/var/lib/systemd/deb-systemd-helper-enabled/ and 
/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ .  
I tried playing around with most (all?) of those locations, to no avail. 
  Any insight into what I'm doing wrong would truly be most appreciated.

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: tech recruiters you like?

[Ken D'Ambrosio]

 

On 2016-09-01 14:39, Richard Kolb II wrote: 

> There's a GNHLUG jobs list?

http://wiki.gnhlug.org/twiki2/bin/view/Www/MailingLists#Jobs_gnhlug_jobs


> Richard Kolb II 
> 
> On Thu, Sep 1, 2016 at 2:27 PM, Ken D'Ambrosio <k...@jots.org> wrote:
> 
> I've gotten one (1) job -- a contracting gig -- by way of a headhunter, clear 
> back in '91. Since then, I've left my name with a few headhunters, but have 
> gotten no good leads, and one headhunter flat-out tried to screw me over. (Or 
> lied. Or both.) Since I moved to NH in '93, I've gotten one job via Usenet, 
> and the remaining four by way of personal networking. I guess it's hard to 
> overstate just how important that is. One thing to consider is the GNHLUG 
> jobs list, which is how I got my most-recent[-1] job. 
> 
> -Ken 
> 
> On 2016-09-01 13:52, Arc Riley wrote: 
> My experience with recruiters is an extremely high signal:noise ratio. 
> Increasingly, recruiters (not company staff) are conducting phone interviews, 
> setting up on-site interviews themselves, and provide little to no 
> information on the actual position you're interviewing for. 
> I've had recruiters line up job interviews "that you're a perfect match for" 
> that turn out to be for .Net, Ruby, even one that was a windows sysadmin 
> position. I've also shown up for interviews which were not actually scheduled 
> (including Google, who flew me to NYC without actually scheduling the 
> interview) or shown up to find a waiting area full of applicants with staff 
> scrambling to conduct "speed dating" style 15 minute interviews. 
> After it all my recommendation is to mark any contact from a recruiter as 
> spam. To +1 previous advice on this thread, the best way to find a job is 
> going to meetups and making personal connections with employees. 
> 
> On Thu, Sep 1, 2016 at 11:41 AM, Richard Kolb II <richard.k...@gmail.com> 
> wrote:
> 
> I would have to agree with the personal network comments. The last job that I 
> applied for, and got, was in 2003. I've had 3 jobs since then, and they've 
> all been through contacts from linkedin or a personal reference. 
> 
> Richard Kolb II 
> 
> On Wed, Aug 31, 2016 at 9:54 PM, Bill Ricker <bill.n1...@gmail.com> wrote:
> The ones i liked retired.
> 
> Outplacement firm i worked with most recently said % of jobs found
> through personal network is growing. Getting hired as an internal
> referral saves them the hassle of dealing with Monster or Zip or ... ,
> and is usually better per-screened by the referrer, for free. They
> recommended strong use of LinkedIn to reconstruct who you used to know
> so you can leverage their eyes and ears.
> 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1]

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] 

 

Links:
--
[1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: tech recruiters you like?

[Ken D'Ambrosio]

 

I've gotten one (1) job -- a contracting gig -- by way of a headhunter,
clear back in '91. Since then, I've left my name with a few headhunters,
but have gotten no good leads, and one headhunter flat-out tried to
screw me over. (Or lied. Or both.) Since I moved to NH in '93, I've
gotten one job via Usenet, and the remaining four by way of personal
networking. I guess it's hard to overstate just how important that is.
One thing to consider is the GNHLUG jobs list, which is how I got my
most-recent[-1] job. 

-Ken 

On 2016-09-01 13:52, Arc Riley wrote: 

> My experience with recruiters is an extremely high signal:noise ratio. 
> Increasingly, recruiters (not company staff) are conducting phone interviews, 
> setting up on-site interviews themselves, and provide little to no 
> information on the actual position you're interviewing for. 
> 
> I've had recruiters line up job interviews "that you're a perfect match for" 
> that turn out to be for .Net, Ruby, even one that was a windows sysadmin 
> position. I've also shown up for interviews which were not actually scheduled 
> (including Google, who flew me to NYC without actually scheduling the 
> interview) or shown up to find a waiting area full of applicants with staff 
> scrambling to conduct "speed dating" style 15 minute interviews. 
> 
> After it all my recommendation is to mark any contact from a recruiter as 
> spam. To +1 previous advice on this thread, the best way to find a job is 
> going to meetups and making personal connections with employees. 
> 
> On Thu, Sep 1, 2016 at 11:41 AM, Richard Kolb II  
> wrote:
> 
> I would have to agree with the personal network comments. The last job that I 
> applied for, and got, was in 2003. I've had 3 jobs since then, and they've 
> all been through contacts from linkedin or a personal reference. 
> 
> Richard Kolb II 
> 
> On Wed, Aug 31, 2016 at 9:54 PM, Bill Ricker  wrote:
> The ones i liked retired.
> 
> Outplacement firm i worked with most recently said % of jobs found
> through personal network is growing. Getting hired as an internal
> referral saves them the hassle of dealing with Monster or Zip or ... ,
> and is usually better per-screened by the referrer, for free. They
> recommended strong use of LinkedIn to reconstruct who you used to know
> so you can leverage their eyes and ears.
> 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1]

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] 

 

Links:
--
[1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

IPv6: it's probably about time I learned it.

[Ken D'Ambrosio]

But holy crow!  Most of the books I find are either from Cisco (and, 
therefore, Cisco-centric), or at least a decade old, and I know that 
some things have changed along the road to actual adoption and 
implementation.  Are there any resources that anyone can recommend -- 
electronic or dead tree -- that I should check out?

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Phone SPAM/SCAM

[Ken D'Ambrosio]

Since the Interwebs is never wrong, I tend to google phone numbers that 
annoy me.  Here's the first hit for the one you gave:
http://no-more-calls.com/276-258-0531/

Scam, indeed.

On 2016-06-27 16:07, mad...@li.org wrote:
> Hi,
> 
> Received this on my answering machine.  I do not know what type of
> scam this is, but I called
> the number using Skype and got what sounded like an East Indian voice
> who asked for my "case number" and when I told them I did not have a
> case number, they asked for my address
> and zip code so they could tell me what they had been calling for.
> 
> md
> 
>> "Message. I need you or your retained attorney of records to return 
>> the call.
>> The issue at hand is extremely time sensitive. My phone number is 
>> 276-258-0531.
>> Do not disregard this message and do return the call. Now if you don't 
>> return
>> the call and I don't hear from your attorney either then the only 
>> thing I can
>> do is wish you a good luck as the situation totally unfolds on you. 
>> Goodbye."
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Amber screen?

[Ken D'Ambrosio]

 

f.lux appears to be abandonware; redshift totally did the job. 

I am so one of the cool kids now. (Get it? Get it?) 

Thanks for indulging me... 

-Ken 

On 2016-04-26 11:08, Dan Garthwaite wrote: 

> I'm a fan of f.lux and redshift (the linux equiv). 
> 
> Was he running vintage terminal emulator Cathode?
> http://www.secretgeometry.com/apps/cathode/ [1]
> 
> Looks like the glass screen of a VT420 (in my experience) and friends.
> 
> https://www.jwz.org/images/cathode2.jpg [2]
> 
> On Tue, Apr 26, 2016 at 10:53 AM, Ryan Stack <4kby...@zoho.com> wrote:
> 
> Yes that's probably f.lux, it has OS X version. Great app.
> 
> Sent using Zoho Mail [3] 
> 
>  On Tue, 26 Apr 2016 07:45:21 -0700 Matt Minuti<matt.min...@gmail.com> 
> wrote  
> 
> My first thought was something like f.lux or twilight. Something to adjust 
> the color temperature. Is that about right? 
> On Apr 26, 2016 10:43 AM, "Ken D'Ambrosio" <k...@jots.org> wrote:
> Okay, Stupid Geek Question Time.
> 
> I'm at the Openstack Summit, and the room is awful dark. So I've got my
> screen's backlighting down to minimum. But someone up a few rows --
> probably on a Mac, the heathen -- has his screen in WYSE/amber mode, as
> far as I can tell. (Well, okay, so the stock WYSE didn't support
> graphics. Work with me.) Anyway, that's really cool -- both from the
> "wow, I love amber WYSE screens" perspective, and from a "let's not bug
> the people sitting behind me" perspective. I've done some googling, and
> haven't found anything of particular note, but I'm thinking if I could
> somehow modify the color palette to just choose amber, I'd be in decent
> shape.
> 
> Anyone have any ideas on how to make this happen? Or should I give up
> now and pay more attention to the keynote speaker?
> 
> Thanks,
> 
> -Ken
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] 
> ___ 
> gnhlug-discuss mailing list 
> gnhlug-discuss@mail.gnhlug.org 
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4]

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4]

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] 

 

Links:
--
[1] http://www.secretgeometry.com/apps/cathode/
[2] https://www.jwz.org/images/cathode2.jpg
[3] https://www.zoho.com/mail/
[4] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Amber screen?

[Ken D'Ambrosio]

Okay, Stupid Geek Question Time.

I'm at the Openstack Summit, and the room is awful dark.  So I've got my 
screen's backlighting down to minimum.  But someone up a few rows -- 
probably on a Mac, the heathen -- has his screen in WYSE/amber mode, as 
far as I can tell.  (Well, okay, so the stock WYSE didn't support 
graphics.  Work with me.)  Anyway, that's really cool -- both from the 
"wow, I love amber WYSE screens" perspective, and from a "let's not bug 
the people sitting behind me" perspective.  I've done some googling, and 
haven't found anything of particular note, but I'm thinking if I could 
somehow modify the color palette to just choose amber, I'd be in decent 
shape.

Anyone have any ideas on how to make this happen?  Or should I give up 
now and pay more attention to the keynote speaker?

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Mouse event problems

[Ken D'Ambrosio]

I've been bitten by bad mouse problems enough times that when I see 
symptoms like yours, it's pretty much my go-to.  I had someone in 
England call me some time back, and could *NOT* figure out her problem.  
Finally had her wipe her machine and start over... and it was still 
there.  Which is when I realized she was using an external, wireless 
mouse, and had her replace her batteries.

D'oh.

-Ken


On 2016-03-29 15:25, Tyson Sawyer wrote:
> On Mon, Mar 28, 2016 at 2:00 PM, Tyson Sawyer <ty...@j3.org> wrote:
>> On Fri, Mar 25, 2016 at 1:44 PM, Ken D'Ambrosio <k...@jots.org> wrote:
>>> That *VERY* much sounds like hardware.  Like, a lot.
>>> 
>>> 1) If it's a wireless mouse, change the batteries.
>>> 
>>> If it's *not* wireless, disable the trackpad and switch to a 
>>> different
>>> external mouse.  Assuming the issue goes away (which I bet it will),
>>> re-enable one, then the other, and see who's at fault.
>> 
>> This is looking like the cause.
> 
> I had originally considered and rejected that the problem was
> hardware, and I think with good reason.
> 
> ...the problem was hardware.  I have replaced the track ball and the
> problem is gone.
> 
> Thanks!
> Ty

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Mouse event problems

[Ken D'Ambrosio]

That *VERY* much sounds like hardware.  Like, a lot.

1) If it's a wireless mouse, change the batteries.

If it's *not* wireless, disable the trackpad and switch to a different 
external mouse.  Assuming the issue goes away (which I bet it will), 
re-enable one, then the other, and see who's at fault.

-Ken

On 2016-03-25 11:37, Tyson Sawyer wrote:
> I can't figure out what regexp to apply to the internet to find an
> answer to this.  I am running Mint Xfce 7.3 and it has been solid.
> But the past few weeks I've run into a few problems that seemed to
> come from nowhere.
> 
> I'm finding that mouse events are getting messed up.  The mouse
> pointer and keyboard seem to always work.  The mouse events do not.
> Sometimes widgets do not respond to mouse-over or clicks.  I've seen
> occasional phantom responses in when I didn't click.  I've seen
> buttons "depress" when clicked, but there is no other response.  It
> will often start as specific windows or specific regions of windows
> and or system menus.  It quickly degrades to no mouse functionality
> other than the pointer moving.   I haven't seen that the track pad
> behaves any different from the mouse.
> 
> I can temporarily clear the problem by switching to a text console and
> then back to X.
> 
> I have tried different kernel versions, older and newer.  The older
> and current had been working fine.  None of them work now.  I've tried
> a few varying from ~3.13 through 4.4.0.
> 
> I tried installing Cinnamon to see if it was an Xfce thing, but the
> behavior remained.
> 
> I haven't found a error log that provides any hints.
> 
> Any suggestions?  If I can't clear this up, I'm going to have to try a
> clean re-install which would be a major downer.
> 
> Thanks!
> Ty

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Boot-to-CLI distro?

[Ken D'Ambrosio]

 

Thanks for the suggestions, all. I tried to use the recommended
SystemRescueCD, but the download was s-l-o-w... (for all I know, was my
fault, but I didn't have 2+ hours to wait for it). Found this while
googling for similar things: https://en.altlinux.org/Rescue [5] . Half
the size, and downloaded in substantially less time (like, 15 minutes).
Boots straight to console, but also has other options (e.g., memtest,
rEFInd), and the console's a Debian variant, so I can apt-get to my
heart's content. 

-Ken 

On 2016-02-17 14:45, Shawn O'Shea wrote: 

> +1 for system rescue cd. 
> 
> As far as other handy utility distros. If I'm just resizing a partition, I'll 
> do gparted live (Gui but goes straight to gparted partition editor) and if 
> imaging (backup/restore) then Clonezilla Live. 
> 
> http://gparted.org/livecd.php [1]
> http://clonezilla.org/clonezilla-live.php [2] 
> 
> -Shawn 
> On Feb 17, 2016 2:15 PM, "Kyle Smith" <askr...@gmail.com> wrote:
> 
> Check out SystemRescueCD[1], which I'm sure can be burned to a USB drive. 
> Boots to a shell and comes with a ton of recovery tools and scripts to assist 
> in getting a broken system operable. 
> 
> - Kyle 
> [1]: https://www.system-rescue-cd.org/SystemRescueCd_Homepage [3] 
> 
> On Wed, Feb 17, 2016 at 2:04 PM Ken D'Ambrosio <k...@jots.org> wrote: 
> 
> On 2016-02-17 13:49, Brian Chabot wrote: 
> In GRUB, boot to init 1, single user mode.' 
> 
> Which is great. If you catch it. And if it doesn't override you (as some live 
> install disks I've seen, do). Hell -- I'd be happy with the "rw 
> init=/bin/bash" bit for all I need, but even that, for example, isn't cutting 
> the mustard on one server I've got. I guess I could spin my own, but I 
> figured someone out there probably had a 
> stick-it-in-and-boot-to-CLI-no-interaction-needed option in their back 
> pocket. 
> 
> -Ken 
> 
> Brian Chabot 
> 
> On Wed, Feb 17, 2016 at 1:46 PM, Ken D'Ambrosio <k...@jots.org> wrote:
> Hey, all. Many's the time I just want to go and fix something stupid --
> maybe wipe a disk, or edit a file -- and all I want is to be able to
> stick in a USB stick and wind up at said CLI. But most distros these
> days are GUI-based. And Ubuntu Server (say) boots to install, period,
> which is an
> extremely-stripped-down-to-the-point-of-useless-for-anything-other-than-install
> CLI.
> 
> Any middle ground someone could recommend?
> 
> Thanks!
> 
> -Ken
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4]

 ___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] 
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4]

 

Links:
--
[1] http://gparted.org/livecd.php
[2] http://clonezilla.org/clonezilla-live.php
[3] https://www.system-rescue-cd.org/SystemRescueCd_Homepage
[4] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
[5] https://en.altlinux.org/Rescue
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Boot-to-CLI distro?

[Ken D'Ambrosio]

 

On 2016-02-17 13:49, Brian Chabot wrote: 

> In GRUB, boot to init 1, single user mode.'

Which is great. If you catch it. And if it doesn't override you (as some
live install disks I've seen, do). Hell -- I'd be happy with the "rw
init=/bin/bash" bit for all I need, but even that, for example, isn't
cutting the mustard on one server I've got. I guess I could spin my own,
but I figured someone out there probably had a
stick-it-in-and-boot-to-CLI-no-interaction-needed option in their back
pocket. 

-Ken 

> Brian Chabot 
> 
> On Wed, Feb 17, 2016 at 1:46 PM, Ken D'Ambrosio <k...@jots.org> wrote:
> 
>> Hey, all. Many's the time I just want to go and fix something stupid --
>> maybe wipe a disk, or edit a file -- and all I want is to be able to
>> stick in a USB stick and wind up at said CLI. But most distros these
>> days are GUI-based. And Ubuntu Server (say) boots to install, period,
>> which is an
>> extremely-stripped-down-to-the-point-of-useless-for-anything-other-than-install
>> CLI.
>> 
>> Any middle ground someone could recommend?
>> 
>> Thanks!
>> 
>> -Ken
>> ___
>> gnhlug-discuss mailing list
>> gnhlug-discuss@mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1]

 

Links:
--
[1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Boot-to-CLI distro?

[Ken D'Ambrosio]

Hey, all.  Many's the time I just want to go and fix something stupid -- 
maybe wipe a disk, or edit a file -- and all I want is to be able to 
stick in a USB stick and wind up at said CLI.  But most distros these 
days are GUI-based.  And Ubuntu Server (say) boots to install, period, 
which is an 
extremely-stripped-down-to-the-point-of-useless-for-anything-other-than-install 
CLI.

Any middle ground someone could recommend?

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

iptables confusion.

[Ken D'Ambrosio]

Every time I think I'm getting to the point where I might understand IP 
Tables, I do something that proves that, no, I really don't.  Today's 
confusion:  I want to set up a virtual NIC to do port forwarding.  But 
first, I wanted to get the port forward part of the equation straight.  
So I wound up executing these commands:

iptables -t nat -A PREROUTING -p tcp --dport 8774 -j DNAT --to 
172.23.242.39:8774
iptables -A FORWARD -d 172.23.242.39 -p tcp --dport 8774 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE

Worked great.  I then did an "ifconfig eth0:1 172.23.9.139 netmask 
255.255.255.0" to see if I could telnet to port 8774 on it.  I could.  
So then I did "iptables --flush", and it did.  When I type "iptables 
--list", I now get:

Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Terrific.  Pretty much what I expected.  Telnetting to port 8774 on eth0 
fails, as expected... but telnetting to port 8774 on the virtual works 
great.  I even fired up Firefox to make sure, and youbetchya, it's 
interacting with the remote server.

Why?

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

[Spam: found @jots.org] Re: [Spam: found @jots.org] Re: Some of you may be interested in signing an H-1B related petition

[Ken D'Ambrosio]

 

On 2016-01-26 17:36, David Hardy wrote: 

> I sincerely hope it's not just Disney that gets sued, however; plenty of 
> other corporate malefactors and government enablers.

In other articles I read, it was clear that not only was Disney being
sued, but so were the contracting firms, themselves. Ah, here we go:
http://www.seattletimes.com/business/lawsuits-claim-disney-colluded-to-replace-us-workers-with-immigrants/
[8] (For some reason, the original story, at the Times, is now a borken
link. Go figger.) 

-Ken 

> On Tue, Jan 26, 2016 at 5:28 PM, Greg Kettmann  wrote:
> 
> I'm sure many of us read Slashdot. At any rate, perhaps there's hope from the 
> legal system. 
> 
> Disney IT Workers Allege Conspiracy In Layoffs, File Lawsuits [1] 
> dcblogs [2] writes with the latest in the laid off Disney IT worker saga [3]. 
> According to ComputerWorld: "Disney IT workers laid off a year ago this month 
> are now accusing the company and the outsourcing firms it hired of engaging 
> in a 'conspiracy to displace U.S. workers [4].' The allegations are part of 
> two lawsuits filed in federal court in Florida on Monday. Between 200 and 300 
> Disney IT workers were laid off in January 2015. Some of the workers had to 
> train their foreign replacements -- workers on H-1B visas -- as a condition 
> of severance. The lawsuits represent what may be a new approach in the attack 
> on the use of H-1B workers to replace U.S. workers. They allege violations of 
> the Federal Racketeer Influenced and Corrupt Organizations Act (RICO), 
> claiming that the nature of the employment of the H-1B workers was 
> misrepresented, and that Disney and the contractors knew the ultimate intent 
> was to replace U.S. workers with lower paid H-1B 
> 
> On 1/26/2016 12:23 PM, Richard Kolb II wrote: 
> 
> I will sign that, I will also add that I am a SW Engineer with 16 years of 
> experience, I've been laid off twice in that least few years, both times my 
> job being outsourced to India. I also think that we're not going to get much 
> traction, for the same reasons that David mentioned. 
> 
> On a side note, my father was also working for IBM around the time they 
> started outsourcing his job he took an early retirement. 
> 
> Rich 
> 
> Richard Kolb II 
> 
> On Mon, Jan 25, 2016 at 11:46 PM, David Hardy  
> wrote:
> 
> The malice-aforethought intent, in my opinion, is to actually put American 
> citizens out of work; I was laid off over two years ago from IBM and our jobs 
> were offshored to India and Slovakia. Unemployed ever since, other than 
> occasional contract and temp gigs, despite twenty years of solid IT 
> experience across multiple hw and sw platforms, most recently RHEL and 
> CentOS. 
> 
> And the government is evidently in bed with the corporations who engage in 
> this practice. Asking them to investigate is like unto asking the police to 
> investigate one of their seemingly endless brutality and/or civil rights 
> violations. 
> 
> "The petition is directed at U.S. Attorney General Loretta Lynch and asks her 
> to launch a formal investigation into the H-1B visa program." - See more at: 
> http://insight.ieeeusa.org/insight/content/policy/255071#sthash.SWgEL8YT.dpuf 
> [5]
> 
> Somehow I don't feel confident that the AG's office will lift a finger for 
> us, other than the usual mealy-mouthed PR platitudes and corporate-written 
> bromides.
> 
> Meanwhile they keep telling us how hard it is to find qualified American 
> workers to do these incredibly complex and intricate jobs. 
> 
> On Mon, Jan 25, 2016 at 11:57 AM, Bill Freeman  wrote: 
> 
> IEEE has an article here about abuse of the H-1B visa, putting citizens out 
> of work. It links to a petition asking the government to investigate.
> 
> See the article here: 
> http://insight.ieeeusa.org/insight/content/policy/255071 [6]
> 
> Bill
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [7]
> 
> -- 
> 
> Sent from whatever machine I might be on right now. 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [7]

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.orghttp://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
[7]

-

 [9]

This email has been checked for viruses by Avast antivirus software. 
www.avast.com [9] 

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [7]

-- 

Sent from whatever machine I might be on right now. 

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org

Re: Bill Sconce

[Ken D'Ambrosio]

Oh, what terrible news!  I still remember him for being a part of one of 
my daughter's high points: when she was six or so, she was completely 
fascinated with airplanes, so my wife -- ever the social organizer -- 
got a party for her down at a hanger at the Nashua airport, and the kids 
got to go up in pairs in a plane.  Not having been aware of Bill's 
aviation angle, I was completely surprised to find him there, and we had 
a most enjoyable chat.  An absolute blast was had by all; the kids loved 
all the plane stuff, and (I hope/think that) the staff enjoyed the kids 
with their wide-eyed awe.

Thanks, Maddog, for keeping us in touch on this.  He will be missed.

-Ken


On 2016-01-05 10:47, mad...@li.org wrote:
> GNHLUG family,
> 
> A couple of days ago I wrote to tell you that the prognosis for Bill
> was looking better.  Unfortunately that does not seem to be the case.
> The prognosis is that Bill will never regain consciousness.  Following
> Bill's wishes, life support was removed and although Bill is breathing
> on his own, the doctors feel death is near.
> 
> Janet Levy, Bill's wife, has said her "good-byes" to him, as I feel we
> all must start to do.
> 
> If I hear anything about funeral services or requests from Janet I
> will pass them on to you.
> 
> Warmest regards,
> 
> maddog
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

4K Linux video cards?

[Ken D'Ambrosio]

Hey, all.  4K TVs/monitors are really dropping in price.  Monoprice has 
a 28 for $400... which really starts being tempting.  But I have no 
idea what card to drive it with.  I do *NOT* game; if it can move 
windows around, I'm rocking.  If I can play TuxRacer, my video 
experience is complete.  So: any suggestions on a card to get?  The 
easier/more compatible it is with Linux, the happier I am.  Cheap is 
nice, too, but compatible is really at the top of my list.

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Mailman update?

[Ken D'Ambrosio]

Hey!  If we're getting the boot and going to do a migration, now might 
be the time to recommend a Mailman update.  I've heard that Mailman 3.0 
is a vast improvement (https://lwn.net/Articles/638090/); given that not 
five minutes ago it was suggested to me that the GNHLUG subscription 
page looks in need of a bit of updating, perhaps that's something that 
could be part of the migration?

And, while I'm graciously tossing work Ben's way:

* If there's anything I can do to help out, please lemme know, and

* I'd be more than happy to kick in $50 or something to help pay for a 
virtual.  Just lemme know who to cut the check out to.

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

BIND t-shooting?

[Ken D'Ambrosio]

Okay, it's time for true confessions: I kinda suck at BIND; I'd been 
using other DNS servers for years, and JUST rolled out my own BIND on 
two different servers recently... and it's working great.  But I also 
just got two *other* servers with BIND installed by Ubuntu.  Doing local 
lookups fine on its own domain, but when it goes to do a query upstream 
against 8.8.8.8 (Google), it can take *FOREVER*.  I've had repeated 
requests for yahoo.com fail for over two minutes; I haven't had any 
requests succeed in under 15 seconds.

Any pointers on what I should be looking for?  Afraid Google is kinda 
failing me.

Thanks!

-Ken

P.S.  A tcpdump shows me that the IPv4 reply is essentially 
instantaneous, but then -- even though I didn't ask for IPv6 -- the  
reply comes back much later.  I've tried everything I can find to 
disable IPv6 (both in-kernel and in the named.conf file), to no avail.  
I don't know if this is relevant to my issue or not.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Self-signed cert and Pidgin.

[Ken D'Ambrosio]

Hey, all.  I've got a cert that has two problems with it:

1) It's self-signed, and
2) Its associated with a hostname that's inaccessible externally; the 
*service* is accessible externally, but through port forwarding.

To work around #2, I set up an /etc/hosts entry; based on what I 
understand about SSL (or *think* I understand; I'm pretty hazy on 
certain parts), that should be okay.  But #1 seems to be an issue.  When 
I try to fire up Pidgin, here's what I get:
-
Unable to validate certificate
The certificate for foo.com could not be validated.  The certificate 
chain presented is invalid.
-

I've googled until I'm blue in the face, tried to toggle the various 
features in the advanced tab in Pidgin's XMMP settings, tried to copy 
the PEM file everywhere and running various update-ca-certificates 
commands, etc., to no avail.  (Truly, it astonishes me that there's no 
accept the damn cert, already feature, but not sure what's to be done 
about that.)

Anyone have this issue?  Any suggestions on a work-around?  The 
surprising thing is that this is relatively new; my home machine works 
fine.  I almost wonder if it's an Ubuntu feature, as my Mint system 
seems happy enough -- maybe something's been updated in SSL or somesuch, 
and it hasn't percolated to Mint yet.  Though as I haven't done a new 
Mint install, even that's pure speculation on my part.

Thanks for any insights...

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Web-based photo/video album?

[Ken D'Ambrosio]

Hey, all.  It's the holidays, and I've decided it's time for me to get 
my family stuff organized.  I've used Gallery 
(http://galleryproject.org/) before, but it looks like it's gone into 
moribund mode -- and, honesty, the format was great back in Web 1.0 
days, but lacked the nifty interaction you get with newer stuff.  I've 
seen some that look decent, but don't appear to support videos.  
Wondering if anyone had any suggestions of applications that support 
both?

Thanks (and may TuxSanta be good to you),

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Stupid vanity question.

[Ken D'Ambrosio]

So.  I recently underwent a technology refresh at work, and opted -- 
gad-zooks -- for a Mac, because it had substantially better specs (e.g., 
16 GB RAM vs. 8 GB).  Needless to say, I immediately installed Linux on 
it.  I'm heading to Philly next week for a meeting, though, and would 
truly like to let it be unambiguously known that I'm running the 
premiere FOSS OS, and not OS X.  Which brings me to stickers.  Does 
anyone know of a store or somesuch where I could grab, say, a Tux 
sticker?  Failing that, I'd be willing to settle for Debian, or one of 
its variants (Ubuntu, Mint).

(Yeah, I've got some on order, but they ain't here yet.)

Thanks for understanding my rather pitiful form of rebellion; back when 
I wore ties, I'd just wear my Tux tie and companion shirt (all hail 
Think Geek, c. 2000), and be done with it, but we're a fair bit less 
formal.

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

E-reader web-based back-end?

[Ken D'Ambrosio]

Hey, all.  I'll admit it: I like to read.  And while my Kobo is awesome, 
sometimes, I have books I acquired outside of the Kobo ecosystem.  And 
it's annoying trying to read from one device to the other, and always 
having to find my page, copy files, etc.  Is there a web-based back-end 
for non-DRM'd ebook reading?  Shockingly (not), gooling e-reader Linux 
gets me lots of ways to read *from* Linux, but not to use Linux as a 
back-end.

Thanks for any pointers!

-Ken

P.S.  Looking for ebook, mobi and PDF support, if beggars have the 
option of being choosers.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Kicking the tires on Kubuntu...

[Ken D'Ambrosio]

Sooo... trying my hand at KDE for the first time in quite a while.  
And, actually, really liking it -- they even have the cube virtual 
desktop!  Bt... one thing I don't like: when I get IMs in Telepathy, 
it doesn't automatically open a new tab.  I get a *LOT* of IMs, so 
having a visual tell-tale of who's IM'd, instead of having to go through 
the notifications list, would be really helpful. Anyone know how to make 
that happen?

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: GRUB, ISO, and remote boot.

[Ken D'Ambrosio]

Got it all working... almost.  I got the *boot* going just ducky, but 
then it turned out that there were menu options invoking kickstarter 
configurations, and that's when it went from a wouldn't it be a nifty 
little timesaver if... to I'll have to document the snot out of this 
and write support scripts, and we'll likely be deprecating the hardware 
soonish, anyway.  So I'm dropping my effort.

That being said, this page was invaluable:

https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt

(Which, of course, is also on-disk for anyone with the kernel source.  
Somewhat sadly, I haven't done a kernel compile since btrfs got added to 
mainline.  All the features I want... are already in $DISTRO's kernel.  
No more kernel patches for UIDs  2^16; no more patches for ACLs; no 
more patches for Asterix hardware drivers, etc.  I fondly remember 
driving home with my IBM Thinkpad 701C churning away on my 
pretty-much-daily kernel compile.)

Thanks for the help, all!

-Ken


On 2014-10-24 11:38, Matt Minuti wrote:
 Perhaps you could take a look at how netinstall images work, for
 debian for instance.
 
 Or maybe you can take something out of this project:
 http://i.cs.hku.hk/~clwang/projects/slimwebpages/index.html [2]
 On Oct 24, 2014 9:34 AM, Tom Buskey t...@buskey.name wrote:
 
 You can create a custom kickstart that pulls everything over via
 NFS, FTP or HTTP maybe even iSCSI.
 
 But you'd need some kind of initial boot to get to that point. 
 Either a DVD/USB/PXE that loads the initial part then mounts the
 rest over the net  does the install.
 
 You might want to look at iPXE, coreboot and seabios.
 
 I've also seen stuff on creating a DHCP/DNS proxy for gPXE boots
 when you don't control the DHCP network in the OpenStack
 community.  Maybe it was Foreman?
 
 On Thu, Oct 23, 2014 at 7:13 PM, Ben Scott dragonh...@gmail.com
 wrote:
 
 On Thu, Oct 23, 2014 at 6:58 PM, Ken D'Ambrosio k...@jots.org
 wrote:
 I know that GRUB can't, by itself, remote boot a live-boot ISO
 (it needs
 some help from the ISO, itself, which won't be the case,
 here).  But I
 also am almost sure I can
 1) Mount the ISO on a remote system (and export it)
 
   This is just NFS, and (I presume) well understood.
 
 2) pull specific files from the ISO, and use them to create a
 GRUB
 entry, which then
 
   Generally speaking, GRUB loads a kernel (and optionally, an
 initrd)
 from image file(s) on disk, and then boots the kernel.  If you
 can
 find the equivalent files somewhere in the ISO image, that should
 do
 it, I would think.
 
 3) boots up with the files pulled from the ISO, then accesses
 the remote
 system's exported ISO for the final boot process.
 
   This may be tricky.
 
   Generically, what you're doing is just a diskless workstation,
 an
 idea several decades old in the nix world.  You just mount your
 root
 filesystem over NFS and bam! -- you're off and running.
 
   However, the kernel provided by your live boot distribution
 may not
 be set-up to support an NFS root.  If it doesn't, you'll likely
 have
 to rebuild the kernel and/or initrd -- a non-trivial task, I
 expect.
 
 Trying to make this happen so that I can access remote hosts
 over a
 terminal server and do remote installs without having to have
 someone
 lug around a DVD and drive.
 
   Is USB flash drive an option?  It appears to be relatively
 easy to
 copy an ISO image file onto a USB flash drive, and then make the
 system boot from the USB flash drive, using the ISO image file as
 if
 it were an optical disc.
 
 -- Ben
 
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1]
 
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1]
 
 
 Links:
 --
 [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
 [2] http://i.cs.hku.hk/~clwang/projects/slimwebpages/index.html
 
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

GRUB, ISO, and remote boot.

[Ken D'Ambrosio]

I know that GRUB can't, by itself, remote boot a live-boot ISO (it needs 
some help from the ISO, itself, which won't be the case, here).  But I 
also am almost sure I can
1) Mount the ISO on a remote system (and export it)
2) pull specific files from the ISO, and use them to create a GRUB 
entry, which then
3) boots up with the files pulled from the ISO, then accesses the remote 
system's exported ISO for the final boot process.

Does anyone know which files need to be pulled for this, and/or how to 
create the corresponding GRUB entry?

Trying to make this happen so that I can access remote hosts over a 
terminal server and do remote installs without having to have someone 
lug around a DVD and drive.

Thanks!

-Ken

P.S.  Yes, I know all about PXE (which I can't use -- not only doesn't 
the hardware support it, but I have no control over DHCP at the remote 
sites), and also nifty things like HP's iLO supporting virtual 
network-based media, which, alas, is *also* not applicable here.  Wish 
that it were.

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

DNS fun: forward for one domain?

[Ken D'Ambrosio]

Caveat: I'm a pretty good sysadmin, but DNS is one of my blind spots.  
If I use incorrect terminology, please try to read for intent.
/whiney-assed attempt to explain this gaping hole in my knowledge

Hi -- using BIND, I'm trying to forward DNS queries for one (internal) 
domain... well, internally.  But it's not one I'm hosting, so I can't be 
the master for it.  All other queries, I want handled normally.  I've 
Googled/played around with various options parameters, but can't seem to 
find the right magic sauce sequence.

Any pointers?

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Attention, graying geeks: Send me your BASIC memories, as the language turns 50 -- David Brooks

[Ken D'Ambrosio]

On 2014-04-10 22:52, Curt Howland wrote:
 On Thu, Apr 10, 2014 at 7:07 PM, David Hardy belovedbold...@gmail.com 
 wrote:
 ...while blindfolded because IT security had it as a secret route.
 
 Too bad I don't live in Nashua.
 
 I learned basic from a book, Basic BASIC, a year before I had my first 
 computer.

I hear e-mail traverses regional boundaries.  Of course, if submitted 
via RFC 6214's transport protocol, you'd better start soon...

(I learned BASIC on an Atari 2600.  No, really -- using one of these... 
OH MY GOD IT WAS WITH THIS EXACTLY: 
http://www.youtube.com/watch?v=SFo6nmVjCg4 .  Truly, the Internet is an 
amazing invention.  Of course, the keyboard doesn't have the alpha 
overlays I had, but you get the idea.)
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Btrfs -- awesome, or... well, awesome?

[Ken D'Ambrosio]

On 2014-03-26 09:46, Jerry Feldman wrote:

 currently mirrored under RAID1 to a single BTRFS volume in August when
 Fedora 21 is released. I'm just looking for a good reason NOT to use 
 BTRFS.

Honestly?  If you're not anxious to roll with it, you might want to hold 
off a bit.  SuSE has announced that they're going with it as their 
default FS for the next release,  in November, and I have to imagine 
that there will be some shakeout after that occurs.

http://www.phoronix.com/scan.php?page=news_itempx=MTYzNjA

I *do* think it probably is more-or-less ready, but we all know what 
happens when something goes from a relatively small userbase to a 
suddenly much larger one.

$.02,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Linux-friendly USB 802.11n

[Ken D'Ambrosio]

Gah.  Someone pointed out to me that I goofed on the micro-URLization.  
Here's the *correct* tinyurl: http://tinyurl.com/l4guh9r

And, just to be on the safe side, the not-tiny URL, stripped of the 
unnecessary extra stuff sites love to throw on:
http://www.newegg.com/Product/Product.aspx?Item=N82E16833389004

Sadly, in the interim, they've bumped the price a penny, and there's now 
$4.99 in SH.  (Or I read the page wrong -- always possible.  I'd 
ordered several things together, so I wasn't paying as much attention to 
SH as I might have normally.)

-Ken


On 2014-03-16 08:36, virgins...@vfemail.net wrote:

 I'm looking for a Linux-friendly 802.11n (Wireless N) USB adapter.  
 By
 Linux-friendly, I mean I'm looking for one that will work with
 in-kernel drivers (no separate module to compile  install), without
 funky compatability layers (like NDIS wrapper), doesn't require extra
 firmware, and is free/open source.

Funny you should ask.  I was asking myself *the exact same question* 
last week.  I bought myself one of these: 
http://hardkernel.com/main/main.php .  And, while it does come 
pre-loaded with Ubuntu, I wasn't taking bets on proprietary drivers, 
etc., making the transition to ARM-land.  I Googled around, to no (real) 
avail, and finally decided to take the plunge with the cheapest one I 
could find on NewEgg:  .  (My rationalization being two-fold: it was 
cheap, so no huge loss if it didn't work, and cheap usually means 
commoditized, so I was hoping it it would be a common, developed-for 
chipset.)

I plugged it in, and lo!  Immediately recognized.  Very shortly 
thereafter, I was online.

Until I saw your e-mail, though, I was content enough that it was 
working to not delve into whether I'd found the holy grail, or merely a 
reasonable facsimile.  However, I just looked at my modules, and it's 
using usbnet and smsc95xx, both of which are in the stock Linux 
kernel, so I think it's the way to fly.  $9.99 and free shipping, and 
it's yours.

-Ken

P.S.  Of course, I make no guarantees as to whether or not it works for 
*YOU*, but it seems like a decent choice.  Make sure you have 
smsc95xx.ko, and you're probably safe.  Likewise, thus-far I've only 
used it in the same room as the WAP, so I can't swear as to its 
throughput, range, etc.  /weaselly worded disclaimer

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Linux-friendly USB 802.11n

[Ken D'Ambrosio]

On 2014-03-16 08:36, virgins...@vfemail.net wrote:

 I'm looking for a Linux-friendly 802.11n (Wireless N) USB adapter.  
 By
 Linux-friendly, I mean I'm looking for one that will work with
 in-kernel drivers (no separate module to compile  install), without
 funky compatability layers (like NDIS wrapper), doesn't require extra
 firmware, and is free/open source.

Funny you should ask.  I was asking myself *the exact same question* 
last week.  I bought myself one of these: 
http://hardkernel.com/main/main.php .  And, while it does come 
pre-loaded with Ubuntu, I wasn't taking bets on proprietary drivers, 
etc., making the transition to ARM-land.  I Googled around, to no (real) 
avail, and finally decided to take the plunge with the cheapest one I 
could find on NewEgg: http://tinyurl.sys.comcast.net/ruxhqD .  (My 
rationalization being two-fold: it was cheap, so no huge loss if it 
didn't work, and cheap usually means commoditized, so I was hoping 
it it would be a common, developed-for chipset.)

I plugged it in, and lo!  Immediately recognized.  Very shortly 
thereafter, I was online.

Until I saw your e-mail, though, I was content enough that it was 
working to not delve into whether I'd found the holy grail, or merely a 
reasonable facsimile.  However, I just looked at my modules, and it's 
using usbnet and smsc95xx, both of which are in the stock Linux 
kernel, so I think it's the way to fly.  $9.99 and free shipping, and 
it's yours.

-Ken

P.S.  Of course, I make no guarantees as to whether or not it works for 
*YOU*, but it seems like a decent choice.  Make sure you have 
smsc95xx.ko, and you're probably safe.  Likewise, thus-far I've only 
used it in the same room as the WAP, so I can't swear as to its 
throughput, range, etc.  /weaselly worded disclaimer
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: su: cannot set user id: Resource temporarily unavailable

[Ken D'Ambrosio]

On 2014-03-10 10:05, Brian Chabot wrote:
 I'm trying to su to a user on a CentOS 6.4 x86_64 box and get the
 error in the subject:
 
 [user1@cent6.4box ~]$ sudo su - user2
 su: cannot set user id: Resource temporarily unavailable
 [user1@cent6.4box ~]$


This is where, when desperate, I whip out strace:

strace -s 1024 -f -o /tmp/sudo_strace.log sudo su - user2

This will generate a logfile with all the system calls made by the 
command; it takes some practice to parse strace output reliably, as 
there are a bunch of red herrings, e.g.,

3490  access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or 
directory)

Which is another way of saying The file /etc/ld.so.preload doesn't 
exist -- though it may or may not be optional.  I would dive into the 
bottom of the log file, then search backward for your error string; from 
that, I'd look backward for something that *isn't* a red herring.

strace is a wonderful tool, but it's a bit like a sledgehammer for 
flyswatting, and I only break it out when I'm completely stumped.

Good luck!

-Ken


 The limits.conf file has the following entries:
 * soft   nofile  10
 * hard   nofile  10
 * soft   nproc   8192
 * hard   nproc   32767
 
 The current usage for pengine is:
 [user1@cent6.4box ~]$ ps -eLF | grep user2 | wc -l
 1108
 [user1@cent6.4box ~]$ lsof | grep user2  | wc -l
 1558
 [user1@cent6.4box ~]$
 
 While these are the majority of the processes and files in use on the
 system, they are nowhere near the limits.
 
 I even increased the limits 10-fold and that has not worked.
 
 I'm kind of lost here.  Usually the error indicates files or processes
 over the limit but here... not so much.
 
 Any ideas?
 
 
 
 Brian Chabot
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Btrfs -- awesome, or... well, awesome?

[Ken D'Ambrosio]

Okay, so my bias is showing a little.  And, yeah, I've even lost data to 
it -- but that's kinda what happens when you play with alpha releases of 
filesystems.  That being said, while nobody would be dumb enough to call 
it stable yet (stable filesystem is a journey, not a destination), 
it's a fair ways along that road.  So Linux Weekly News (the *best* 
hard-Linux news site in existence, IMNSHO) did a series:

http://lwn.net/Articles/576276/

Enjoy!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Linux Weekly News (was Btrfs -- awesome, or... well, awesome?)

[Ken D'Ambrosio]

On 2014-02-21 17:23, David Hardy wrote:
 Just subscribed [to LWN];  looks very good and very interesting.
  Thanks for the tip.

The pleasure is mine.  Every couple of years, I'd zip an e-mail off to 
the list reminding/informing folks of how cool LWN is.  But maybe it's 
time for another go.  Linux Weekly News started out back in '98 (or even 
earlier if you include their initial attempts at being a Red Hat support 
shop).  It's pretty much run by Jon Corbet who, in addition to being a 
really good and entertaining writer, also is a kernel hacker.  While I 
will never, not ever, be a kernel hacker, his weekly kernel column is my 
primary reason for subscribing  -- indeed, it's where I first found out 
about btrfs, as well as any other of a huge number of things.  That, and 
he digs in *deep*.

He's also managed to hire on a handful of other folks who do a darn good 
job writing as well.  I really enjoy his wry sense of humor and ability 
to slice through the latest kernel flamewar and show what's actually 
going on from a technological perspective.

This isn't to say that LWN doesn't have other stuff to offer -- it does: 
weekly columns include security, distributions, development, and 
announcements.  He also often gets the authors of new and exciting 
projects to author articles describing same.

If the name Alan Cox rings a bell, here's a fun snippet I've enjoyed: 
http://linux.derkeiler.com/Mailing-Lists/Kernel/2007-08/msg01778.html -- 
look at his last paragraph.

While LWN does charge for the current copy (at rates ranging from 
$3.50/week (the starving hacker rate) to $600/year (maniacal 
supporter)), in the spirit of FOSS, after a week, everything is free to 
read.

Lastly, the signal:noise ratio in their forums is perhaps the best of 
any web-based forum with which I'm familiar.

Bottom line: if you want solid, technical news about this list's 
favorite operating system, I can't recommend it strongly enough.  Go 
check it out, and enjoy!  http://www.lwn.net

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

USB video?

[Ken D'Ambrosio]

Hey, all.  I'm considering getting a teeny little system 
(http://tinyurl.com/q4a6pv6) for home use to replace my laptop -- sadly, 
I find that 4 GB that's on my laptop just isn't cutting it these days, 
and I'll need to make the jump to 8 GB.  (Isn't that 1024 times what I 
had on my first Slackware install?  Sheesh.)  Anyway, I really like the 
two monitor thing I have going with the laptop, and the one thing that 
the Intel box doesn't have is a VGA port.  Does anyone have any 
experience with USB video adapters under *nix?  Any suggestions?

Thanks...
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: USB video?

[Ken D'Ambrosio]

On 2014-02-04 12:22, Brian St. Pierre wrote:
[...]
 That listing shows HDMI and mini displayport.

E... wow.  Thanks!  I've never even heard (or, at least, noticed) 
about displayport before; that's a new connector for me to file away.  
And, clearly, the optimal way to fly; I've always felt that 
video-over-USB was a pretty hack solution (though I suppose USB 3.0 
might make it marginally less hack-ish).

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

SSH timeout on password challenge.

[Ken D'Ambrosio]

Hey, all.  I'm scripting stuff to a zillion (ballpark) servers, and ones 
that are up, but haven't been fully deployed (i.e., don't yet have ssh 
keys) password challenge me.  While there *is* an ssh timeout option, 
it's my understanding that that's for when a connection fails to 
establish, NOT for when a password challenge happens.  My script is 
using the timeout command:

timeout 5 ssh -n $host 'blahblahblah'

but that seems to not be doing the trick.  Since my script *does* 
(eventually) e-mail out, I assume it's working... but I've been staring 
at it sitting at this one host password challenge for over 20 min., now. 
  Even if it eventually times out, it ain't exactly optimal.

Any bright ideas on how to do this gracefully?

Thanks!

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: What are you doing for home NAS?

[Ken D'Ambrosio]

On 2013-12-30 09:41, John Abreau wrote:
 After trying FreeNAS, I'd no longer consider the consumer-level drives
 such the MyBook Live as serious options.

I think this stance is a little overly cautious; there is  data showing 
that consumer drives don't fail at rates significantly different than 
server-grade drives -- e.g., 
http://blog.backblaze.com/2013/12/04/enterprise-drive-reliability/ 
(though I also remember studies done on significantly larger datasets a 
couple years ago, but they aren't leaping at me from Google).  What I 
*have* found to be troublesome is that some RAID solutions don't handle 
drives that spin down very well.  For this reason, I tend to either go 
with server-grade drives, or really do my homework, and find drives 
that work with the solution (e.g., 3Ware has -- or, at least, had -- an 
approved hardware list that I find useful).  But I think that, with a 
suitable amount of caution, there's money to be saved here without loss 
of functionality or increased risk of data loss.

$.02,

-Ken

P.S.  One thing I should add here, just from a hoo-boy-did-I-stub-my-toe 
perspective: as a rule, I usually have my arrays use just a letle 
bit less than the whole disk.  I had a large RAID-5 array once, and one 
of the drives failed.  I got it RMA'd *with the same model number* from 
the manufacturer... and it was one sector smaller.  THAT was annoying.


 On Mon, Dec 30, 2013 at 9:05 AM, Mark Komarinski
 mkomarin...@wayga.org wrote:
 
 On 12/30/2013 1:00 AM, John Abreau wrote:
 I tried a couple cheaper options such as the WD MyBook Live
 network
 drive, but I wasn't really satisfied with them, They were slow to
 access, slow to spin up when inactive, and had serious
 performance
 issues when more than one process was accessing them over NFS,
 which
 was the only filesharing option I used. They contained just a
 single
 drive, which means no raid-1 safety net when the disk starts to
 go bad.
 
 After getting burned by non-NAS drives in a RAID 5 array, I'm going
 RAID
 1 for home use from now on.
 
 Then I picked up an HP N40L mini cube server and installed FreeNAS
 on
 it, on a usb thumb drive that I plugged into the internal USB
 port on
 the motherboard. It was the first NAS I've tried at home that I
 was
 happy with.Performance is much better, even with multiple
 processes
 accessing the unit, and large file copies both to and from the
 unit
 seem to complete more quickly.
 Ooh.  I forgot about that little guy.  Replacement for is seems
 to be
 the N54L.  Fits 4 drives, might just get 2x4TB and leave the other
 two
 for future expansion.
 
 I'm currently using two of the four drive slots with a pair of 2gb
 drives, configured with ZFS as a raid-1 mirror set. To properly
 support ZFS, I followed the recommendations in the HOWTO I found
 online and maxed out the RAM at 8 GB.
 
 It's been a couple years since I set it up, so I imagine there's
 a
 newer model available by now that will accept larger drives and
 more RAM.
 
 After trying FreeNAS, I'd no longer consider the
 
 Err, you cut off there...
 
 -Mark
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1]
 
 --
 
 John Abreau / Executive Director, Boston Linux  Unix
 Email j...@blu.org / WWW http://www.abreau.net [2] / 2013 PGP-Key-ID
 0x920063C6
  2013 / ID 0x920063C6 / FP A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C
 9200 63C6
 2011 / ID 0x32A492D8 / FP 7834 AEC2 EFA3 565C A4B6  9BA4 0ACB AD85
 32A4 92D8
 
 
 Links:
 --
 [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
 [2] http://www.abreau.net
 
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Mother of all xterms?

[Ken D'Ambrosio]

On 2013-05-23 16:36, Tom Buskey wrote:
 I think this is the 1st time I ever saw Low Ram use and emacs (Eight
 Megabytes And Constantly Swapping) in the same paragraph.

 From the JOKES file (or http://www.gnu.org/fun/jokes/ed-msg.html), one 
of my favorites:

--

And ed doesn't waste space on my Timex Sinclair. Just look:

-rwxr-xr-x  1 root  24 Oct 29  1929 /bin/ed
-rwxr-xr-t  4 root 1310720 Jan  1  1970 /usr/ucb/vi
-rwxr-xr-x  1 root  5.89824e37 Oct 22  1990 /usr/bin/emacs



 On Thu, May 23, 2013 at 4:11 PM, Bill Freeman ke1g...@gmail.com 
 wrote:
 
 On Thu, May 23, 2013 at 3:58 PM, Tom Buskey t...@buskey.name wrote:
 
 Back in the day, running telnet inside emacs was faster than in xterm 
 because of emacs' terminal optimization.  Important when you shared a 
 56k link.  Or 2400 baud modems.
 
 Honestly, I'm at the point I just want low ram use, scroll back lots of 
 lines, emulate vt100 with line drawing and increase/shrink font size 
 quickly.  Oh, and installed on all the Unixen I use.
 
 Low RAM use?  Then you want emacs.  No matter how many terminals you 
 need you only need one emacs.  And you don't have to start any of those 
 pesky vim instances either - you get file editing for free!!!
 
 Or are we talking PDP-11/20 class low RAM use?
 
 (Wink, wink, nudge, nudge.)
 
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1]
 
 
 
 Links:
 --
 [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
 
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Mother of all xterms?

[Ken D'Ambrosio]

Hey, all -- I've gotten quite used to gnome-terminal and konsole, and 
they both work, but I admit I have a little bit of iterm2 (for the Mac) 
envy -- e.g., being able to search back through the log to a specific 
timestamp.  Handy, that.  So, my question, really, is is there a really 
cool terminal program out there with lots of bells and whistles?  It'd 
be fun to kick the tires on something new.

Thanks,

-Ken
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: FREE - Dr. Dobbs 1980-1984 plus Volume 1 Number 2

[Ken D'Ambrosio]

Mememe! I love the old computer mags. Was woo sad when my dad tossed the old 
Computer Shoppers, and then a flood got my Amigaworlds and Micro Cornucopias. 
And Transactors, for that matter. I promise: I have moved somewhere far less 
likely to incur such unpleasant circumstances. 

Thanks, 

-Ken

Michael ODonnell michael.odonn...@comcast.net wrote:


Just unearthed some Dr. Dobbs magazines from the years
1980 thru 1984 (complete except for a handful of issues)
and also Volume 1 Number 2 from 1976.  Anybody want 'em?
 
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

-- 
This mail was scanned by BitDefender
For more information please visit 
http://www.bitdefender.com/links/en/frams.html



___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Files, unliking, access, oh my.

[Ken D'Ambrosio]

Hey, all.  For various esoteric reasons, I'm wondering if someone can 
tell me the answer to this question.

If process A is reading from a file, and process B deletes it, process 
A can continue to read from it until... well, until it stops reading 
from it.  Can that space that the file takes up be overwritten during 
this interim?  Or does the OS hold the inode sacrosanct until both 
references AND processes are no longer making use of it?

Or is it something else entirely, and I'm going down the wrong road?

Thanks!

-Ken

-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: [OT] Corner cases in Ruby/Javascript (WAT!)

[Ken D'Ambrosio]

Yah -- I went to show this to someone teaching a JavaScript course, and 
in the course of googling, bumped into an interesting explanation of 
*why* the JavaScript acts the way it does:

http://stackoverflow.com/questions/9032856/what-is-the-explanation-for-these-bizarre-javascript-behaviours-mentioned-in-the

On 2013-02-18 08:18, Michael ODonnell wrote:
 For entertainment puprposes only: a brief (4:18) video poking
 fun at corner cases of some Ruby/Javascript operators/syntax -

http://www.youtube.com/watch?v=D0EIZa5e9q4

 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Authenticating users against AD *without* joining the domain?

[Ken D'Ambrosio]

Ben said:
   Can you explain what you're after in a little more details, please?

   E.g., are you wanting users to be able to SSH in, type a username
 and password for an AD account, and have those checked against a
 Domain Controller?

*sigh*  Yeah, I realized (much) later that I wasn't descriptive enough. 
That's *exactly* what I'm looking to do -- basically, I see it like 
this: if they can bind to the AD server with the credentials (via LDAP, 
which is woo feasible), then I want to let them in.  And, yes, all via 
ssh.

-Ken


   Or... what?  :)

 -- Ben
 ___
 gnhlug-discuss mailing list
 gnhlug-discuss@mail.gnhlug.org
 http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/


-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Green screen.

[Ken D'Ambrosio]

Good evening, all.  I must be getting responsible or something, but I'm 
getting roped in to the Amherst PTA's Math and Science Night activity. 
(Except that this year, it's gonna be in the day.)  This year's theme 
looks as if it's going to be weather, and a really solid idea for a fun 
activity was the proverbial TV weatherman green screen.  I have to 
imagine this would be feasible with Linux -- anyone have any suggestions 
on leads to hunt down?

Thanks!

-Ken

-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Authenticating users against AD *without* joining the domain?

[Ken D'Ambrosio]

Hey, all.  At my new employer, it basically takes an act of God to get 
a Linux box to join the domain.  I'd be just plain happy if I could use 
an AD server to let users authenticate against LDAP, and then log in.

Any idea how to make that happen?  Worst-case, I'm thinking of doing 
some sort of Apache/LDAP thing, but if anyone's got any bright ideas, 
I'm all ears.

Thanks,

-Ken

-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Chromebook -- wow?

[Ken D'Ambrosio]

So, as I'd mentioned, I've been enjoying my little quad-core ARM board. 
And when my wife and I decided my six-year-old should have her own 
computer (for games and even homework), I thought that would be the 
perfect thing -- except that it's an ARM.  So I set it up, and was 
rather pleased, until I tried to do Adobe Flash.  No-go.  The particular 
ARM variant (I don't remember the nomenclature) has no Flash client, and 
none is expected.  Since the vast majority of kids' sites require Flash, 
this was a show-stopper.  So we bit the bullet, and decided to get a 
laptop.  We both independently thought about the Chromebook -- the first 
time I'd seriously considered buying one.  But it's perfect for her: 
very unlikely to get viruses, does all the sites she needs, and don't 
need anything local to talk about.

We went with the Acer -- the Samsung looks a bit spiffier, and has an 
SSD for crazy fast boots, but 320 GB disk and a physical ethernet port 
pushed me over for the Acer.  It looked an awful lot like an old Acer 
I'd had that I'd finally given up on because I couldn't upgrade to more 
than 4 GB.  I seemed to recall hearing something about installing Ubuntu 
on the Chromebook, so I googled.

And wow!  You'll be violating your warranty, but for $200 and an hour's 
worth of your time, it looks like you can get a really nice Ubuntu 
laptop:
* 320 GB
* 2 GB RAM expandable to *16 GB* -- HOLY THE SMOKES  (two DIMM sockets)
* 11.6 screen
* 3 lbs. weight
* Dual-core 64-bit Celeron

The big caveats are that the RAM upgrade will void your warranty, and 
you have to go through some hoops[1] to do an install -- you have to put 
the machine into developer mode, and, apparently, deal with a 
boot-time warning that slows down your boot process.  But for a system 
with those specs, for *$200*... well, I just might give it a go.

If anyone else has gone down this road, I'd be interested in hearing 
about the experience.

-Ken

1: 
http://liliputing.com/2012/11/how-to-install-ubuntu-12-04-on-the-199-acer-c7-chromebook.html
 
and 
http://chromeos-cr48.blogspot.com/2012/04/chrubuntu-1204-now-with-double-bits.html
 
offer a solid look at what's needed.

-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Chromebook -- wow?

[Ken D'Ambrosio]

So, as I'd mentioned, I've been enjoying my little quad-core ARM board. 
And when my wife and I decided my six-year-old should have her own 
computer (for games and even homework), I thought that would be the 
perfect thing -- except that it's an ARM.  So I set it up, and was 
rather pleased, until I tried to do Adobe Flash.  No-go.  The particular 
ARM variant (I don't remember the nomenclature) has no Flash client, and 
none is expected.  Since the vast majority of kids' sites require Flash, 
this was a show-stopper.  So we bit the bullet, and decided to get a 
laptop.  We both independently thought about the Chromebook -- the first 
time I'd seriously considered buying one.  But it's perfect for her: 
very unlikely to get viruses, does all the sites she needs, and don't 
need anything local to talk about.

We went with the Acer -- the Samsung looks a bit spiffier, and has an 
SSD for crazy fast boots, but 320 GB disk and a physical ethernet port 
pushed me over for the Acer.  It looked an awful lot like an old Acer 
I'd had that I'd finally given up on because I couldn't upgrade to more 
than 4 GB.  I seemed to recall hearing something about installing Ubuntu 
on the Chromebook, so I googled.

And wow!  You'll be violating your warranty, but for $200 and an hour's 
worth of your time, it looks like you can get a really nice Ubuntu 
laptop:
* 320 GB
* 2 GB RAM expandable to *16 GB* -- HOLY THE SMOKES  (two DIMM sockets)
* 11.6 screen
* 3 lbs. weight
* Dual-core 64-bit Celeron

The big caveats are that the RAM upgrade will void your warranty, and 
you have to go through some hoops[1] to do an install -- you have to put 
the machine into developer mode, and, apparently, deal with a 
boot-time warning that slows down your boot process.  But for a system 
with those specs... well, I just might give it a go.

If anyone else has gone down this road, I'd be interested in hearing 
about the experience.

-Ken

1: The steps involved don't seem particularly arduous -- certainly not 
on par with rooting a phone.  The following are two sites that offer up 
a fair bit of detail; the second one is, I believe, the developer's 
site, itself, but I like the intro the first site gives.
* 
http://liliputing.com/2012/11/how-to-install-ubuntu-12-04-on-the-199-acer-c7-chromebook.html
* 
http://chromeos-cr48.blogspot.com/2012/04/chrubuntu-1204-now-with-double-bits.html

-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Windows 8 (or, more likely, UEFI) warning.

[Ken D'Ambrosio]

Hey, all.  I was at a friend's house the other day, and there were some 
issues with their WiFi router.  Alas, I hadn't brought my computer (I 
know, I know...), so I asked to borrow one of theirs, with the thought 
of booting up to Linux.  (For whatever reason, Windows was having a hard 
time contacting the router; Linux had been proven a week prior not to 
have said issue.)  The first laptop that came to hand was a new Dell 
with Winders 8 and UEFI.  I was a little worried -- but what's more 
passive than booting from a USB key?

Apparently, the answer to that question is *not* booting from one at 
all.

Wouldn't boot to Linux.  Well, okay.  Let's try Windows 8.  Wouldn't 
boot to *Windows*.  First it tried to do a repair of some sort -- failed 
miserably.  Then it wouldn't get further than the Dell splash screen.  
Eventually wound up disabling UEFI secure boot, which allowed it to go 
into Windows -- whereupon I gave it back to the by-now very nervous 
laptop owner, and let the damn WiFi be.

Bottom line -- I think we, as Linux weenies, are gonna have to play 
with damn UEFI and get a feel for it.  Is it uniform across vendors?  
Can I always go for the disable secure boot option (which would, 
presumably, allow me to boot Linux)?  Has anyone with a newer laptop had 
any similar experiences?

-Ken

-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Routing fun?

[Ken D'Ambrosio]

Not quite sure which approach to take with this.  I've got a device on 
my network that, for various reasons, I want to route only over an 
OpenVPN link.  All other devices go out normally.  Assuming my Linux box 
is doing the routing, and has the VPN link, how do I get it to do that 
for that one device's MAC/IP/whatever?

Thanks,

-Ken

-- 
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com/links/en/frams.html


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/