Re: [Dorset] Permissions Quandary with nginx

[Hamish MB]

Hmm,

Maybe you could set up a VM for testing locally, and then deploy production 
versions via gitlab?

Or use a testing branch and the merge to master once all is done and tested.

Hamish
On 6 Feb 2021, at 13:19, Terry Coles 
mailto:d-...@hadrian-way.co.uk>> wrote:

On Saturday, 6 February 2021 13:02:14 GMT Hamish MB wrote:
 Best to set it up so you can just use git pull I imagine, if possible

The problem with that is that I would need to push intermediate versions from
my desktop to GitLab or do or my development directly on the Pi.

I prefer to do the initial work on the code using Thonny on my desktop because
I find that it gives me better visibility of the errors that can be detected
before deployment.  (That's not to say that I can't get the same information
from the shell, it's just that I find it easier to interpret in Thonny.)  Once
I have a version that passes those tests, I scp it to the Pi and only push the
code when I reach a point where the code is running without error (maybe with
missing functionality but no bugs).

BTW.  I have realised that if I scp the file(s) to /home/pi/ and then sudo cp
them to /home/pi/html, they take on the www-data ownership and I don't need to
do the extra chown.  I can live with that.
-- 
  Next meeting: Online, Jitsi, Tuesday, 2021-03-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Permissions Quandary with nginx

[Hamish MB]

Best to set it up so you can just use git pull I imagine, if possible
On 6 Feb 2021, at 11:40, Terry Coles 
mailto:d-...@hadrian-way.co.uk>> wrote:

On Saturday, 6 February 2021 10:55:23 GMT Terry Coles wrote:
 What do I need to do to get this to work?

I may have partially solved this.  Since in the Tutorial the application
directory is created before the App is download directly to it using wget, I
assume that the contents of the directory will inherit the group ownership, so
I have used chown -hR to change both the owner and group name from pi.  It
appears to work.

The question I now have, is that what is intended?  Copying updates to the
html directory becomes a bit problematic, because of permissions errors.  I
presume that I will have to use sudo to copy updated files there and chown to
change the ownership from root to www-data.

Or am I totally up the creek?
-- 
  Next meeting: Online, Jitsi, Tuesday, 2021-03-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Online Meeting Tonight at 8 pm

[Hamish MB]

I'm gonna be a bit late cos we have a lovely apple crumble to eat :)

Catch you all at 8:30 or so.

Hamish
On Nov 3, 2020, at 12:45 PM, Terry Coles 
mailto:d-...@hadrian-way.co.uk>> wrote:

All,

The next Online Meeting is tonight at 8 pm using Jitsi.

Simply click on the following link and you will be taken to the Meeting
using your default browser:

https://meet.jit.si/dorset-lug

Chrome or Chromium are probably better than Firefox for using Jitsi.  An
alternative to installing one of those two is to obtain it bundled especially
for Jitsi from:

https://github.com/jitsi/jitsi-meet-electron/releases

This should be as simple as

wget -q https://github.com/jitsi/jitsi-meet-electron/releases/download/
v2.4.2/jitsi-meet-x86_64.AppImage
chmod +x jitsi-meet-x86_64.AppImage
./jitsi-meet-x86_64.AppImage

and then entering ‘dorset-lug’ as the meeting ID.

Hope to see you all this evening.
-- 
  Next meeting: Online, Jitsi, Tuesday, 2020-11-03 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Very high memory usage (ignoring cache) after being powered on for days

[Hamish MB]

It would be a problem if I left it on this long regularly, and indeed it is a 
problem at the moment because I need to leave it on and at this rate I'll be 
using swap space to do actual work tomorrow just because it's powered on, which 
will be slow and wear out the SSD that my swap space has to be on (not ideal I 
know).

My swap is meant to be for an emergency, not because some leaky code in a 
driver/the kernel/whatever is somehow managing to use 20gb of ram. I can 
definitely see it being a problem on a low memory system or in other real use 
cases, so yes it's worth tracking down and fixing to me. Even if it doesn't 
affect my use case, I still want to fix it for the other people running this 
distro/kernel/driver/whatever the problem is.

As far as I have seen, read, and experienced with other systems, this kind of 
memory use considering the workload is not normal, and is honestly not 
acceptable - I have a raspberry pi that has run for several months without a 
reboot with no noticeable memory leakage/weirdness at all. Imagine if servers 
behaved like this.

NB: logging out and back in also changes nothing, just tried that too.

Hamish
On 10 Sep 2020, at 22:53, Keith Edmunds 
mailto:k...@midnighthax.com>> wrote:

On Thu, 10 Sep 2020 22:01:20 +0100, hamis...@live.co.uk said:

 but [...] using 20GB of RAM with almost nothing open [...] is not good
 behaviour

Why not? Is there an actual problem in the day to day use of the system?
Or is the problem that you've seen some numbers you don't like the look
of / don't understand?
-- 
  Next meeting: Online, Jitsi, Tuesday, 2020-10-06 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] MultiWii controllers

[Hamish MB]

MultiWii is the software, and it does run on an Arduino, but there are also 
specific sensors (such as accelerometers) you need if you're doing that part 
the DIY way.

There are also pre-built, integrated boards with an Arduino and sensors 
onboard, which is more what I'm looking for.

Hamish
On 23 Feb 2020, at 15:54, Ralph Corderoy 
mailto:ra...@inputplus.co.uk>> wrote:

Hi Hamish,

 I'm looking at building a raspberry pi based drone using a MultiWii
 (http://www.multiwii.com) as the flight controller. I was wondering if
 anyone knows where I can buy one?

Am I right that MultiWii is the software that runs on an Arduino Pro
Mini, or Seeeduino Mega, etc?  Are you just after one of those boards,
or something with MultiWii already installed?
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2020-02-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Moving POP3 Suppliers with Thunderbird.

[Hamish MB]

Perhaps I will try again then, it probably just was me being a doofus :)

On 21/01/2020 12:18, Terry Coles wrote:
> On Tuesday, 21 January 2020 10:15:24 GMT Hamish MB wrote:
>> Somehow I've never managed to get email filters to work. I've tried in
>> Thunderbird and with my providers (Outlook and Google) various times
>> over the years, and they never really seemed to do anything. I'm
>> probably just being a doofus, but has anyone else had this?
> All my filters work fine in KMail.  The only problems that I (frequently) 
> have is 
> when *I'm *being a doofus and forget the other settings that are current in 
> the 
> target folder.
>


signature.asc
Description: OpenPGP digital signature
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2020-02-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Enigmail can't verify signatures from this list

[Hamish MB]

Guess it didn't go through, so I'll copy and paste the test instead:

"Enigmail Security Info

Unverified signature
Public key 87B761FE07F548D6 used to verify signature

BAD signature from Hamish T. McIntyre-Bhatty (Key for signing emails)
"

You're probably right, I believe there was some incompatibility before
with the mail server with something else.

Hamish

On 21/01/2020 11:54, Ralph Corderoy wrote:
> Hi Hamish,
>
>> Just realised after my earlier message this morning, that Enigmail can't
>> verify the digital signature I attached to my email - when I received my
>> own copy, it says "unverified signature" and in the details it says "BAD
>> signature". See attached image.
> No attached image?
>
>> However, when I email myself between my different email accounts with
>> this signature, it verifies just fine. Does anyone know why this might
>> be happening? It has piqued my curiosity
> It's probably that Mailman is altering the email sufficiently as it
> passes through.
> https://www.enigmail.net/index.php/en/user-manual/handbook-faq#Signature_and_Verification
>
> I don't know Enigmail, but I assume it's signing the peer part of the
> MIME email according to some RFC.
>
> $ mhlist -nov
>  msg part type/subtype  size  description
>   42  multipart/mixed   2713 
>1multipart/signed  2034 
>1.1  multipart/mixed843 
>1.1.1multipart/mixed663 
>1.1.1.1  text/plain 452 
>1.2  application/pgp-signatur   833  OpenPGP digital signature
>2text/plain 221 
>
> I'd guess either the Content-Transfer-Encoding of the signed part is
> being altered, or the structure of the MIME email is being changed,
> e.g. the addition of an extra multipart/mixed level.
>


signature.asc
Description: OpenPGP digital signature
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2020-02-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] Enigmail can't verify signatures from this list

[Hamish MB]

Hi all,

Just realised after my earlier message this morning, that Enigmail can't
verify the digital signature I attached to my email - when I received my
own copy, it says "unverified signature" and in the details it says "BAD
signature". See attached image.

However, when I email myself between my different email accounts with
this signature, it verifies just fine. Does anyone know why this might
be happening? It has piqued my curiosity

Hamish



signature.asc
Description: OpenPGP digital signature
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2020-02-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Switching away from Evernote

[Hamish MB]

Thanks, Joplin looks like it's done the trick for me.

Emacs Org mode looks interesting, but doesn't seem to do file sharing,
and also I can't use Emacs, but thanks for the idea anyways. I can sort
of use Vim though *hides from Vim vs Emacs debate* :)

Hamish

On 18/01/2020 10:30, Keith Edmunds wrote:
> Joplin (https://joplinapp.org/)
>
> Open source, clients for web, Android, IOS, Mac, Windows. Syncs to your
> choice of sync'd filesystem (I use Nextcloud). Markdown. Import from
> Evernote. Just works. Been using it for 18 months or so, never looked back.


signature.asc
Description: OpenPGP digital signature
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2020-02-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] Switching away from Evernote

[Hamish MB]

Hi all,

I've been thinking about switching away from Evernote as there's no native 
Linux client, and the upload limit for free accounts is quite restrictive.

Has anyone got any suggestions for replacement note-taking and syncing services?

Hamish
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2020-02-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] How much work is involved in moving away from my current Domain Hosting Provider

[Hamish MB]

Are you sure these aren't a scam? It kind of sounds like one, so the links 
might not be genuine, perhaps?

I'm sure you've already checked this, but thought it was worth a mention.

Hamish
On 18 Jan 2020, at 08:01, Terry Coles 
mailto:d-...@hadrian-way.co.uk>> wrote:

On Saturday, 18 January 2020 07:48:08 GMT Terry Coles wrote:
 There is a button to upgrade to 'fix' the problem.

BTW.  The upgrade button gives this:

'Site Scan & Repair

No more malware worries — our security solution powered by SiteLock detects
and automatically removes malware.

Daily malware detection for up to 500 web pages
Fully automated malware removal
Daily spam and blacklist monitoring
On-demand monthly vulnerability detection
Vulnerability patching'

The cost is £5 per month.  My current contract for the whole domain costs me
£10.99 per month, so the tool would add nearly 50% to my costs.

The thing is that I do not use my website for eCommerce and there is nothing
much there apart from holiday snaps, so what I really want is a provider that
lets me use the domain as a repository and leaves me alone; just as  One and
One did for all those years.
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2020-02-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - Less than One Week Tonight

[Hamish MB]

I can go. I think it's my turn to drive this time.

Hamish

On 27/11/2019 19:06, D-LUG wrote:
> Hi,
>
> The next meeting is less than one week tonight on Tuesday, 2019-12-03 20:00 at
> the Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> Paul, Hamish,
>
> Are you going?
>
> PS.  Sorry about the late posting; I put a new SSD into my desktop PC and
> somehow b**d it up.  I don't know why, but it has taken me at least four
> attempts to copy my home directory to the new drive.
>
> I have a question about that, which I'll post shortly.
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-12-03 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Cannot get into KWallet after copying my Home directory from an old Spinning Rust Drive to a new SSD

[Hamish MB]

Glad it's working.

If you new drive is bigger than the old one, you could do Clonezilla
device-to-device cloning, or use DD to copy directly from the old to the
new drive, and then grow the partitions?

I'd recommend Clonezilla as I've had good success with it (primarily as
a backup tool), and it only copies space in use so is more efficient
than DD.

Of course, you could save the passwords somewhere else, and then add
them to your new Kwallet - might be easier than re-doing the clone?

Hamish

On 28/11/2019 15:38, Terry Coles wrote:
> On Thursday, 28 November 2019 08:20:44 GMT Terry Coles wrote:
>>> - You still have the old disk unaltered so in theory the wallet is safe
>>>
>>>   and booting from that disk would regain access?
>> It might not (see above).  I haven't really got time to try it until after
>> the weekend because I'm going 'up North' tomorrow morning and today is
>> pretty much booked up.
> I found I had a bit of time, so I've swapped the drive back and KWallet is 
> working again.  I'll have another go in due course.
>
> Question.  How would people recommend that I do this, in the absence of a 
> spare drive?  I remember installing a new HD some years ago without any major 
> difficulties, but I can't remember exactly what I did.
>
> I still favour Redo Backup, partly because I used it successfully at work 
> some 
> years ago.  I've realised (belatedly) that the new 1 TB SSD has more than 
> adequate space on it to write the image to (in a special partition with the 
> drive installed in the USB Caddy).  I could then install the SSD into the PC 
> and restore the image from the special partition and delete the partition 
> when 
> finished.
>
> Any better ideas?
>



signature.asc
Description: OpenPGP digital signature
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-12-03 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week Tonight (and One Day Earlier than Scheduled)

[Hamish MB]

Yes, I'm still free.

Hamish

On 28/10/2019 12:14, Terry Coles wrote:
> Hi,
>
> The next meeting is one week tonight on Monday, 2019-11-04 20:00 at the 
> Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> NOTE:  This Meeting is a day earlier than the scheduled Meeting to avoid Guy 
> Fawkes Night.  This alternative date was voted for a while back on this list 
> and on a Poll created by Ralph.
>
> Hamish,
>
> You confirmed that you are going last week; are you still free for this?
>
> Paul,
>
> Are you going?
>
-- 
  Next meeting: BEC, Bournemouth, *Monday*, 2019-11-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Date of Next Meeting.

[Hamish MB]

Seems good to me - I may be doing bonfire night things then as well.

Hamish

On 02/10/2019 13:55, PeterMerchant via dorset wrote:
> On 02/10/2019 12:10, Ralph Corderoy wrote:
>> Hi,
>>
>> Tim W. wrote:
>>> Nice catch. I'll be doing Bonfire Night things that night.
>> Anyone object to Tuesday 12th instead?
> Happy by me. PM.
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-10-01 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week Tonight

[Hamish MB]

I should be able to go as long as I don't get a shift. I think that's 
pretty unlikely to happen :P

Is it my turn to drive this time?

Hamish

On 24/09/2019 16:57, Terry Coles wrote:
> Hi,
>
> The next meeting is one week tonight on Tuesday, 2019-10-01 20:00 at the
> Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> Paul, Hamish,
>
> Are you going?
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-10-01 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] Free HDMI splitter on offer

[Hamish MB]

Would anyone like a free HDMI splitter? If I need to post it for some
reason, shipping should be £3 but will check if anyone's interested.

One came with something I bought, but I don't need it, so I was
wondering if any of you might have a use for it? It's fully working,
with power adaptor.

Hamish

-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-10-01 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Linker errors cross-compiling NSS

[Hamish MB]

Hi Ralph,

There are definitely more enjoyable hobbies -_-

I've had a look, and I don't think that's what's happening here, but
thanks for the help anyway.

Terry has pointed out to me that this is probably not strictly required
for our use case, so I think I may move on the other hobbies now :)

Hamish

On 07/09/2019 11:52, Ralph Corderoy wrote:
> Hi Hamish,
>
>> I've been trying to cross-compile NSS for the NAS box
> There are probably more enjoyable hobbies.  :-)
>
>> A particular file tries to link against pthread_atfork, but fails.
>> I've checked that the linker is finding the correct libpthread.so, and
>> that the symbol is present (can be seen in "readelf -Ws
>> libpthread.so"), but it still fails.
> pthread_atfork(3) has a long history of being special, and different
> arrangements of how it works over time between platforms confuses things
> more.  I suspect you're falling foul of the linker only plucking
> interesting symbols it knows it needs so far from each object or archive
> as it process them all once in the order they are stated.  This is why
> two archives that have a circular reference need to have one of them
> duplicated, e.g. ‘-lfoo -lbar -lfoo’.
>
> http://ryanarn.blogspot.com/2011/07/curious-case-of-pthreadatfork-on.html
> explains more.  If you don't grasp the initial bit of first reading,
> don't worry.  He moves on to the explanation and solution.
>
> If that's not it then knowing the command that's run and the output
> surrounding the error would help.
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-10-01 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] ECDSA Host keys.

[Hamish MB]

I'm sure there are other people who can give a fuller explanation, but:

Q1: The software creates this key. Each key is unique for each pi.

Q2 & Q3: I don't know, but you probably don't want to do this for
security reasons - the check is used to determine if the host is who it
says it is. The error arises because they all use the same IP address -
your computer can't distinguish between them so it appears the identity
is changing.

The solution is probably for them to have different IP addresses I think.

Hope this helps,

Hamish

On 06/09/2019 13:51, PeterMerchant via dorset wrote:
> Many times when I try to log-in to a Raspberry Pi via SSH I get the
> following message:
>
>
> @@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle
> attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ECDSA key sent by the remote host is
> SHA256:8ayjxAjx4Kar+HObByJH0JBPCfWwAGHytmiNKGxUl90.
> Please contact your system administrator.
> Add correct host key in /home/peterm/.ssh/known_hosts to get rid of
> this message.
> Offending ECDSA key in /home/peterm/.ssh/known_hosts:8
>   remove with:
>   ssh-keygen -f "/home/peterm/.ssh/known_hosts" -R "192.168.1.9"
> ECDSA host key for 192.168.1.9 has changed and you have requested
> strict checking.
> Host key verification failed.
>
> Q1: What is creating this Host key, Is it a combination of the
> hardware and the Raspbian OS?
>
> Q2: How do I change the system so that it is not 'strict checking'?
> and [Q3] do I want to as this PC is also used for Internet access?
>
> All of my Pis use the same IP address for Ethernet connection, and a
> different fixed IP address for wireless connection. I only ever
> connect one at a time.
>
> Thanks for your help.
>
> Peter M.
>
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-10-01 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] Linker errors cross-compiling NSS

[Hamish MB]

Hello,

I've been trying to cross-compile NSS for the NAS box (needed to add and
verify SSL certificates), but I keep running into linker errors.

A particular file tries to link against pthread_atfork, but fails. I've
checked that the linker is finding the correct libpthread.so, and that
the symbol is present (can be seen in "readelf -Ws libpthread.so"), but
it still fails.

I'm pretty sure some of you have a good deal of experience with this
kind of thing, so I was wondering if anyone can help.

Do you have any ideas? :)

Hamish



-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-10-01 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week Tonight

[Hamish MB]

Hello,

Unfortunately, due to me attaining one of those near-mythical shifts, I
won't make it to the pub on Tuesday. I hope you all have a good time
though, and I will hopefully make it to the next one.

Hamish

On 27/08/2019 17:06, Terry Coles wrote:
> Hi,
>
> The next meeting is one week tonight on Tuesday, 2019-09-03 20:00 at the 
> Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> Paul,
>
> Are you going?  My turn to drive.  Hamish says that he will be going.
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-09-03 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - one Week Tonight

[Hamish MB]

I should be able to go.

On 30/07/2019 18:35, Terry Coles wrote:
> Hi,
>
> The next meeting is one week tonight on Tuesday,  2019-08-06 20:00 at the 
> Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> Paul, Hamish,
>
> Are you going? 
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-08-06 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] NAS box follow-up

[Hamish MB]

Hi,

I did manage to get the setup script to run on boot in the end - there
were some scripts on the HDDs used to set up phpMyAdmin that I could modify.

Thanks for all your help Ralph :)

Hamish

-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-08-06 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] Sponsored walk to support AIM Community and High Mead Farm

[Hamish MB]

Hi everyone.

I meant to mention this at the meetup yesterday, but I forgot.

On Friday I am taking part in a sponsored walk to raise money for charity, and 
I was wondering if any of you would like to donate? You can go to 
https://www.give.net/dusktildawn2019 to support AIM Arts Academy and High Mead 
Farm. You can find more information about them at https://www.aimcommunity.org/ 
and https://www.facebook.com/pg/highmeadfarm2015/about/

There is no pressure to donate, but I thought it would be good to send you this 
so you can do so if you would like to.

Hamish
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-08-06 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week tonight

[Hamish MB]

I should be able to go this time. My turn to drive?

On 25/06/2019 18:15, Terry Coles wrote:
> Hi,
>
> The next meeting is one week tonight on Tuesday, 2019-07-02 20:00 at the 
> Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> Paul, Hamish,
>
> Are you going? 
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-07-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] Cross compiler with different binutils and glibc versions

[Hamish MB]

Hi all,

I thought I would ask here because I'm sure there are a few of you that
can answer this :)

I have recently been setting up a cross compiler for an old NAS box, as
part of the river control system for the model town. The NAS box uses
particular outdated versions of glibc/eglibc (2.8) and binutils (2.19).

The cross compiler is currently not building those versions of glibc and
binutils, I instead have glibc 2.9, and binutils 2.19.1. How important
is this likely to be? I am aware that statically linking binaries might
overcome any glibc-related issues, but I am not sure about binutils. Any
ideas?

Hamish McIntyre-Bhatty

-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-07-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Disc Drive Read Errors

[Hamish MB]

I have been running badblock's read-only test on the other bad drive
(currently in the NAS) today. There have been a total of 292 bad sectors
thus far - I don't trust this drive not to randomly fail/degrade rapidly.

If gsmartctl is right, the drive has been powered on for a total of
around 7 years! Does this sound reasonable, Terry?

Either way, we could try rescuing these drives with the destructive (or
non-destructive) read-write options for badblocks, but I think it
probably makes more sense to get a new 1 TB drive. I doubt they're too
expensive, seeing as 1TB isn't huge these days.

This is especially a good idea, because any custom programs/software we
build/compile for this may have to be on the HDDs - the NAND storage is
tiny and writing to it probably means re-flashing it. There is a
serial/debug port on the PCB to which we can solder pins to unbrick it
if we have to, but this may be an avenue best avoided. Also, the NAND is
only 128MB - probably not enough to add anything useful.

As for how well it handles damaged drives, the RAID re-sync failed
(without any error!) after I removed and reinserted the bad drive. The
current state of the array is "degraded" - we probably need a good
drive/to fix one of these before we use it.

Hamish

On 15/06/2019 17:46, Ralph Corderoy wrote:
> Hi Terry,
>
>> After logging these badblocks reported nothing until I gae up about 6
>> hours later.
> `lsusb -t' shows the maximum speed the USB device may operate at.  You
> might improve things if you move it to a USB 3.0 port and it can cope.
>
>>> But this is a ‘new’ drive being added to the existing one to make an
>>> array so it will be the destination of the mirroring and have lots
>>> written to it?  It's only the reading of it, e.g. a regular ‘scrub’
>>> that will show problems.
>> The 'old' drive will have nothing on it, so we could put this one in
>> first and then add the other.
> But this one has bad blocks that can't be read.  If the NAS does just
> mirror all sectors from this to the second drive then it will have read
> errors.  Is there any data on this disk that you hope to save?  If not,
> write to all its sectors so the drive's firmware can abandon attempts to
> read the dodgy sectors and start from scratch by then partitioning it
> and making filesystems.
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-07-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week Tonight

[Hamish MB]

Hi,

I will be able to come to this one :)

Hamish

On 28/05/2019 16:51, Terry Coles wrote:
> Hi,
>
> The next meeting is one week tonight on Tuesday, 2019-06-04 20:00 at the 
> Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> Paul, Hamish,
>
> Are you going?  My turn to drive.
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-06-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Python help

[Hamish MB]

Hi Ralph,

Cheers, that makes a lot of sense, thanks for explaining the use case :)

As someone who's mostly worked in Python, I guess I've never seen it used.

Hamish

On 12/05/2019 09:26, Ralph Corderoy wrote:
> Hi Hamish,
>
>> I've heard bad things about goto :)
> Forget all you've heard.  :-)
>
> The problems with goto date back to languages that offered a one-line
> if-statement that could goto.  No other control-flow than goto existed;
> no while-loop, for-loop, etc.  This included very popular languages that
> were the mainstream, e.g. FORTRAN 77, that I and others here used.
> Unfettered use of conditional goto then created a tangle of flow that
> could be difficult to follow, especially as labels were just numbers and
> didn't need to be in numerical order.  Oh, and labels were also used for
> I/O formatting.  :-)  Thus it was easy for code to `bit rot' into a
> tangle over time.
>
> Structured used of goto, including conditional goto, was fine.
> It's just your normal control-flow structures written a different way.
> In the 70s, a movement gained ground, Structured Programming, to promote
> this style and goto was tamed.
>
> But goto still exist, and very useful it is too, allowing flow not
> possible without it without overhead.  Donald Knuth's 1974 paper,
> _Structured programming with go to statements_, is a good read if you
> want to see why.
> https://lxr.missinglinkelectronics.com/linux/fs/file.c#L85 is an example
> from the Linux kernel of its continuing use.
>
> And of course, behind the scenes, your CPU is doing goto and conditional
> goto all the time; it has nothing higher level.  It also has interrupts,
> that are a goto that can happen without a goto instruction.  :-)
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-06-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Python help

[Hamish MB]

Hi Tim,

1)

I've been using Python for a long time and have never seen it fit to use labels 
- are you sure you don't want to divide it into multiple functions or methods? 
If labels are similar to goto, I would hesitate to use it - I've heard bad 
things about goto :)

2)

The documentation on python.org is excellent as a resource. 
Other than that, hmm, I'm not sure. I know I've found some, but haven't 
bookmarked them.

Hope this is helpful,
Hamish
On 12 May 2019, at 08:43, tim 
mailto:zir...@xendistar.co.uk>> wrote:

Evening all

trying to teach myself Python at the moment and not doing to well so I have a 
couple of questions
if anybody can help me.

1) I need to understand how to use labels (which I believe is what you should 
use in Python 3
instead of goto), I have a section where I ask a question and the user inputs 
an answer that
obviously can be right or wrong, I need to be able to return to the start of 
the questions if they
answer the question wrongly

2) Anybody recommend any good online tutorial and\or books. I have a couple at 
the moment, Python
for Kids and an old copy of Learning Python

Thanks in advance

Tim H
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-06-04 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] The Linux Solution book

[Hamish MB]

This looks cool, I'll buy it as well.

Hamish

On 01/05/2019 10:03, Keith Edmunds wrote:
> Hi everyone! My book, "The Linux Solution", is available on Kindle for 99p
> today. All proceeds to Great Ormond Street Children's Charity.
>
> I'd appreciate it if you were able to support both the book and GOSH by
> spending 99p on it (the offer is only for today).
>
> https://www.amazon.co.uk/Linux-Solution-Support-Scalable-Systems-ebook/dp/B07NZJHKHN/ref=tmm_kin_title_0?_encoding=UTF8=1556697454=8-1
>
> Thanks,
> Keith
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-05-07 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week Tonight

[Hamish MB]

Hi,

I will be at a meetup on that week, so unfortunately I won't be able to 
come :/

Hamish

On 30/04/2019 17:09, Terry Coles wrote:
> Hi,
>
> The next meeting is one week tonight on Tuesday, 2019-05-07 20:00 at the
> Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> Paul, Hamish,
>
> Are you going?
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-05-07 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] KMail "ghost" messages after deleting from IMAP folders

[Hamish MB]

Interesting, cos thunderbird does this as well - I'll see if I can find
an option for that in there too.

Hamish

On 12/04/2019 12:05, Patrick Wigmore wrote:
> Hi List,
>
> For many years, I had a problem where, after deleting a message from 
> an IMAP folder in KMail, or moving a message from one folder to 
> another, it would at first appear to be deleted/moved, but then, the 
> next time the folder was refreshed to show what was on the server, a 
> "ghost" of the removed message would reappear in its original 
> location. The ghost could not be viewed or interacted with like a 
> normal message. If I logged into the webmail for the affected account, 
> the ghost messages would look just like normal messages.
>
> This problem occurred with pretty much any IMAP account from any email 
> service provider.
>
> I was going to post to ask advice about this, but I finally figured 
> out what the issue is.
>
> In IMAP, it turns out, "delete" just means something like "flag this 
> message for deletion during the next expunge", where "expunge" is 
> another operation the client can ask to be performed. The "ghost" 
> messages I'd been seeing were messages that were marked for deletion 
> but not expunged.
>
> In KMail, it seems, the setting I needed was "Automatically compact 
> folders (expunges deleted messages)" under the "Advanced" tab of the 
> settings for each relevant IMAP account. This causes KMail to expunge 
> the deleted messages pretty much straight away, eliminating the ghost 
> messages.
>
> I would not be surprised if "Automatically compact folders" is the 
> default and I mistakenly deselected it at some point.
>
> Hopefully this information will help one or two other KMail users with 
> the same problem.
>
>
>
> Patrick
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-05-07 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Knotes and other means of keeping files

[Hamish MB]

I use Evernote which sound fairly similar as a solution. There's an unofficial 
client for Linux called nixnote.

Hamish
On 17 Mar 2019, at 08:01, 
t...@ls83.eclipse.co.uk wrote:

On 16/03/2019 16:55, Keith Edmunds wrote:
 On Sat, 16 Mar 2019 16:19:53 +, dorset@mailman.lug.org.uk said:

 Until Google retires Keep.

 For that reason, I have started using Simplenote. Not as sexy as Keep, but
 it does support markup, and runs natively on Linux, OSX and Windows as
 well as in a web browser.

Another option is Emacs Org mode. Everything from note taking, todo lists, 
agendas, calendaring, project time tracking to producing formatted documents 
(using markup) and publishing to LaTeX, PDF, HTML, and can use Tramp mode to 
access from anywhere over SSH.

Cheers

Tim
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] How can I list all installed packages from a particular origin (debian)

[Hamish MB]

NB: Also the licenses for these can be found inside the packages or in 
/usr/share/doc//copyright if anyone else would benefit from 
this information.

Hamish

On 14/03/2019 16:55, Hamish MB wrote:
> Ralph,
>
> I have come to the same conclusion, but that will do just fine for me. I have 
> posted the script here in case anyone else finds it useful.
>
> The script I ended up using is as follows:
>
> """
>
> #!/bin/bash
>
> RED='\033[0;31m'
> GREEN='\033[0;32m'
> YELLOW='\033[1;33m'
> NC='\033[0m'
>
> for pkg in $(dpkg --get-selections)
> do
>  component=$(apt-cache policy $pkg | grep "http" | awk '{print $3}')
>  component=$(echo $component | awk '{print $0}')
>
>  #if [[ $component == *"main" || $component == *"contrib" ]]
>  #then
>  #echo -e "${YELLOW}$pkg:${NC} ${GREEN}$component${NC}"
>  #
>  #fi
>
>  if [[ $component == *"non-free" ]]
>  then
>  echo -e "${YELLOW}$pkg:${NC} ${RED}$component${NC}"
>
>  fi
> done
>
> """
>
> It took a while to write this, because I'm not familiar with weird bash 
> syntax, but it seems to work fine, if a bit slowly. Uncomment the commented 
> lines for a readout of other packages too.
>
> NOTE: The component names are different in Ubuntu and derivatives so it won't 
> work quite right on them, though i can easily be adapted.
>
> Hamish
>
> On 14/03/2019 16:18, Ralph Corderoy wrote:
>
> Hi Hamish,
>
>
>
> I was wondering if any of you had found a good way to list all
> installed packages from a particular source (eg the "restricted"
> component) on Debian-based systems? Basically I want to do this so I
> can programmatically check exactly which non-OSS packages are
> installed w/o there being any risk of me missing one, and without
> going through every single package manually.
>
>
> I don't think Debian's APT packaging system records where it installed a
> package from.  You can look instead at where that package is available
> now.  Not quite the same thing.  I could be wrong, my main system hasn't
> been APT-based for a while.
>
> This gives you a start.
>
>  cd /var/lib/apt/lists &&
>  fgrep -xf <(dpkg-query -Wf 'Package: ${package}\n') *_Packages
>
> It takes a list of installed packages and looks for the matching lines
> in the indexes of what's available.  That means they're sorted by
> source, which is handy.  The bad news is you get duplicates because some
> packages are available in i386 and amd64.  Also, you need to check that
> every package you have installed has been found, so that command needs
> expanding a little with some more checks.
>
>
-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] How can I list all installed packages from a particular origin (debian)

[Hamish MB]

Ralph,

I have come to the same conclusion, but that will do just fine for me. I have 
posted the script here in case anyone else finds it useful.

The script I ended up using is as follows:

"""

#!/bin/bash

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

for pkg in $(dpkg --get-selections)
do
component=$(apt-cache policy $pkg | grep "http" | awk '{print $3}')
component=$(echo $component | awk '{print $0}')

#if [[ $component == *"main" || $component == *"contrib" ]]
#then
#echo -e "${YELLOW}$pkg:${NC} ${GREEN}$component${NC}"
#
#fi

if [[ $component == *"non-free" ]]
then
echo -e "${YELLOW}$pkg:${NC} ${RED}$component${NC}"

fi
done

"""

It took a while to write this, because I'm not familiar with weird bash syntax, 
but it seems to work fine, if a bit slowly. Uncomment the commented lines for a 
readout of other packages too.

NOTE: The component names are different in Ubuntu and derivatives so it won't 
work quite right on them, though i can easily be adapted.

Hamish

On 14/03/2019 16:18, Ralph Corderoy wrote:

Hi Hamish,



I was wondering if any of you had found a good way to list all
installed packages from a particular source (eg the "restricted"
component) on Debian-based systems? Basically I want to do this so I
can programmatically check exactly which non-OSS packages are
installed w/o there being any risk of me missing one, and without
going through every single package manually.


I don't think Debian's APT packaging system records where it installed a
package from.  You can look instead at where that package is available
now.  Not quite the same thing.  I could be wrong, my main system hasn't
been APT-based for a while.

This gives you a start.

cd /var/lib/apt/lists &&
fgrep -xf <(dpkg-query -Wf 'Package: ${package}\n') *_Packages

It takes a list of installed packages and looks for the matching lines
in the indexes of what's available.  That means they're sorted by
source, which is handy.  The bad news is you get duplicates because some
packages are available in i386 and amd64.  Also, you need to check that
every package you have installed has been found, so that command needs
expanding a little with some more checks.


-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] How can I list all installed packages from a particular origin (debian)

[Hamish MB]

Hi all,

I was wondering if any of you had found a good way to list all installed 
packages from a particular source (eg the "restricted" component) on 
Debian-based systems? Basically I want to do this so I can 
programmatically check exactly which non-OSS packages are installed w/o 
there being any risk of me missing one, and without going through every 
single package manually.

Hamish

-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

[Dorset] Redistributing binary firmware with a custom live disk

[Hamish MB]

Hi all,

For a custom live disk I'm making for Disk Verifier (commercial program 
I showed some of you before at the pub), I need to ship some proprietary 
display drivers (eg amdgpu). All of the ones I've looked at allow 
redistribution (under some other terms I can comply with eg not 
decompiling), but I am unsure how to license the final disk image, or 
what license statement to use if any - most of the software is GPL.

Any ideas?

Hamish

-- 
  Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week Tonight

[Hamish MB]

Sounds fair :)

Nothing is installed, so you should be fine XD. Thanks :)

Hamish

On 31/01/2019 12:09, Terry Coles wrote:
> On Thursday, 31 January 2019 10:11:54 GMT Hamish MB wrote:
>> Oops: Previous email sent only to Terry.
>>
>> Yep, I am going
>>
>> Is it my turn to drive? I can't remember.
> Well.  It's been a while, but it's definitely not Paul's turn, because he
> drove last time.  I think that the time before that, I drove, but neither  you
> or Paul went.  According to my records (doodles on my calendar), you drove in
> November, so it's probably just about your turn now.
>
>> By the way, I have been making a Debian-based live disk for my new
>> program over the last week or so. Would any of you be okay with trying
>> it on your laptops so I can make sure the graphics drivers work? I've
>> had some issues with them, but I think it's all fixed now.
> Do you warrant it against all damage caused by the installation of your
> software :-)
>
> Not a problem, you can try it on my Dell.
>
--
  Next meeting: BEC, Bournemouth, Tuesday, 2019-02-05 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week Tonight

[Hamish MB]

Oops: Previous email sent only to Terry.

Yep, I am going

Is it my turn to drive? I can't remember.

By the way, I have been making a Debian-based live disk for my new 
program over the last week or so. Would any of you be okay with trying 
it on your laptops so I can make sure the graphics drivers work? I've 
had some issues with them, but I think it's all fixed now.

Hamis

On 29/01/2019 17:18, Terry Coles wrote:
> Hi,
>
> The next meeting is one week tonight on Tuesday, 2019-02-05 20:00 at the
> Bournemouth Electric Club.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric
>
> Paul, Hamish,
>
> Are you going?
>
--
  Next meeting: BEC, Bournemouth, Tuesday, 2019-02-05 20:00
  Check to whom you are replying
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next Meeting - One Week Tonight

[Hamish MB]

Yep, I shall be going.
On 27 Nov 2018, at 20:07, Terry Coles 
mailto:d-...@hadrian-way.co.uk>> wrote:

Hi,

The next meeting is one week tonight on Tuesday, 2018-12-04 20:00 at the
Bournemouth Electric Club.  See:

http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#bournemouth_electric

Paul, Hamish,

Are you going?  My turn to drive.
--
  Next meeting at *new* venue:  Bournemouth, Tuesday, 2018-12-04 20:00
  Check if you're replying to the list or the author
  Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
  New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] The World Turns!

[Hamish MB]

Interesting, and probably a good thing too.

However, it is worth noting that they are still using sister companies 
to file patents against Linux and open-source projects the last time I 
looked - to keep their record clean - but they might have stopped :)


On 11/10/18 12:07, Terry Coles wrote:
> I have to say that I'm totally gob-smacked at this news:
>
> https://www.theregister.co.uk/2018/10/10/microsoft_open_invention_network/
>
> I remember all of the controversy about 10-15 years ago when Microsoft
> (amongst others) were busy patenting everything remotely related to software
> (the double click and the NOT operator for example).  US companies were busy
> suing each other for $Billions, just so they could stop the competition using
> ideas that were generally 'bleeding obvious'.
>
> So now Microsoft has come across to the light side and given most of its
> 'inventions' to the Open Invention Network 
>
> When I read the headline I actually said 'Wow' - out loud.  :-)
>

--
Next meeting at *new* venue:  Bournemouth, Tuesday, 2018-11-06 20:00
Check if you're replying to the list or the author
Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] What Are Folder Subscriptions in Thunderbird All About?

[Hamish MB]

Hi Terry,

Sounds strange, I've never had to do that before, but I use Google Mail 
and Live Mail, so it might be a different process for you.

Are you using IMAP to connect to your mail server, because given the 
choice between that and POP, you probably want IMAP?

Hamish

On 10/10/18 12:33, Terry Coles wrote:
> Hi,
>
> As threatened some weeks ago, I have just configured Thunderbird to 
> manage my mail instead of KMail.
>
> It seemed to be working OK, except that it didn't seem to be 
> displaying the contents of all of the folders on the server.  As many 
> of you know, I have a number of mailboxes on my server (One and One 
> hosted) and each box has one or more folders and sub-folders to 
> contain and organise by mail.
>
> One of these folders is called /Archive/Government and under it I 
> currently have:
>
> Government -
>    Council -
>   DCC -
>   EDDC -
>    MEP
>    MP
>
> etc.
>
> Each of these folders contains one to many messages, as you would expect.
>
> In KMail, these folders are displayed correctly, but in Thunderbird I 
> found that the Government folder was greyed out and I only got the MEP 
> folder at first.
>
> I then discovered this: 
> https://ubuntuforums.org/showthread.php?t=2310625.
>
> I tried Subscribing and Unsubscribing to the folders in that Mailbox 
> as suggested and I can now see the folders immediately below 
> Government, but I can't see the sub-folders under Council.
>
> Anyone know what is going on here and what is this Subscription thingy 
> anyway?
>
>
>

--
Next meeting at *new* venue:  Bournemouth, Tuesday, 2018-11-06 20:00
Check if you're replying to the list or the author
Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Checking IP and MAC connections

[Hamish MB]

Hi James,

That's really interesting. If you come to one of the meetings soon we 
should chat about it.

I find cyber security interesting, and maybe will start my career in it. 
There are too many things I find interesting XD.

Hamish


On 01/10/18 11:59, James Blake wrote:
> I’m not a penetration tester, although I did do that for a while but I was 
> more on the social engineering side (which often requires some form of 
> delivery mechanism and payload for the mark to execute).
>
> I now a manager of a bliue team capabilities (detection using correlation, 
> analytics and hunt; cyber threat intelligence collection, analysis and 
> dissemination; triage and investigation; and often a but of digital forensics 
> and incident response.  My team have been involved in doing this for about 25 
> of the FORTUNE 100 organisations - don’t know if this mailing list gets 
> publicly archived so I can’t say who.
>
> In order to be a good blue teamer, you need to understand the attack vectors, 
> methodologies and motivations of the (red) attacker - hence knowing how to do 
> stuff like this.  If you’re interested in knowing how to conduct a good 
> pentest the Penetration Testing Execution Standard (PTES) is a good resource; 
> to learn about the attack vectors, you can’t go wrong with the MITRE ATT 
> Framework; and, finally, one of the most respected exams in this area is the 
> Offensive Security Certified Professional (OSCP) which is from the makers of 
> the Kali Linux penetration testing distribution - be warned, the training is 
> only a starting point for what you need to know so if you sign up for their 
> 90 days lab and access to training, you’ll go down lots of rabbit holes 
> around learning assembly, reverse engineering, etc to an extent you’ll need 
> to read a couple of books on each topic to do well in the 24 hour hands on 
> exam (with another 24 hours to finalise and submit the report).
>
> If anyone is considering a career in cyber security and I’m not abroad (which 
> is why I can’t attend many of the meetings) I’m happy to share any advice.
>
> Regards
>
>
> James
>
>
>
>> On 1 Oct 2018, at 10:39, Ralph Corderoy  wrote:
>>
>> Hi James,
>>
>>> You can always write a script in Python using scapy to spam ARP
>>> broadcasts with the IP address associated to the MAC you want.  Most
>>> network stacks will blindly take this and throw out the one they have
>>> cached.
>> nping(1) should also be able to put fake ARP replies onto the wire for
>> those that want to play at home.
>> http://declinesystems.blogspot.com/2012/07/man-in-middle-with-nping.html
>>
>> Cheers, Ralph.
>>
>> --
>> Next meeting at *new* venue:  Bournemouth, Tuesday, 2018-10-02 20:00
>> Check if you're replying to the list or the author
>> Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
>> New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk
>
> --
> Next meeting at *new* venue:  Bournemouth, Tuesday, 2018-10-02 20:00
> Check if you're replying to the list or the author
> Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
> New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

--
Next meeting at *new* venue:  Bournemouth, Tuesday, 2018-11-06 20:00
Check if you're replying to the list or the author
Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Checking IP and MAC connections

[Hamish MB]

It's interesting as an exercise, but MAC addresses can be spoofed easily, so 
why would you do that?

A static IP is perhaps better. Interestingly, my tplink router does this 
automatically, as did the BT routers before it - perhaps there's an option.

Hamish
On 30 Sep 2018, at 13:42, Ralph Corderoy 
mailto:ra...@inputplus.co.uk>> wrote:

Hi Clive,

 Problem is trying to ensure that the IP address is issued to the
 required MAC address.

I think you're trying to have the ADSL router dish out IP addresses to
those that come asking by DHCP from your LAN, but have the DHCP server
always give a known IP address to the same MAC address, and possibly
refuse to give an IP address to any unknown MAC address.

Whether that's possible with the TalkTalk router's GUI, I don't know.
You might just have to poke around lots, or ask on a TalkTalk forum.

As James said, arp(8) might be useful.  The
https://en.wikipedia.org/wiki/Address_Resolution_Protocol is used by a
machine to find the MAC address for the IP address it's trying to
contact.  Linux builds an ARP table over time of the recent IP addresses
and their corresponding MAC addresses that it has seen on the network.
`arp -a' lists this table.  You could encourage it to have more entries
by ping(8)ing IP addresses before hand.

ping -c 3 192.168.0.42
arp -a

Or a broadcast ping to the network.  (The ping might need a sudo.)

ping -b -c 3 192.168.0.255
arp -a

Peter's advice is another option.  Ditch the centralised allocation of
IP address for MAC address on the router and configure each device to
use a distinct static IP address instead.  Moving the range dished out
by the DHCP server out of the way of the range you've used for the
static ones.  The downside is you no longer have a single view of what
devices exist.

Cheers, Ralph.

--
Next meeting at *new* venue:  Bournemouth, Tuesday, 2018-10-02 20:00
Check if you're replying to the list or the author
Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk
--
Next meeting at *new* venue:  Bournemouth, Tuesday, 2018-10-02 20:00
Check if you're replying to the list or the author
Meetings, mailing list, IRC, ...  http://dorset.lug.org.uk/
New thread, don't hijack:  mailto:dorset@mailman.lug.org.uk

Re: [Dorset] Next meeting - One Week Tonight

[Hamish MB]

I think it's your turn, if the one with all the police swarming about 
was the last one we went to, where I had my shift afterwards?

Hamish


On 29/08/18 09:50, Terry Coles wrote:
> On Wednesday, 29 August 2018 08:54:52 BST Hamish MB wrote:
>> I should still be going, but it depends on if I get a shift then or not,
>> and whether I take it - I'll let you know.
> OK.  I wasn't sure if your revision might also affect your availability.
>
>> Is Clive around, because it might be my turn to give him a lift, I can't
>> remember?
> I'm not sure.  Do You have his email address?  If not, I can get in touch with
> him to find out for you.
>
> Paul can't come again, so it will be one of us to drive anyway.  Can you
> remember who drove last time?
>

-- 
CHECK IF YOU'RE REPLYING TO THE LIST OR THE AUTHOR

Re: [Dorset] Thunderbird profiles

[Hamish MB]

Ah I see 
On 10 Aug 2018, at 22:09, Ralph Corderoy 
mailto:ra...@inputplus.co.uk>> wrote:

Hi Hamish,

 I thought you were employed by Red Hat?

There's at least three Tims on the mailing list.
`Thunderbird' Tim isn't the one you saw on Tuesday at the pub.  :-)

Cheers, Ralph.
-- 
Next meeting:  Bournemouth, Tuesday, 2018-09-04 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Thunderbird profiles

[Hamish MB]

Yes, I renamed it before and it worked. If it doesn't you can always revert :).

I thought you were employed by Red Hat?

Hamish
On 10 Aug 2018, at 21:45, Tim 
mailto:t...@xendistar.co.uk>> wrote:

On 10/08/18 14:52, Ralph Corderoy wrote:


 No, Tim should `create a new profile' before `Tools→Import the copies'.
 https://support.mozilla.org/en-US/kb/using-multiple-profiles


I am pretty sure deleting or removing current profile folder
.Thunderbird, normally found in the users home folder, Thunderbird
should recreate one when it next launches.


Tim

-- 
Next meeting:  Bournemouth, Tuesday, 2018-09-04 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Thunderbird profiles

[Hamish MB]

Yes, I renamed it before and it worked. If it doesn't you can always revert :).

I thought you were employed by Red Hat?

Hamish
On 10 Aug 2018, at 21:45, Tim 
mailto:t...@xendistar.co.uk>> wrote:

On 10/08/18 14:52, Ralph Corderoy wrote:


 No, Tim should `create a new profile' before `Tools→Import the copies'.
 https://support.mozilla.org/en-US/kb/using-multiple-profiles


I am pretty sure deleting or removing current profile folder
.Thunderbird, normally found in the users home folder, Thunderbird
should recreate one when it next launches.


Tim

-- 
Next meeting:  Bournemouth, Tuesday, 2018-09-04 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Thunderbird profiles

[Hamish MB]

Hi Tim,

I use a plugin called ImportExportTools to help with this, which is 
perhaps a better option than copying the files manually. If you export 
in EML format, you should be able to re-import.

You can also save in a nice HTML format (and various others) if you 
don't need to view them in thunderbird anymore, which is whatI do for 
archiving old emails.

Hope this helps,

Hamish


On 10/08/18 14:36, PeterMerchant via dorset wrote:
> On 10/08/18 10:59, Ralph Corderoy wrote:
>> Hi Tim,
>>
>>> But over time little niggles have crept in (I posted about those issue
>>> a few months ago)
>> Is that
>> https://www.mail-archive.com/dorset@mailman.lug.org.uk/msg07654.html ?
>> I've just watched the video of Thunderbird's window not repainting
>> content until you run the mouse pointer over each item.
>> https://support.mozilla.org/en-US/questions/1058083 and the
>> https://support.mozilla.org/en-US/questions/1012145 it refers to seem
>> relevant.
>>
>>> so I have got to a point where I want to setup a new profile and
>>> import the email from the old profile into the new profile, is it
>>> possible??
>> I'm sure it must be.
>> http://kb.mozillazine.org/Importing_and_exporting_your_mail seems to
>> have a lot of information, but not cover your case.  It says Thunderbird
>> uses mbox format to store emails.  Can you exit Thunderbird, cp(1) those
>> elsewhere, start Thunderbird, create a new profile, and Tools→Import the
>> copies of the mbox files?
>>
>> Cheers, Ralph.
>>
> At the bottom of the tools menu, there are a number of Import/export 
> options for mail. But this doen't cover the option of setting up a new 
> profile.
>
> Peter M.
>
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-09-04 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Possible IP Conflict

[Hamish MB]

I'd agree with Ralph: seems like a coincidence.

Hamish
On 31 Jul 2018, at 15:19, Ralph Corderoy 
mailto:ra...@inputplus.co.uk>> wrote:

Hi Terry,

 Initially, I connected the new WiFi Antenna to my laptop and got a
 weak but usable signal.
 ...
 About an hour after those tests, I plugged the new passive WiFi
 Antenna into the Pi

 This is the one single antenna, and it was moved?

 This is the new external antenna on a pole outside the room where the
 Pi is.  It is not the 'Outdoor WiFi AP' in the diagram.

No, I know it's not the customer-facing outdoor WAP.  I was checking
that `the new WiFi Antenna' and `the new *passive* WiFi Antenna' were
the single item.

 Does it have a fixed MAC address, shown with `ip l' wherever it's
 plugged in?  If so, did the Pi get a DHCP lease for the same IP
 address that had earlier been given to your laptop when it had that
 MAC address?

 I didn't look at the IP address provided to the laptop or the Pi at
 the time, but presumably, since the Adaptor's MAC Address remains the
 same, the Router would dish out the same number?

I'd guess so.

 Apparently the connection does drop out from time to time (allegedly
 when customers stand between the Extender and the Router).

`Man blocks wifi signal'.  You're probably not the cause of their
problem.  :-)

 However, the Cafe Manager says they lost it for about an hour.  In
 fact, I've just spoken to the WMT Manager again and he thinks that the
 problem didn't start until after I had shut down the Pi, so it looks
 even more unlikely to be caused by me.

Next time you're in, announce you're going to be fiddling with it,
but then don't, and see if there's still outages?
-- 
Next meeting:  Bournemouth, Tuesday, 2018-08-07 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Problems with The UK Mirror Service https://www.mirrorservice.org/

[Hamish MB]

Use archive.raspbian.org in your sources.list for now? That would mean 
you wouldn't need to stop :)


On 09/07/18 15:02, Terry Coles wrote:
> On Monday, 9 July 2018 14:56:11 BST Ralph Corderoy wrote:
>> So things are afoot and I think you just have to be patient.
>> https://twitter.com/ukmirrorservice seems to agree.
> Thanks Ralph, (and Patrick and Ian).
>
> Another delay to sorting out my WMT Webserver ;-(
>
> I lost a week last week because my Mother was staying and now
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-07-17 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] LUG Meets World Cup.

[Hamish MB]

I vote #2 - I think it's likely that any other place will be completely 
packed too.

Hamish

On 26/06/18 17:24, Terry Coles wrote:
> On Monday, 25 June 2018 14:02:29 BST Ralph Corderoy wrote:
>> I'd be happy to ditch the beer on tap, especially if there was the
>> option of `BYO'.  Meeting rooms in libraries are no good as they close
>> too early.  A pub with a `function room'?  The community hall option,
>> but we'd need a key to lock up as we leave.
>>
>> It would be nice to be able to open up the format a bit beyond very
>> localised chat with immediate neighbours.
> So.  In the short term; what are we going to do?  There haven't been many
> suggestions for alternative venues yet and the Broadway will undoubtedly be
> packed and noisy.
>
> I suggest that we take a poll on two alternatives (short term solution):
>
> 1.  Cancel this months meeting.
>
> 2. Postpone this months meeting until after the Football is finished (the
> Final is on the 15th).
>
> If we chose Number 2., there aren't any other upcoming events that might
> impact the pub availability after the 15th. (There are some, but the Tour de
> France and the Golf Open shouldn't fill the place :-)
>
> Place your bets please!
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-07-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using a Raspberry Pi as a Network Router

[Hamish MB]

Raspbian lite might be a good choice?


On 19/06/18 13:41, Terry Coles wrote:
> On Tuesday, 19 June 2018 12:00:42 BST Ralph Corderoy wrote:
>> You've assembled a system of software parts and it doesn't work.
>> Debugging it will be hard because of the possible interactions between
>> the parts that are unknown.  I'd try to strip it back to the minimal and
>> get that working, e.g. same hardware, eth1 configured by DHCP, as now,
>> eth0 manual configuration, customer-mobile (another Pi?) manual too.
>> Ping from pi-3 to Internet, and then the pi-mobile to each of the
>> interfaces along the route to the Internet.
> Unfortunately, I'm fresh out of Pis but I may be able to cobble together
> something using a mobile phone or laptop connected by Ethernet instead of via
> the Belkin Router.  I was already thinking of substituting the Belkin Router
> with another one, if I can find a suitable device, but your suggestion would
> remove yet another variable.
>
> I was also thinking of starting again from scratch with a clean installation
> of Raspbian and building the RPi Router from there, before ever attempting
> something like NoDogSplash.  At least then I would know that I haven't
> introduced some incompatibility along the way.
>
>> Given `address', ...
> I'm sorry, I don't understand that comment.
>
>> `netmask', `network' and `broadcast' are redundant here as they're
>> corresponding values that can be simply computed.
> OK.  I was simply following the tutorial that I had found.
>
>> It's a gateway from the perspective of that interface, not how others
>> see that interface as this isn't being used to configure those others.
>> See interfaces(5) for that system and
>> https://debian-handbook.info/browse/stable/sect.network-config.html#sect.int
>> erface-ethernet I don't think you want it at all, and that suggests the
>> http://qcktech.blogspot.com/2012/08/raspberry-pi-as-router.html you
>> reference may have other problems.
> OK.  I'll look into that.
>
>> These are the commands that one version of ifup(8) and friends run from
>> package ifupdown's `inet.defn' so you can see how `gateway' is used.
> OK.  I'll look into that too.
>
> One final question.  If I open a default copy of /etc/network/interface, it
> says that the file is intended to be used with dhcpcd.conf.  Do I still need
> to define the static IP address of eth0 in both places or just here?
>
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-07-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Setting up a URL Filter and Cascading Routers

[Hamish MB]

Plan D can be don't use DHCP for your client and set a static IP that way - no 
router configuration needed. Just set it to something outside the DHCP lease 
range ( often 192.168.1.1 - 100)

Hamish
On 14 Jun 2018, at 18:01, Terry Coles 
mailto:d-...@hadrian-way.co.uk>> wrote:

Hi,

At the Meeting last week, our half of the table was talking about providing
limited access to the internet for our private network at the Wimborne Model
Town.  The object of this is to allow Android phones access to their special
sites to make them think they have full Internet Access.

This problem has gone through several iterations:

Plan A was to spoof the Google check sites from the local Webserver - this
originally worked and still does in a limited way, but doesn't work with later
versions of Android.

Plan B was to apply for and obtain a full SSL Certificate for the WMT website
and re-use it on the RPi Webserver - that failed because the WMT website
maintainer doesn't seem to want to play along with that.

Plan C was to interpose a URL filter between the local Webserver and the
Office Router; we discussed that at the Meeting and on this list and the
solution proposed was to use SquidGuard.  Subsequently, I found that the
reconfiguration needed to SquidGuard to turn it from a Kids Guard tool to what
we needed was pretty mega and someone on the RPi Forums suggested NoDogSplash,
which provides a Captive Portal.

Since a Captive Portal is exactly what we need (now I know what one is), I set
out to do it.  Unfortunately that has now failed because it seems that the
WMT's ISP has locked down the supplied Router and do not allow admin logins.
Without that, I cannot use a fixed IP Address on the Internet side of the RPi
(which will have two Ethernet Adaptors) and so I cannot configure NoDogSplash
to point the users at it.

The WMT Manager does not want to change the ISP/Router mid-season, (quite
reasonable since the Point of Sale equipment is connected to it), so I feel
that I've run out of solutions and therefore have no Plan D at present.

However, someone has just suggested Cascading Routers.  I've looked into this,
but it seems to me that this solution suffers from the same problem as Plan C,
because the 2nd Router needs to have a fixed IP Address too.  (In fact, I feel
that we would be cascading three routers even if we could get it to work,
since the RPi (with it's extra Ethernet Adaptor connected) is a router in its
own right.

Any ideas for Plan D/E?

-- 
Next meeting:  Bournemouth, Tuesday, 2018-07-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] PolKit auth_admin_keep strange behaviour and input sanitising

[Hamish MB]

Hi Ralph,

Fortunately, that will never happen because of the way the GUI works. The 
org.freedesktop.policykit.exec.argv1 annotation isn't working but I have a 
different idea, so no worries, it's all working now. Thanks for all your help :)

"

Actually, it's probably Tim who should buy for putting us both through
this by pointing at polkit.  :-)

"

I'm not sure that's fair :)

Hamish

On 17/05/18 14:34, Ralph Corderoy wrote:

Hi Hamish,



I'll just try to find the more restrictive settings that work for my
use case then.



Another thought...  Look out for the GUI allowing the user to kick off
an action or set of actions that require multiple sequential pkexec(1)s
where early commands might take a while.  Even with `keep', I'd find it
annoying to know the whole task will take hours, see it's got off to a
good start, and wander back later that day to find out ten minutes in it
asked for another authentication.

One way to avoid this is if the GUI allows the user to set up the task
list and that's passed en masse through a single pkexec because the
interface of the non-GUI command on the other side accepts a list of
what to do.



I reckon I owe you a beer at the next pub-meet :)



Actually, it's probably Tim who should buy for putting us both through
this by pointing at polkit.  :-)

Cheers, Ralph.



-- 
Next meeting:  Bournemouth, Tuesday, 2018-06-05 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] PolKit auth_admin_keep strange behaviour and input sanitising

[Hamish MB]

Hi Ralph,

That makes sense. I'll mull this over for a bit longer, but I reckon 
what you're saying makes sense. I'll just try to find the more 
restrictive settings that work for my use case then. I reckon I owe you 
a beer at the next pub-meet :)

Hamish


On 17/05/18 13:45, Ralph Corderoy wrote:
> Hi Hamish,
>
>> Hopefully my quotes work this time.
> Nope, but never mind.  :-)
>
>> The shebang line will tell it what to use to run the script anyway.
> Yes, if it has one.  The `#!' means the first two bytes of the file have
> the 16-bit big-endian value 0x2321 and that is the `magic number' value
> that old Unix kernels would switch on to decide how to execute the file.
> There's other values too, and they can be 32 bit now, e.g. /bin/ls's
> 0x7f454c46', which is ascii(7)'s DEL followed by `ELF'.
> https://en.wikipedia.org/wiki/Magic_number_(programming)#Magic_number_origin
>
>> That's true. However, I think it's probably better to call it at
>> particular times than either ask for a password several times in a
>> row, or leave the script wide open for 5 minutes :).
> That still breaks things because my competitor GUI program triggered
> authentication being added to the session a couple of minutes ago and
> then you come along, do you single pkexec, and then trash authentication
> for me by removing all authentications.  (And it's still all, and not
> just the one you're interested in.)
>
> The script isn't wide open for five minutes.  It's available to the
> session which provides some constraint anyway.  polkit has decided five
> minutes is a reasonable time for the temporary authentications.  You can
> either use them by choosing `keep', or not.  But don't be an unsocial
> member of the session by deciding polkit and other programs are wrong
> and cancelling their `tickets'.  :-)
>
> Examples of five-minute temporary authentications from a grep:
>
>  manage system services or other units
>  import a VM or container image
>  run programs as a non-logged-in user
>  set the local host name
>  set the system locale
>
> I think polkit's designers consider five minutes safe enough.  The
> authorisation is cancelled if I log out of the session before then.  If
> I walk away from the keyboard without locking the session then that's my
> fault and existing policies, e.g. for systemd, let the attacker make use
> of it.  I don't think your commands warrant any more protection that
> what's already being guarded by polkit?
>
> Also, bear in mind polkit's advice is that the authorisation is more
> usefully tied to the object being acted upon than what's being done to
> it, e.g. reading a particular block device v. the ability to read a
> block device.  I think you need to forget about the five-minute attack
> window for the moment and concentrate on what the command-line interface
> to the pkexec'd command looks like.  That may make clear which argv1
> need what protection, for example.
>
> Cheers, Ralph.
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-06-05 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] PolKit auth_admin_keep strange behaviour and input sanitising

[Hamish MB]

Hi Ralph,

Hopefully my quotes work this time.

I see, that makes sense. The shebang line will tell it what to use to run the 
script anyway. I also see what you mean about identifying the parent process - 
as long as they're authorised, other applications should be able to do it too.

even if you could state just the actions that you feel you
requested with pkexec, they were granted to the session and other
parties in the session may be legally using them too.  They may even
have beat you to it and your pkexec found a temporary authorisation
already existed thanks to them.

That's true. However, I think it's probably better to call it at particular 
times than either ask for a password several times in a row, or leave the 
script wide open for 5 minutes :). To illustrate:

Say the GUI has to run several mount commands in a row. I can either:

  1.  Ask for the password several times - don't use temporary authorisation.
  2.  Use temporary authorisation, and ask once, leaving the temporary 
authorisation for this session for 5 minutes (a bad idea, surely?)
  3.  As above, but revoke temporary authorisation immediately after the 
commands have finished. Not ideal, and means the password has to be entered 
again soon, but more secure?

I can see why it could annoy the user by making them ask for the password again 
when they otherwise wouldn't have to, but I don't see a better alternative. I 
know this is a flawed design and could annoy people by making them enter their 
password again, but I'd rather it lean towards being annoying than risk it 
being insecure. Am I being a bit paranoid here?

Hamish

On 17/05/18 12:07, Ralph Corderoy wrote:

Hi Hamish,



I was wrong about the sessions - that was a faulty assumption as I
didn't know how to check. Yes, I have the same behaviour as you. The
second terminal window can see the authorisation, but if I run the
command again from there, I have to enter my password, whereas if I
run it from the other terminal ewhere I already ran it, I get
authorised using the temporary authorisation...



That's because the program being checked is specified with `$$' so the
second terminal is asking for a different check, but can see the first
with `--list-temp'.  Using the same process ID in both has the second
avoid prompting for a password, e.g. get a long-running PID,

$ cat &
[1] 14058
$

Then be prompted in the first terminal,

$ pkcheck -u -a org.freedesktop.color-manager.install-system-wide -p 14058

but not the second if the same command is run there.



Yes, that extra annotation will be helpful, and may be just the
ticket.  I couldn't find a list of valid annotations anywhere, so
where did you find that?



pkexec(1) talks about the `org.freedesktop.policykit.exec.path'
annotation.



ddrescue was just an example - the wrapper script has to be able to
call quite a few different programs



OK.



in ways that make it hard to check whether the GUI is requesting or an
attacker. I've made multiple files, so if I combine the polkit
annotation with checks in the files, and check to see if the GUI is
running, then I may have something workable.



No, you're still not getting the key thing.  Your non-GUI `rescue'
command, that polkit is taught about, doesn't care what is running it
and doesn't need to check.  Stop trying to check it's your other program
that's running it.

Imagine you didn't have to write the non-GUI `rescue', but someone else
already had and provided polkit rules to cover the various ways of
running it.  You'd just be writing a GUI and using pkexec(1) to make use
of a existing service.  I could write a competing GUI that also used
non-GUI `rescue' and pkexec(1) to do the hard work.  Neither pkexec(1)
nor the non-GUI `rescue' would care which of us is running it, and quite
right too.



Why drop the ".sh" off the end, by the way?



The same reason it's not ls.exe, autoheader.pl, egrep.sh, or hg.py.  :-)
Suffixes are useful for source code to help the build system know what
to do, but they don't belong in the executable's name;  that style is
from an operating system that relies on the suffix to know how to run
the file, and a shell where the command is specified without the suffix.
Using `foo.sh' would also mean I couldn't re-write it in another
language without changing its name.

Cheers, Ralph.



-- 
Next meeting:  Bournemouth, Tuesday, 2018-06-05 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] PolKit auth_admin_keep strange behaviour and input sanitising

[Hamish MB]

I can actually use pkcheck --revoke-temp to revoke temporary 
authorisations, which would also be a good idea - something several 
privileged process have to be executed in a row, and then none for a 
while. This would probably help.

PolicyKit is confusing, and seems a little overcomplicated to me, but 
what do I know? :)

Hamish


On 17/05/18 10:21, Ralph Corderoy wrote:
> Hi Hamish,
>
> I now know more that I want to about policykit.
> This will amuse Tim.  :-)
>
>>> These sessions are what loginctl(1) lists, and referred to by
>>> `allow_any', `allow_active', and `allow_inactive'?  What two
>>> sessions do you have in mind where it is authorised in one, still
>>> needs authorising in the second, and you wonder if it should?
>> Yes, that's right. So long as I have only active allowed, if I run my
>> script with pkexec in one terminal window and authenticate, and then
>> open a new window (creating a new session), I have to re-authenticate
>> in that window.
> Well there we differ.  loginctl(1) here doesn't list a new session for
> each new X terminal window.
>
>  $ loginctl
> SESSIONUID USER SEAT TTY
>   c2   1000 ralphseat0
>  c73   1000 ralphseat0
>
>  2 sessions listed.
>  $
>
> c73 is my X session where I'm typing this, and c2 is a screen(1) that
> continues after I log out of X.
>
> I grep'd and found `org.freedesktop.color-manager.install-system-wide'
> has `auth_admin_keep' for `allow_active' so I'm using that for the test.
>
>  $ pkcheck --list-temp
>  $ pkcheck -u -a org.freedesktop.color-manager.install-system-wide -p $$
>  polkit\56retains_authorization_after_challenge=true
>  polkit\56temporary_authorization_id=tmpauthz3
>  $
>
> pkcheck(1) caused a GUI authentication prompt to appear and I entered my
> user's password.  I now have a temporary authorisation that lasts five
> minutes.
>
>  $ pkcheck --list-temp
>  authorization id: tmpauthz3
>  action:   org.freedesktop.color-manager.install-system-wide
>  subject:  unix-process:8351:41145575 (-bash)
>  obtained: 4 sec ago (Thu May 17 09:35:51 2018)
>  expires:  4 min 55 sec from now (Thu May 17 09:40:50 2018)
>
>  $
>
> I open a second X terminal and run the same command, it too sees the
> same existing authorisation.
>
>  $ pkcheck --list-temp
>  authorization id: tmpauthz3
>  action:   org.freedesktop.color-manager.install-system-wide
>  subject:  unix-process:8351:41145575 (-bash)
>  obtained: 31 sec ago (Thu May 17 09:35:51 2018)
>  expires:  4 min 28 sec from now (Thu May 17 09:40:50 2018)
>
>  $
>
> Can you achieve something similar?
>
>> The GUI does run pkexec - to run the privileged processes it requires
>> to get the work done - it's a GUI for GNU ddrescue. I worded that
>> badly - what I'm concerned about is that all I can do right now is
>> check that "DDRescue-GUI.py" (the name of the GUI) is in the process
>> list. Someone could intentionally write a python script with that name
>> to fool the pkexec wrapper into doing something when it shouldn't - I
>> don't want it to do anything if the GUI isn't running, to prevent
>> security issues.
> I don't think you have that choice, and it's the wrong way of looking at
> things.
>
> You've provided a non-GUI wrapper command to run ddrescue(1) called
> runasroot_linux.sh.  (I'd recommend dropping the `.sh' suffix.)
> Have you written the XML shenanigans to define an `', e.g.
> `id=org.hamish.runasroot_linux.sh', with an `' like
>
>   key="org.freedesktop.policykit.exec.path">/usr/local/bin/runasroot_linux.sh
>
> pkexec(1) will take the program it's asked to run and use its path to
> search all `'s for an `' with a key of
> `org.freedesktop.policykit.exec.path' that matches.  That `' is
> then used, e.g. to define how the user must authenticate.
> https://cgit.freedesktop.org/polkit/tree/src/programs/pkexec.c#n268
>
> Once you've done that, your Python GUI can run `pkexec
> runasroot_linux.sh some args'.  I think pkexec will find it in
> /usr/local/bin, say, due to $PATH and then search the `'s.
>
> But my shell script can also do `pkexec runasroot_linux.sh other args'
> to make use of the service you've provided.  This is intentional.  There
> is no security in insisting only your GUI makes use of
> runasroot_linux.sh, and it's hard to achieve, as you're aware.
>
> If you're concerned that I can do `pkexec runasroot_linux.sh some
> nefarious command' and your org.hamish.runasroot_linux.sh policy will be
> used when it's nothing to do with ddrescue(1) then the problem is your
> runasroot_linux.sh.  The name gives it away.  You've a `do anything I
> throw at you' mechanism with a policy that only applies for
> ddrescue-ing.  The script needs to only allow the limited ddrescue
> operations you want.
>
> If it helps, there's also a 

Re: [Dorset] PolKit auth_admin_keep strange behaviour and input sanitising

[Hamish MB]

Hi Ralph,

Hmm, this is interesting. I was wrong about the sessions - that was a 
faulty assumption as I didn't know how to check. Yes, I have the same 
behaviour as you. The second terminal window can see the authorisation, 
but if I run the command again from there, I have to enter my password, 
whereas if I run it from the other terminal ewhere I already ran it, I 
get authorised using the temporary authorisation...

Yes, that extra annotation will be helpful, and may be just the ticket. 
I couldn't find a list of valid annotations anywhere, so where did you 
find that? ddrescue was just an example - the wrapper script has to be 
able to call quite a few different programs in ways that make it hard to 
check whether the GUI is requesting or an attacker. I've made multiple 
files, so if I combine the polkit annotation with checks in the files, 
and check to see if the GUI is running, then I may have something 
workable. I just want to be sure I get it right, and don't introduce a 
security bug. Is there a way to check which process executed pkexec?

Why drop the ".sh" off the end, by the way?

Hamish


On 17/05/18 10:21, Ralph Corderoy wrote:
> Hi Hamish,
>
> I now know more that I want to about policykit.
> This will amuse Tim.  :-)
>
>>> These sessions are what loginctl(1) lists, and referred to by
>>> `allow_any', `allow_active', and `allow_inactive'?  What two
>>> sessions do you have in mind where it is authorised in one, still
>>> needs authorising in the second, and you wonder if it should?
>> Yes, that's right. So long as I have only active allowed, if I run my
>> script with pkexec in one terminal window and authenticate, and then
>> open a new window (creating a new session), I have to re-authenticate
>> in that window.
> Well there we differ.  loginctl(1) here doesn't list a new session for
> each new X terminal window.
>
>  $ loginctl
> SESSIONUID USER SEAT TTY
>   c2   1000 ralphseat0
>  c73   1000 ralphseat0
>
>  2 sessions listed.
>  $
>
> c73 is my X session where I'm typing this, and c2 is a screen(1) that
> continues after I log out of X.
>
> I grep'd and found `org.freedesktop.color-manager.install-system-wide'
> has `auth_admin_keep' for `allow_active' so I'm using that for the test.
>
>  $ pkcheck --list-temp
>  $ pkcheck -u -a org.freedesktop.color-manager.install-system-wide -p $$
>  polkit\56retains_authorization_after_challenge=true
>  polkit\56temporary_authorization_id=tmpauthz3
>  $
>
> pkcheck(1) caused a GUI authentication prompt to appear and I entered my
> user's password.  I now have a temporary authorisation that lasts five
> minutes.
>
>  $ pkcheck --list-temp
>  authorization id: tmpauthz3
>  action:   org.freedesktop.color-manager.install-system-wide
>  subject:  unix-process:8351:41145575 (-bash)
>  obtained: 4 sec ago (Thu May 17 09:35:51 2018)
>  expires:  4 min 55 sec from now (Thu May 17 09:40:50 2018)
>
>  $
>
> I open a second X terminal and run the same command, it too sees the
> same existing authorisation.
>
>  $ pkcheck --list-temp
>  authorization id: tmpauthz3
>  action:   org.freedesktop.color-manager.install-system-wide
>  subject:  unix-process:8351:41145575 (-bash)
>  obtained: 31 sec ago (Thu May 17 09:35:51 2018)
>  expires:  4 min 28 sec from now (Thu May 17 09:40:50 2018)
>
>  $
>
> Can you achieve something similar?
>
>> The GUI does run pkexec - to run the privileged processes it requires
>> to get the work done - it's a GUI for GNU ddrescue. I worded that
>> badly - what I'm concerned about is that all I can do right now is
>> check that "DDRescue-GUI.py" (the name of the GUI) is in the process
>> list. Someone could intentionally write a python script with that name
>> to fool the pkexec wrapper into doing something when it shouldn't - I
>> don't want it to do anything if the GUI isn't running, to prevent
>> security issues.
> I don't think you have that choice, and it's the wrong way of looking at
> things.
>
> You've provided a non-GUI wrapper command to run ddrescue(1) called
> runasroot_linux.sh.  (I'd recommend dropping the `.sh' suffix.)
> Have you written the XML shenanigans to define an `', e.g.
> `id=org.hamish.runasroot_linux.sh', with an `' like
>
>   key="org.freedesktop.policykit.exec.path">/usr/local/bin/runasroot_linux.sh
>
> pkexec(1) will take the program it's asked to run and use its path to
> search all `'s for an `' with a key of
> `org.freedesktop.policykit.exec.path' that matches.  That `' is
> then used, e.g. to define how the user must authenticate.
> https://cgit.freedesktop.org/polkit/tree/src/programs/pkexec.c#n268
>
> Once you've done that, your Python GUI can run `pkexec
> runasroot_linux.sh some args'.  I think pkexec will find it in
> /usr/local/bin, say, due to $PATH and 

Re: [Dorset] PolKit auth_admin_keep strange behaviour and input sanitising

[Hamish MB]

Hmm, my formatting seems to have disappeared, maybe I did it wrong.

The link to the archlinux wiki seems to have more information than the 
official documentation for policykit, ironically. It's very helpful, 
thanks for finding that for me :)

Hamish


On 16/05/18 16:27, Hamish MB wrote:
> Hi Ralph,
>
> These sessions are what loginctl(1) lists, and referred to by
> `allow_any', `allow_active', and `allow_inactive'?  What two sessions do
> you have in mind where it is authorised in one, still needs authorising
> in the second, and you wonder if it should?
>
> Yes, that's right. So long as I have only active allowed, if I run my script 
> with pkexec in one terminal window and authenticate, and then open a new 
> window (creating a new session), I have to re-authenticate in that window. 
> The original one still allows passwordless authentication for a few minutes 
> at this point, but the second one doesn't unless I authenticate for that 
> session as well. Setting allow_any to auth_admin_keep fixes this, but allows 
> remote users / attackers to use the script more easily - bad idea.
>
>
> unless you put it in the "allow_any" key, which I don't want to do -
> it's insecure.
>
>
> Is it?  It's just a XML kludge to state `allow_active or allow_inactive'
> AFAICS?
>
>
>
> Yes, kind of, because a remote user eg logging through SSH could then use the 
> script - not the intended usage. As far as I'm concerned, the stricter the 
> permissions the better.
>
>
> However, I'm unsure how to be absolutely sure that the GUI is calling
> pkexec, and that it isn't an attacker / some other program.
>
>
> Your GUI runs pkexec itself in some manner?  What threat are you
> concerned about if it's not the real pkexec?
>
>
>
> The GUI does run pkexec - to run the privileged processes it requires to get 
> the work done - it's a GUI for GNU ddrescue. I worded that badly - what I'm 
> concerned about is that all I can do right now is check that 
> "DDRescue-GUI.py" (the name of the GUI) is in the process list. Someone could 
> intentionally write a python script with that name to fool the pkexec wrapper 
> into doing something when it shouldn't - I don't want it to do anything if 
> the GUI isn't running, to prevent security issues.
>
> To clarify, what I have at the moment is a wrapper script, runasroot_linux.sh 
> that takes any number of arguments. Those arguments are the command(s) to run 
> as super user.
>
> For example:
>
> runasroot_linux.sh apt update
>
> Would, after being authorised by Policy Kit, run "apt update".
>
> What I need to do is make sure it will refuse to do anything if the GUI isn't 
> running, even if it is authenticated by policy kit. Better than that, I'd 
> like it to be able to check that the GUI is the parent process, but that 
> doesn't seem possible right now.
>
> Thanks for the link, I shall have a look.
>
>
> The archives suggest they respond to the odd question from a developer
> that's having to use it.
> https://lists.freedesktop.org/archives/polkit-devel/2017-November/000565.html
> And if they didn't welcome that traffic then they should fill in the
> Mailman variable that would appear below `About polkit-devel' on
> https://lists.freedesktop.org/mailman/listinfo/polkit-devel  :-)
>
> That sounds fair enough :)
>
> Hamish
> On 16/05/18 13:24, Ralph Corderoy wrote:
>
> Hi Hamish,
>
> Bear in mind I don't know Polkit so this is the result of a quick poke
> about.
>
>
>
> However, I've found that auth_admin_keep doesn't work across sessions,
>
>
>
> These sessions are what loginctl(1) lists, and referred to by
> `allow_any', `allow_active', and `allow_inactive'?  What two sessions do
> you have in mind where it is authorised in one, still needs authorising
> in the second, and you wonder if it should?
>
>
>
> unless you put it in the "allow_any" key, which I don't want to do -
> it's insecure.
>
>
>
> Is it?  It's just a XML kludge to state `allow_active or allow_inactive'
> AFAICS?
>
>
>
> The other issue is that the GUI has to run a lot of different
> commands, some of them repeatedly. I'd like to use auth_admin_keep for
> some subsets of these commands - repeatedly prompting for a password
> is really annoying.
>
>
>
> Sounds fine.  polkit(8) points out the authorisation will continue to be
> valid even if variables in subsequent requests differ and the rules
> depend on those variables, i.e. it's a loop-hole.  Given Javascript was
> chosen as the language for the rule files, pfft, it goes on to mention
> Date() can be used for temporary authorisations.  But doesn't show how,
> and Google didn't f

Re: [Dorset] PolKit auth_admin_keep strange behaviour and input sanitising

[Hamish MB]

Hi Ralph,

These sessions are what loginctl(1) lists, and referred to by
`allow_any', `allow_active', and `allow_inactive'?  What two sessions do
you have in mind where it is authorised in one, still needs authorising
in the second, and you wonder if it should?

Yes, that's right. So long as I have only active allowed, if I run my script 
with pkexec in one terminal window and authenticate, and then open a new window 
(creating a new session), I have to re-authenticate in that window. The 
original one still allows passwordless authentication for a few minutes at this 
point, but the second one doesn't unless I authenticate for that session as 
well. Setting allow_any to auth_admin_keep fixes this, but allows remote users 
/ attackers to use the script more easily - bad idea.


unless you put it in the "allow_any" key, which I don't want to do -
it's insecure.


Is it?  It's just a XML kludge to state `allow_active or allow_inactive'
AFAICS?



Yes, kind of, because a remote user eg logging through SSH could then use the 
script - not the intended usage. As far as I'm concerned, the stricter the 
permissions the better.


However, I'm unsure how to be absolutely sure that the GUI is calling
pkexec, and that it isn't an attacker / some other program.


Your GUI runs pkexec itself in some manner?  What threat are you
concerned about if it's not the real pkexec?



The GUI does run pkexec - to run the privileged processes it requires to get 
the work done - it's a GUI for GNU ddrescue. I worded that badly - what I'm 
concerned about is that all I can do right now is check that "DDRescue-GUI.py" 
(the name of the GUI) is in the process list. Someone could intentionally write 
a python script with that name to fool the pkexec wrapper into doing something 
when it shouldn't - I don't want it to do anything if the GUI isn't running, to 
prevent security issues.

To clarify, what I have at the moment is a wrapper script, runasroot_linux.sh 
that takes any number of arguments. Those arguments are the command(s) to run 
as super user.

For example:

runasroot_linux.sh apt update

Would, after being authorised by Policy Kit, run "apt update".

What I need to do is make sure it will refuse to do anything if the GUI isn't 
running, even if it is authenticated by policy kit. Better than that, I'd like 
it to be able to check that the GUI is the parent process, but that doesn't 
seem possible right now.

Thanks for the link, I shall have a look.


The archives suggest they respond to the odd question from a developer
that's having to use it.
https://lists.freedesktop.org/archives/polkit-devel/2017-November/000565.html
And if they didn't welcome that traffic then they should fill in the
Mailman variable that would appear below `About polkit-devel' on
https://lists.freedesktop.org/mailman/listinfo/polkit-devel  :-)

That sounds fair enough :)

Hamish
On 16/05/18 13:24, Ralph Corderoy wrote:

Hi Hamish,

Bear in mind I don't know Polkit so this is the result of a quick poke
about.



However, I've found that auth_admin_keep doesn't work across sessions,



These sessions are what loginctl(1) lists, and referred to by
`allow_any', `allow_active', and `allow_inactive'?  What two sessions do
you have in mind where it is authorised in one, still needs authorising
in the second, and you wonder if it should?



unless you put it in the "allow_any" key, which I don't want to do -
it's insecure.



Is it?  It's just a XML kludge to state `allow_active or allow_inactive'
AFAICS?



The other issue is that the GUI has to run a lot of different
commands, some of them repeatedly. I'd like to use auth_admin_keep for
some subsets of these commands - repeatedly prompting for a password
is really annoying.



Sounds fine.  polkit(8) points out the authorisation will continue to be
valid even if variables in subsequent requests differ and the rules
depend on those variables, i.e. it's a loop-hole.  Given Javascript was
chosen as the language for the rule files, pfft, it goes on to mention
Date() can be used for temporary authorisations.  But doesn't show how,
and Google didn't find an example for me either.



However, I'm unsure how to be absolutely sure that the GUI is calling
pkexec, and that it isn't an attacker / some other program.



Your GUI runs pkexec itself in some manner?  What threat are you
concerned about if it's not the real pkexec?



Does anyone know where I might be able to ask for help on
polkit-related issues?



https://wiki.archlinux.org/index.php/Polkit was helpful.



they do have a development mailing list - probably the wrong place to
ask I think.



The archives suggest they respond to the odd question from a developer
that's having to use it.
https://lists.freedesktop.org/archives/polkit-devel/2017-November/000565.html
And if they didn't welcome that traffic then they should fill in the
Mailman variable that would appear below `About polkit-devel' on
https://lists.freedesktop.org/mailman/listinfo/polkit-devel  

[Dorset] PolKit auth_admin_keep strange behaviour and input sanitising

[Hamish MB]

Hello Everyone,

I've been having some issues with pol kit and I was hoping some of you 
might be able to answer some of my questions. What I want to do with it 
is allow one of my GUIs to execute a script, which in turns executes 
whatever commands are passed as arguments. I wanted to do this with 
polkit because of the tight security it provides with regards to 
authorisation, and temporarily caching authorisation. I know I'd need to 
be very careful about input sanitising to prevent a security hole - some 
notes about that are below.

However, I've found that auth_admin_keep doesn't work across sessions, 
unless you put it in the "allow_any" key, which I don't want to do - 
it's insecure. I think this is good, but I have no idea if this is how 
it is supposed to behave because I couldn't find any documentation on 
this. Does anyone know why this happens and if it should?

The other issue is that the GUI has to run a lot of different commands, 
some of them repeatedly. I'd like to use auth_admin_keep for some 
subsets of these commands - repeatedly prompting for a password is 
really annoying. However, I'm unsure how to be absolutely sure that the 
GUI is calling pkexec, and that it isn't an attacker / some other 
program. I can check with "ps aux" to see if it is running, but beyond 
that, I'm unable to tell what the parent processes are when pkexec  has 
granted privileges - it seems to hide that information. Is there a way 
I'm supposed to do this?

I know these are fairly in depth questions, and you may not have 
answers, which is fine. Does anyone know where I might be able to ask 
for help on polkit-related issues? They don't seem to have IRC, but they 
do have a development mailing list - probably the wrong place to ask I 
think.

Hamish McIntyre-Bhatty

-- 
Next meeting:  Bournemouth, Tuesday, 2018-06-05 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Links from 2018-05-01's Pub Meet.

[Hamish MB]

Oops, sent to wrong address.

Hi,

We also talked briefly about refactoring, and the various ways of doing 
it. I think somebody said during that discussion that there wasn't time 
to do it in industry, and that refactoring was mostly limited to open 
source software projects.

Is that right, because I was pretty sure that refactoring was always 
necessary to some degree, unless you were having to follow the waterfall 
method? - nobody gets designs and implementations perfect the first 
time, surely.

Hamish


On 02/05/18 11:41, PeterMerchant via dorset wrote:
> On 02/05/18 10:57, Ralph Corderoy wrote:
>> Hi,
>>
>> Nines' complement and ten's complement are to decimal what ones' and
>> two's are to binary, i.e. you can subtract a number by adding its ten's
>> complement instead.  Old adding machines would have nines' complement
>> digits written alongside the normal digit, e.g. 2 by 7.
>>  https://en.wikipedia.org/wiki/File:Comptometer1920Model.jpg
>>  https://en.wikipedia.org/wiki/Method_of_complements
>>
>> I've been reading this book, about half-way through so far, and it seems
>> ideal for someone that wants to understand how computers work. It
>> starts with sending Morse code with torches and builds from there,
>> through logic gates, implementing arithmetic, counters, memory, assembly
>> language, and finishes off by touching on some real CPUs, character
>> encodings, what an operating system does, and floating point numbers.
>> I'd guess reading age could be a bright twelve-year-old upwards.
>>  Code: The Hidden Language of Computer Hardware and Software,
>>  by Charles Petzold  https://amzn.to/2J7FEjb
>>
>> Nick is considering Manjaro Linux instead of sticking with Kubuntu or
>> moving to Xubuntu.  It's a rolling release distro, so no `upgrade the
>> world' periodic shock, based on Arch Linux, but with a graphical
>> installer, and a delay between a package being in Arch's `bleeding edge'
>> `stable' and it making it to Manjaro's `stable'.
>>  https://en.wikipedia.org/wiki/Manjaro_Linux
>>
>> Cheers, Ralph.
>>
> from my playing:
>
>    Ah, well, if you're bored then you might be interested in trying
>
>    https://manjaro.org/  I haven't, but it's an Arch Linux derivative
>
>    with... a GUI installer!  The download page looks to have KDE
>    flavour. -Ralph
>
> That kept me from being bored. I downloaded the KDE version, and every 
> time I booted it, my screen displayed a message " out of range " which 
> implies that it cannot adjust the resolution to that of this ancient 
> Toshiba 15".  This is a condition that I have seen years ago when a 
> computer could not set the screen size. I  think that it is 'working' 
> because every time I hit a key the CD runs up.  I booted into SolyDK 
> and that worked OK, as does everything else.
>
>
> Also talked about Via  and new Firefox browsers on Android,
> Raspberry Pi GPIO usage especially via Deek-Robot.
>
> Peter

-- 
Next meeting:  Bournemouth, Tuesday, 2018-05-01 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Alternative to Simple Backup Suite

[Hamish MB]

I used to use something called Back In Time that might serve your
purposes, have you looked at that? It's also a GUI for rsync, but it has
some pretty cool features. I now do offline backups with Mondorescue,
but I used to find this helpful.

Hamish


On 30/04/18 08:48, PeterMerchant via dorset wrote:
> On 29/04/18 16:29, Tim wrote:
>> Have you looked at Lucky backup? It is just a GUI for for rsync but I
>> find it a lot easier to setup via the gui then you can output the
>> command to a straight cli command.
>>
>> What I have done in the past where I have several backups to give me
>> weekly and daily backups, and use a simple bash script to delete or
>> move backups as required.
>>
>> Tim
>>
>>
>> On 29/04/18 14:37, Terry Coles wrote:
>>> Hi,
>>>
>>> I've just upgraded my system to Kubuntu 18.04 from 17.10.  Some nice
>>> things
>>> and as usual some stuff that isn't so good.
>>>
>>> The main problem that I've encountered is that the Kubuntu Devs have
>>> now
>>> decided to drop Simple Backup Suite (sbackup).  I've used it since a
>>> Google
>>> Summer of Code programmer created it around 10 years ago.  It suits
>>> me; as the
>>> name implies, it's simple to use, it does incremental as well as
>>> full backups
>>> and it includes NAS boxes as suitable targets.
>>>
>>> I can't blame the devs for dropping it.  It was created in 2007 and
>>> the last
>>> PPA in Ubuntu is dated 3 years ago and the previous 3 PPAs all
>>> supported the
>>> same version, so it clearly is no longer in development.
>>>
>>> I've been trying out several alternatives and dropping them one by one:
>>>
>>> 1.  Bacula - Very capable, but far from simple.
>>> 2.  BackinTime - Very simple, and doesn't support the NAS Box
>>> without jumping
>>> through hoops.
>>> 3.  Deja-Dup (Duplicity) - I used this for a short while, but it
>>> doesn't
>>> support incremental backups.
>>> 4.  Several others which suffer from one or more of the above problems.
>>>
>>> Any suggestions?  Most of the suitable alternatives seem to be out of
>>> development.  I know that I could use rsync and various GUI front
>>> ends for it,
>>> but I want a semi-permanent record of the files, so that when I
>>> realise the
>>> error of my ways three days after the backup, the original file is
>>> still
>>> there.  I also don't want to simply drag and drop the data since my
>>> NAS Box
>>> has a finite size to its storage.
>>>
>>
>>
> And I am sure that you have looked at freefilesync. It is what I have
> been using since this discussion on here about a year ago. It's GUI,
> easy to set up destination storage folder so that you can do periodic
> full backups, and does backups of just the changes in-between.   One
> thing I have not investigated with it is that I move folders around
> periodically and I don't know whether an intermediate backup gives me
> two copies in the backup.
>
>
> Cheers,
>
> Peter
>
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-05-01 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using Two USB Audio Adaptors and Selecting the Right One Programatically

[Hamish MB]

Hi Ralph,

Really interesting! It turns out I read the slow goodbye to C post 
before! I still like C++, but Python tends to be my goto language, 
partially because it's what I first learned in 2013, so I'm not quite 
proficient with it. I quite like Java too, which I've been studying in 
my Open University courses.

What languages do you like?

Hamish


On 14/04/18 18:02, Ralph Corderoy wrote:
> Hi Hamish,
>
> Clearing out old emails...
>
>> Why is it that you dislike C++ Ralph? I admit it is overcomplicated,
>> but I'm quite fond of it :)
> I lived through the flight of the `object-orientated programming' silver
> bullet, and it never had the scope it promised.  C++ jumped aboard early
> on, just as Stroustrup has had it encompass every passing shiny thing
> since whilst ignoring the complexity cost.
>
> This is old, but a reasonable summary.
> http://www.catb.org/esr/writings/taoup/html/ch14s04.html#cc_language
> The same author recently covered why C and not C++ again in
> http://esr.ibiblio.org/?p=7724 which I probably linked to on another
> thread in recent months.
>
> Cheers, Ralph.
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-05-01 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Compiling from source?

[Hamish MB]

Hi,

If you cd into the source and run

./configure

it should tell you what you need, if anything.

You can use checkinstall (for Debian or Ubuntu) where you would usually run 
make install to make a Debian package.

Then you can easily remove the program with dpkg or apt

Hope this helps,
Hamish
On 15 Apr 2018, at 10:32, Tim 
> wrote:

Morning all

I want to run a particular game on my PC running SolydXK EE (Debian
testing), but the games most recent  version is only available for
Debian Jessie and will not install due to varies dependency issue (which
is strange because it is looking for a lower version of a file than I
have currently installed).  Anyway I have downloaded the source package
(a tar.gz file) and want to know how to produce a program I a can run
but here is the questions, should I compile it so that I can just
install it and run it, or do I need to compile it as a deb file? I know
I can google and find this information about but I am after the
experienced users thoughts about the best options to take and possible
success, I have never tried compiling in my life.

Apart from build essentials what else to I need to make sure I have
installed on my PC so I can compile the source?

The game its self is not a demand (as in process or graphics), the
source can be downloaded from here:
https://www.openttd.org/en/download-stable.


Tim

-- 
Next meeting:  Bournemouth, Tuesday, 2018-05-01 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Can I recover a Hard disk?

[Hamish MB]

Sounds perplexing...

You could try gparted's create partition table option (in one of the menus).

Beyond that, maybe it's better to give up if its being that much of a 
pain - it may just be broken.

Hamish


On 05/04/18 17:46, PeterMerchant via dorset wrote:
> I was given an old Dell with a 250GB MAxtor SATA disk that couldn't be 
> found by the live disks that I tried. Eventually I loaded up a rescue 
> disk and gparted and discovered that the disk had an invalid 
> partition. I was unable to format it as Ext2, 3 or 4, But I did format 
> it as 2 FAT32 partitions and then it was recognised in my other 
> computer. I have tried again to get it to format as Ext-x with no 
> luck. It now does have a swap partition. It didn't like having the 
> jumper in for the CLJ (cylinder Limitation jumper)
>
> Any thoughts on how I can possibly resurrect this disk, or should I 
> not waste my time?
>
> Thanks,
>
> Peter
>
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-05-01 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Next Meeting - One Week Tonight

[Hamish MB]

I shall be going - would you like me to give you a lift Terry? If anyone 
else nearby to Wimborne / Cole Hill is going I can give you a lift as 
well if you like.

Hamish


On 27/03/18 16:55, Terry Coles wrote:
> All,
>
> The next meeting is one week tonight at The Broadway, Bournemouth on Tuesday,
> 2018-04-03 at 20:00.  See:
>
> http://dorset.lug.org.uk/wiki/doku.php?id=meetings:pub#the_broadway
>
> Paul, Ian,
>
> Are you going?
>

-- 
Next meeting:  Bournemouth, Tuesday, 2018-04-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using polkit to escalate privieges

[Hamish MB]

Thanks :)

Hamish


On 19/03/18 11:38, Tim Waugh wrote:
> That's exactly the idea. :-)
>
> Tim.
> */
>
>
> On 19 March 2018 at 11:37, Hamish MB <hamis...@live.co.uk> wrote:
>> Thanks Tim.
>>
>> Right, so I should be able to make a script to run processes as root,
>> and then make a polkit action for that script, so the dialogs are nicely
>> presented, rather than displaying script names and things like that. Is
>> that a hack/bad idea or does it sound okay? I'm sure there must be a
>> nicer way of doing this...
>>
>> Hamish
>>
>>
>> On 16/03/18 14:24, Tim Waugh wrote:
>>> On 16 March 2018 at 14:05, Hamish MB <hamis...@live.co.uk> wrote:
>>>> I see, I think. In that case it sounds like the wrong tool for what I'm 
>>>> trying to do, though I'm sure that for example synaptic uses it. I'm 
>>>> thinking specifically of using pkexec, does that work this way too?
>>> Yes, pkexec just uses the org.freedesktop.policykit.exec action. See
>>> pkaction(1) for a list of other actions installed.
>>>
>>> Tim.
>>> */
>> --
>> Next meeting:  Bournemouth, Tuesday, 2018-04-03 20:00
>> Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
>> New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
>> Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

-- 
Next meeting:  Bournemouth, Tuesday, 2018-04-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using polkit to escalate privieges

[Hamish MB]

Thanks Tim.

Right, so I should be able to make a script to run processes as root,
and then make a polkit action for that script, so the dialogs are nicely
presented, rather than displaying script names and things like that. Is
that a hack/bad idea or does it sound okay? I'm sure there must be a
nicer way of doing this...

Hamish


On 16/03/18 14:24, Tim Waugh wrote:
> On 16 March 2018 at 14:05, Hamish MB <hamis...@live.co.uk> wrote:
>> I see, I think. In that case it sounds like the wrong tool for what I'm 
>> trying to do, though I'm sure that for example synaptic uses it. I'm 
>> thinking specifically of using pkexec, does that work this way too?
> Yes, pkexec just uses the org.freedesktop.policykit.exec action. See
> pkaction(1) for a list of other actions installed.
>
> Tim.
> */

-- 
Next meeting:  Bournemouth, Tuesday, 2018-04-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using polkit to escalate privieges

[Hamish MB]

I see, I think. In that case it sounds like the wrong tool for what I'm trying 
to do, though I'm sure that for example synaptic uses it. I'm thinking 
specifically of using pkexec, does that work this way too?

Hamish
On 16 Mar 2018, at 10:11, Tim Waugh 
> wrote:

The way polkit works is that you have a privileged executable with a
well-known D-Bus object name, a defined D-Bus interface to it, and an
unprivileged executable which asks the system D-Bus for the object
with the interface.

The interface can be as fine-grained as you like. But you definitely
want to put all the privileged parts behind the interface (i.e.
implementations of the interface methods), and the unprivileged parts
in "front" of it (i.e. calling the interface methods).

Tim.
*/


On 15 March 2018 at 20:16, Ralph Corderoy  wrote:
 Hi Hamish,

 One of the things I need to get to reasonably soon is sorting out
 using polkit to escalate privileges rather than running my GUI
 programs as root.
 ...
 Would it be a better idea to make separate scripts for privileged
 actions and polkit rules for them?

 What's the GUI doing that needs root privileges?  I assume this is on
 Raspbian on a Pi?  Access to GPIO or something else?

 Cheers, Ralph.

 --
 Next meeting:  Bournemouth, Tuesday, 2018-04-03 20:00
 Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
 New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
 Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
-- 
Next meeting:  Bournemouth, Tuesday, 2018-04-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

[Dorset] Using polkit to escalate privieges

[Hamish MB]

Hi everyone,


One of the things I need to get to reasonably soon is sorting out using polkit 
to escalate privileges rather than running my GUI programs as root. This is 
because Wayland doesn't allow GUI apps to run as root without a hack.


Tim suggested I try using pkexec, but I can confirm this doesn't get around the 
issue. I'm aware of ways of forking and escalating privileges, or using setuid 
calls, but I don't know how to do this, especially with python.


Would it be a better idea to make separate scripts for privileged actions and 
polkit rules for them?


Hamish



-- 
Next meeting:  Bournemouth, Tuesday, 2018-04-03 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Cross-platform python development for windows.

[Hamish MB]

Pyinstaller sounds like a good idea. He's already written it by the sounds of 
it. Is that Go code? I've heard a lot about Go recently.

Hamish
On 3 Mar 2018, at 18:10, Ralph Corderoy 
> wrote:

Hi Rafi,

 I've been looking into things like Py2exe and Pyinstaller, but they
 all require Windows to freeze .exe. Any Idea how I'd go about it on my
 machine? Perhaps using wine somehow?

https://github.com/pyinstaller/pyinstaller/wiki/FAQ#features says to use
WINE for production from Linux, and links to a mailing-list thread.
Good luck.

Or, you could use a language that ships a cross-compiling compiler by
default, and includes producing Windows EXEs.  :-)
https://tour.golang.org/welcome/1

$ cat hellow.go
package main

import (
"fmt"
)

func main() {
fmt.Println("Hello, playground")
}
$ GOOS=windows go build
$ file a.out.exe
a.out.exe: PE32+ executable (console) x86-64 (stripped to external
PDB), for MS Windows
$

Cheers, Ralph.
-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Cross-platform python development for windows.

[Hamish MB]

Interesting idea using wine. I don't know if that would work but worth a try. 
I've used py2app before for macOS packaging and its mostly good, if a little 
buggy at times. Would you have a Windows system to test it on?

Hamish
On 25 Feb 2018, at 12:19, Maqjor Mrx maqjor.mr.x...@gmail.com> wrote:

Greetings all, Rafi here,


Lately I've been asked to code a script for someone using Windows. I'm
using Python and don't have a Windows system myself, but would like to
be able to give them a standalone .exe file.

I've been looking into things like Py2exe and Pyinstaller, but they all
require Windows to freeze .exe. Any Idea how I'd go about it on my
machine? Perhaps using wine somehow?

Any help would be greatly appreciated.


Cheers,


Rafi

-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Revisited - Accessing a Local Network over a Wireless Router that is NOT Connected to the Internet

[Hamish MB]

Hi,

It being that I'm studying Java for my Open University course, I'll have a look 
at it for you. Python is my preferred language, but I'm not bad with Java. I 
think when we get it working on Android 7 & 8 I should use the VMS to test old 
versions too. People still use Android versions going back to 2.6. Might be 
overkill, but best to know it always works.

I don't have a lot of free time right now, so it may be a little while before I 
get to it, but I shall see if I can make sense of the code.

Hamish
On 24 Feb 2018, at 18:34, Terry Coles 
> wrote:

On Saturday, 24 February 2018 18:02:38 GMT Ralph Corderoy wrote:
 And other Apple domains.  I assume both devices have Apple software,
 e.g. iTunes?


Not as far as I know.

 I've looked at the files with this command that gives packet numbers to
 reference.

 tcpdump -vvvKnt# -r $packet_file

I used Wireshark as you originally recommended.  I sort of understood what was
going on most of the time, its the unexpected events that have me foxed and
the fact that both phones seem to trigger the generate_204 OK, but only one
works.

 First, 'packets(1_Minute_Nexus)' where it's fooled it's not captive.

Thanks for this.

 The 'packets(1_Minute_G5)' is different.

 That gets us to 15.9 s into the recording.  Next packets are at 31.9 s.
 You said `no Internet' appears around 16 s.

Yes.  That's right.

 I've read through
 http://androidxref.com/7.1.2_r36/xref/frameworks/base/services/core/java/com
 /android/server/connectivity/NetworkMonitor.java and struggle to understand
 it.  It being Java, the Android standard libraries, and its asynchronous
 nature.  But I think the G5's behaviour most matches
 sendParallelHttpProbes() that, despite the name, sends HTTP and HTTPS in
 parallel.

So should I setup SSL on the server?  At the moment it's disabled.  I looked
for https in the stream, but couldn't see it.

 I didn't figure out what happens if the HTTP probe `suceeds', assuming
 that's what we're seeing in the packets, and HTTPS doesn't.  I suspect
 that's what's triggering the `You're captive'.  Perhaps someone that
 knows Java could untangle it.

Well it could trigger a fail, although it seems a bit OTT, since a path to the
Internet has been established.

 If that's the case, you're stuck.  A HTTPS connection couldn't be made
 to the Pi such that it can provide a trusted certificate verifying it's
 connectivitycheck.gstatic.com.  Happy to 
be proved wrong.  :-)

I've seen talk of Self Signed Certificates, but Patrick indicated that they
wouldn't work.

I asked the guy at Foxdog if they are supporting https on their server, but he
hasn't responded.
-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Revisited - Accessing a Local Network over a Wireless Router that is NOT Connected to the Internet

[Hamish MB]

Reminds me, I had a load of old android VMS, I could re deploy them and use a 
packet sniffer on them too see if that will help.

Good idea?

Hamish
On 18 Feb 2018, at 14:51, Terry Coles 
> wrote:

On Sunday, 18 February 2018 14:46:43 GMT Ralph Corderoy wrote:
 On the Pi, something like

 sudo -i tcpdump -s 3141 -w /tmp/packets

 and Ctrl-C-ing it when you've finished.

 You might need to append a `-i wls34' or whatever the Pi's wifi network
 interface is, `ip a' might help.

Thanks Ralph.

I'll give it a try.

-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using shred

[Hamish MB]

You could well be being limited by your disks speed then. 100GB per hours is 
pretty fast for a HDD. Can you connect two at once to speed it up?

Hamish
On 18 Feb 2018, at 08:45, Terry Coles 
> wrote:

On Sunday, 18 February 2018 07:59:30 GMT Terry Coles wrote:
 It seems to be pretty quick having reached 22 GB done in around 40 minutes.

Of course, if I was any good at basic arithmetic, I would have known that this
is no quicker than shred.  It just passed 100 GB after about an hour; 1000 GB
= 10 hours.

(I must have got the time wrong when I estimated earlier (as well!))

Even so, I think one pass of this command or shred should suffice.
-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using shred

[Hamish MB]

For modern drives a single pass with zeros is usually just fine. You can use dd 
if=/dev/zero of=/Dev/sdxy

You could copy from /Dev/urandom for a quicker random number pass too.

Hamish
On 17 Feb 2018, at 18:38, Keith Edmunds 
> wrote:

On Sat, 17 Feb 2018 18:31:53 +, d-...@hadrian-way.co.uk said:

 I'd be happier if there was no chance of data recovery.

Then destroy the drives.
-- 
Next meeting:  Bournemouth, Tuesday, 2018-03-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using Two USB Audio Adaptors and Selecting the Right One Programatically

[Hamish MB]

I think Ralph's solution is the better on if it works - instead of removing 
const from that cast, declare the variable as const.

Why is it that you dislike C++ Ralph? I admit it is overcomplicated, but I'm 
quite fond of it :)

Hamish
On 21 Jan 2018, at 16:30, Terry Coles 
> wrote:

On Sunday, 21 January 2018 16:23:56 GMT Ralph Corderoy wrote:
 I haven't time to reply to your original email at the moment, though
 from a quick skim the use of a compiled language looks like overkill,
 and tedious due to low-level parsing.

Ralph,

No rush, but would you use something like the Perl example at the beginning of
that page?
-- 
Next meeting:  Bournemouth, Tuesday, 2018-02-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using Two USB Audio Adaptors and Selecting the Right One Programatically

[Hamish MB]

Hi,

Yes, it seems to me that this code has a mistake in it. The fix doesn't change 
how the code works, just fixes (assuming this was indeed a mistake) that cast, 
which seems like something that could never work to me.

As far as I can see, that's an error in the code, because it tried to do 
something that isn't allowed. You could also try using the -fpermissive flag by 
the looks of it.

Hamish
On 21 Jan 2018, at 15:41, Terry Coles 
<d-...@hadrian-way.co.uk<mailto:d-...@hadrian-way.co.uk>> wrote:

On Sunday, 21 January 2018 15:31:15 GMT Hamish MB wrote:
 Try removing the "const" from the cast for the variable k, so it instead
 reads:

 char *p = strrchr((char *)k, 'D');

So you are suggesting that the code on the website where I got this from is in
error?  If so, I wonder how he got it to work.

 This may or may not fix the problem depending on how the rest of the code
 works. You can't cast a const type variable to a non-const type because it
 would potentially have massive security implications - eg people modifying
 passwords on their way to being stored / vice versa man in the middle type
 attacks.

Well.  That's one of the things that worries me.  If this fix changes the
functionality of the code from what the original author intended, then my USB
devices won't be permanently given Card Nos and I'll be chasing rainbows.

 What compiler are you using by the way?

Unless Kubuntu points at something different the GNU C++ compiler; that's
what's installed.
-- 
Next meeting:  Bournemouth, Tuesday, 2018-02-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using Two USB Audio Adaptors and Selecting the Right One Programatically

[Hamish MB]

Hi,

Try removing the "const" from the cast for the variable k, so it instead reads:

char *p = strrchr((char *)k, 'D');

This may or may not fix the problem depending on how the rest of the code 
works. You can't cast a const type variable to a non-const type because it 
would potentially have massive security implications - eg people modifying 
passwords on their way to being stored / vice versa man in the middle type 
attacks.

What compiler are you using by the way?

Hamish
On 21 Jan 2018, at 15:25, Terry Coles 
> wrote:

On Sunday, 21 January 2018 12:35:16 GMT Terry Coles wrote:
 I'm starting to get my head round this and think that I have a fighting
 chance of sorting it out.  However, I have a couple of queries (so far),
 both coming from the C++ code in your second link.

I'm having problems compiling the C++ code.  (Mainly because when I wrote C 
(about 35
years ago), I was at Janet and John level and the little I did with C++ was 
even less.)   This
line:

char *p = strrchr((const char *)k, 'D');

gives the following error:

terry@OptiPlex:~/Development/Wimborne_Model_Town/Winter_2016-17_Projects/
Minster_Bells/Code/USB_Audio_Fix$ g++ USB_Audio_Fix.cpp -o alsa_name
USB_Audio_Fix.cpp: In function ‘int GetDValue(const char*)’:
USB_Audio_Fix.cpp:112:22: error: invalid conversion from ‘const char*’ to 
‘char*’ [-
fpermissive]
 char *p = strrchr((const char *)k, 'D');
   ~~~^~

I can see what the error is saying but not why you can't do this conversion.  
Can I anyone
shed any light?  I had assumed that the code would compile, but not for me it 
doesn't ;-(
-- 
Next meeting:  Bournemouth, Tuesday, 2018-02-06 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using Two USB Audio Adaptors and Selecting the Right One Programatically

[Hamish MB]

Potential solution:

If both speakers are in roughly the same place, does it matter which one each 
sound is played through? You could just play music though one of them, and do 
the bells with whichever speaker isn't already in use.

Hamish
On 14 Jan 2018, at 18:07, Hamish MB 
<hamis...@live.co.uk<mailto:hamis...@live.co.uk>> wrote:
Weird that it keeps cutting it off!

I've been having email problems with this mailing list too - I've tried to 
reply to people a few times but it doesn't seem to work.

This is sent directly to you as well as the list Terry, so please let me know 
if you get this message twice :)

Hamish
On 14 Jan 2018, at 18:05, Terry Coles < 
d-...@hadrian-way.co.uk<mailto:d-...@hadrian-way.co.uk>> wrote:

On Sunday, 14 January 2018 18:02:40 GMT you wrote:



 On Sunday, 14 January 2018 17:57:26 GMT Terry Coles wrote:

 Some stuff:



 This is weird, I think something is cutting off the information that I have

 been putting at the end of the message.  One more time:




I'll post it on the Raspberry Pi Forum later; have to go to dinner now.
-- 
Next meeting:  Bournemouth, Tuesday, 2018-01-09 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Using Two USB Audio Adaptors and Selecting the Right One Programatically

[Hamish MB]

Weird that it keeps cutting it off!

I've been having email problems with this mailing list too - I've tried to 
reply to people a few times but it doesn't seem to work.

This is sent directly to you as well as the list Terry, so please let me know 
if you get this message twice :)

Hamish
On 14 Jan 2018, at 18:05, Terry Coles 
> wrote:

On Sunday, 14 January 2018 18:02:40 GMT you wrote:
 On Sunday, 14 January 2018 17:57:26 GMT Terry Coles wrote:
 Some stuff:

 This is weird, I think something is cutting off the information that I have
 been putting at the end of the message.  One more time:

I'll post it on the Raspberry Pi Forum later; have to go to dinner now.
-- 
Next meeting:  Bournemouth, Tuesday, 2018-01-09 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

Re: [Dorset] Kubuntu Knotes replacement

[Hamish MB]

You could use Evernote with the NixNote client for Linux :)

Hamish
En 7 oct. 2017, en 14:30, PeterMerchant via dorset 
> escribió:

Hi, I use knotes  on my kubuntu 16.04 system and am quite happy with it,
but  I was looking to see if I could link it with colournotes on my
Android tablet (I cannot) and noticed that the last forum entry was in
2011.


Is there a more current notes program for linux?


Peter M.

-- 
Next meeting:  Bournemouth, Tuesday, 2017-11-07 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR

[Dorset] Hi everyone!

[Hamish MB]

Hi!

I've been meaning to join for a while, but here we go:

My name is Hamish and I've been an avid user of Linux for around 6-7
years, and in that time I've enjoyed learning how to program for it in
Python and C++, as well as building Linux from scratch.

I'm working with Terry Coles on the Wimborne Model Town River
Sustainability project at the moment, if anyone's interested :)

I tried to add a little bio on the members page, but I can't figure out
how to login. Do I need to register for the wiki somehow as well?

Anyway, good to say hello, and I look forward to chatting with you all :)

Hamish
-- 
Next meeting:  Bournemouth, Tuesday, 2017-09-05 20:00
Meets, Mailing list, IRC, LinkedIn, ...  http://dorset.lug.org.uk/
New thread:  mailto:dorset@mailman.lug.org.uk / CHECK IF YOU'RE REPLYING
Reporting bugs well:  http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR