[PLUG] What's up (or down) with spiritone/aracnet?

[Mike C.]

On 10/1/17 12:00 PM, plug-requ...@lists.pdxlinux.org wrote:
 > Anybody in the PDX area know what's happened to
 > spiritone.com/aracnet.com? My wife uses them as her primary email
 > account, and their mail and web servers have been offline and un-
 > pingable since sometime Friday.

  I couldn't ping either mail server from my Comcast connection and I 
get mixed results doing traceroutes from Internet utilites web sites.

First one to mx.spiritone.com

calcium.spiritone.com216.99.193.20us147.483 ms

That is the same subnet both mail servers are on. The traceroute ends 
with "No reply for 5 hops. Assuming we reached firewall."

To mx.spiritone.com from different site gets there in 9 hops.

To mx2.spiritone.com from same site as above gets to 
216.99.193.11lithium.spiritone.com and then the trace is aborted.

Traceroutes from home to Spiritone ip addrs are over 20 hops and bounce 
around on Comcast & Cogent networks. Whereas from here, 
https://centralops.net/co/, to mx2.spiritone.com results in:

Traceroutes from home to Spiritone ip addrs are over 20 hops and bounce 
around on Comcast & Cogent networks. Whereas from here, 
https://centralops.net/co/, I get this:

1000 208.101.16.73outbound.hexillion.com
2000 66.228.118.153 
ae11.dar01.sr01.dal01.networklayer.com
3000 173.192.18.210 
ae6.bbr01.eq01.dal03.networklayer.com
4700 206.223.118.87br01.dllstx97.integra.net
5474746 209.63.114.158 tg13-1.ar10.ptldorfj.integra.net
6464646 209.63.114.158 tg13-1.ar10.ptldorfj.integra.net
7494849 67.136.135.70
8464646 216.99.193.20calcium.spiritone.com
9464646 216.99.193.24mx2.spiritone.com

Smells to me like a Internet routing problem.

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Sluggish machine

[Mike C.]

>> [3411389.621045] systemd-hostnamed[19228]: Warning: nss-myhostname is
>> not installed. Changing the local hostname might make it unresolveable.
>> Please install nss-myhostname!
> Dick,
>
>I believe that nss is associated with mozilla-firefox.
>
*nss-myhostname* is a plug-in module for the GNU Name Service Switch
(NSS) functionality of the GNU C Library (*glibc*), primarily providing
hostname resolution for the locally configured system hostname as
returned by gethostname(2)
.

More info for the curious here,
https://www.freedesktop.org/software/systemd/man/nss-myhostname.html

A quick Google only turned up one reference to MZ FFX and that was for a
minor security bug in CentOS.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Is there a DNS cache in the Comcast modem?

[Mike C.]

On 9/19/17 8:15 AM, plug-requ...@lists.pdxlinux.org wrote:
> My original question was does my
> modem have such a cache. Now is seems your answer is No, it does not. Do I
> understand you correctly?
>
> Harpreet 12:11 PM yes, you are
Because I obsess about stuff like facts and truth.

First, did you talk to an "XFINITY Domain Name System expert." at
https://dns.xfinity.com/ ?!?!?! (All sarcasm & snarkiness fully intended)

Second, it appears both Comcast & Google do DNNSEC validation.

Third, this seems to be a pretty good too that I found on that xfinity
dns web page.

"DNSViz is a tool for visualizing the status of a DNS zone. It was
designed as a resource for understanding and troubleshooting deployment
of the DNS Security Extensions (DNSSEC). It provides a visual analysis
of the DNSSEC authentication chain for a domain name and its resolution
path in the DNS namespace, and it lists configuration errors detected by
the tool."

http://dnsviz.net/

It's non-SSL, so if you're having problems with browsing to SSL based
web sites again, try to go here and plug in the domain you're having
problems with.

You may not understand the DNSKEY errors, as neither do I, but if you
see things in highlighted in red, and red triangles w. exclamation
points, e.g. http://dnsviz.net/d/quacktopia.com/WVmoCg/dnssec/ , you
have a useful data point that a particular domain zone file has an error
and/or be compromised.




___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Is there a DNS cache in the Comcast modem?

[Mike C.]

On 9/19/17 8:15 AM, plug-requ...@lists.pdxlinux.org wrote:
> Denis 12:10 PM OK. I know what DNS stands for. Local systems often maintain
> a local cache of recently used sites. My original question was does my
> modem have such a cache. Now is seems your answer is No, it does not. Do I
> understand you correctly?
>
> Harpreet 12:11 PM yes, you are
Although that was painful to read. It didn't take me 36 mins. Good
grief... =(
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Internet access certificate issues

[Mike C.]

On 9/18/17 12:00 PM, plug-requ...@lists.pdxlinux.org wrote:
> /etc/rc.d/init.d/nscd restart
> bash: /etc/rc.d/init.d/nscd: No such file or directory
>
> I am running Ubuntu 16.04.
>
> -Denis
It's most likely that nscd is not installed. I don't run Ubuntu, so I
don't know what apps & daemons are installed and run at startup by
default. You can try these other commands. I think dnsmasq might be
installed and run at startup by default on Ubuntu.

sudo /etc/init.d/dns-clean restart

sudo /etc/init.d/networking force-reload

*To flush dnsmasq dns cache:*

sudo /etc/init.d/dnsmasq restart

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Internet access certificate issues

[Mike C.]

On 9/17/17 12:17 PM, Mike C. wrote:
> DNS poisoning initially occurs at the DNS server. An untrusted fake name
> record is introduced and then is cached in the DNS server and served to
> any unwitting entity that makes a DNS A record lookup for a hostname/fqdn
Realized that maybe a bit more clarity is useful to people who don't
know the ins & outs of DNS. Specifically, this would occur on Comcast's
DNS. Which is why DNSSEC dns protocol extensions were created. If this
had occurred, I'd think that Comcast or at least the Internet would've
known about it.

Also, SSL web browsing is a bit of different beast. Next time try to
browse to a non-SSL web site. They're harder to find these days, but I
just found one!!! You're friendly and helpful pdxlinux.org.

That would tell me the problem is more likely ssl web browsing than DNS
and the airRouter is the most likely culprit.

Another fun party troubleshooting trick you could if this happens again
is try to telnet to port 443 of a known good address. In this case, I'd
ping a smaller web site's FQDN and keep the ip addr on file for testing
to. Might be harder to do these days as any web sites employing SSL is
probably not small and sitting behind a CDN and the ip addr is subject
to change.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Internet access certificate issues

[Mike C.]

On 9/16/17 12:00 PM, plug-requ...@lists.pdxlinux.org wrote:
> Where does DNS poisoning occur?  Since it was just local to my machine (no
> general complaints noticed), then something local must have been hacked.
> This could have been either my router or my modem, since my laptop
> connecting via wireless to the router also had the problem.  The modem was
> reset a few times during my contact with Comcast's technician, so it could
> have been the modem if reset clears the cache.
>
> This whole thing is above my pay grade. Bottom line, if it recurs, what
> should I do to find out what is happening?

DNS poisoning initially occurs at the DNS server. An untrusted fake name
record is introduced and then is cached in the DNS server and served to
any unwitting entity that makes a DNS A record lookup for a hostname/fqdn.

This is unlikely to be of a nefarious nature and far more likely to be
caused by crappy code in the airRouter. I did tech. support work for a
local manufacturer of lower-end APs that ran open source based software.
Oh, the DNS & DHCP nightmare problems I could tell you about.

I did a quick Google on this and found that people experienced similar
problems with the Cisco RV130. If I recall the fix was a config change.

I don't know if the Comcast modems run a DNS caching server. I doubt it,
but maybe. I've been using a dns caching server on my linux boxen for
many years. Now many linux distros come with dnsmasq installed and it
runs at startup by default.  I think modern versions of MS Win also do
this.

So, what you do if this happens again? Here's what I would do.

1. Flush the dns cache on your computer and then try again. Here's how
to do it on all OSs.
https://www.techiecorner.com/35/how-to-flush-dns-cache-in-linux-windows-mac/

2. If problem persists, plug directly into the modem and try it again.

3. If problem persists, edit the /etc/resolv.conf file, add the Google
nameserver addresses and try again.
nameserver 8.8.8.8
nameserver 8.8.4.4

*NOTE: This is only temporary and will be overwritten upon the next DHCP
renewal unless you edit the dhcp config file so that it doesn't request
DNS entries or disable DNS on the Comcast modem.

4. If problem still persists, which I suspect is highly unlikely, then
I'd probably start looking at either running some heavy duty malware
software on your pc or wiping it and re-installing the OS from scratch.

HTH!,

Mike



___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Info Interview Request for Linux Sys Admin training & employment?

[Mike C.]

Hi,

I've recently been accepted & enrolled into the RebootNW training
program for long-term unemployed people through WorkSource Oregon. If
you're interested to know more, you can check it out here =>
http://www.rebootnw.org/

I'm interested in getting training through the Linux Foundation, LPI,
RHCE, Hack Oregon and potentiall more formal CS education in the future.
In order for program participants to get funding for any training they
must conduct an informational interview either with a potential employer
or someone working in the targeted job role such as Linux Sys Admin
and/or DevOps.

There's 6 questions that need only a couple of sentences worth or a
reply. This could be done by phone, email or in person w. a delicious
beverage of your choice. My treat, of course!

I need to have this completed by the end of the day Monday, September
18th in order to submit my scholarship application.

Please let me know if you're interested and available in participating
in this info interview or if you know of someone I should reach out to.

Thank you for your time and consideration.

Mike






___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Mysteries of DNS

[Mike C.]

On 8/24/17 8:40 AM, plug-requ...@lists.pdxlinux.org wrote:
> Folks,
> I thought I had my Mikrotik router setup right, indeed it was doing just
> fine, I did
> an upgrade on it and all of a sudden my linux boxes no longer keep the DNS
> When I first reboot the router it appears to tell everyone about DNS, I can
> set
> for a while on my Linux boxen and go everywhere, then all of a sudden each
> one of them no longer resolves, interesting thing is the Android devices DO
> continue to resolve just fine.
>
> Anyone seen that one. I am running Mate on Ubuntu 16.04 all machines are up
> to date as far as I know.
Here's how I'd go about troubleshooting this.

When your Linux boxen can't get dns name resolution do the following.
1. Go to cli and run the command "cat /etc/resolv.conf"
e.g.
cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4

2. Is the nameserver ip addr the same ip addr of the microtik router? If 
no, there's most likely a config problem.

3. If yes, ping the ip addr of the nameserver

4. If it doesn't respond, there's a network communication issue between 
the two devices.

5. If it does respond, run the command, "nslookup google.com". Does the 
command provide a non-authoritative answer?
e.g.
nslookup google.com
Server:8.8.8.8
Address:8.8.8.8#53

Non-authoritative answer:
Name:google.com
Address: 216.58.193.78

6. If no, login in to the Microtik and run the same command.

7. If the Microtik replies with a non-authoritative answer I'd take a 
look at this thread about dnsmasq.
https://askubuntu.com/questions/131342/dnsmasq-sometimes-resolves-things-sometimes-it-doesnt

That should be a good start in running down this problem.


___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] ENU,Inc R.I.P.

[Mike C.]

On 8/14/17 12:00 PM, plug-requ...@lists.pdxlinux.org wrote:
>I've had occasion to visit a couple of these places. The one's I visited
> were totally Windows-centric and had no idea how to diagnose potential
> hardware issues. I still see some of these shops, but many fewer.
>
> Perhaps this is the result of the focus of industry drivers assuming
> everyone will do all their computing on a smart phone rather than a desktop,
> laptop, or tablet.
>
> Rich
Interesting topic worth discussing a bit especially after some random 
thoughts running through my mind following this thread.

In today's world, most people use computational devices more for 
communication and all the things one can do on the Wonderful World of 
the Web. There's a gluttony of inexpensive good quality used/refurbished 
computers to be had that will easily meet most people's needs. I think 
the Internet and Software has become far more interesting for most 
people than hardware even though the hardware is very technologically 
advanced now, especially for virtualization purposes.

It took decades of an unfathomable number of hours of human mental and 
physical labor, not too mention the metric tonnage of natural resources 
to arrive at the point where computer hardware, software and the 
Internet just works like any other appliance for most people. If you've 
never been to the American Computer & Robotics Museum in Bozeman, MT, I 
highly recommend it. It'll make your head spin.

How many hours have I myself spent just getting my Linux boxes to just 
work like a Win or Mac w/o feeling like some mad scientist who's just 
trying to get the *#*@& WiFi to work! I couldn't tell you the last time 
I had to use the CLI to troubleshoot my Linux box. I kinda miss it, but 
I've also enjoyed getting a bit of my life and my sanity back. =)
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Thoughts on Linux Distros & Desktop Enviro

[Mike C.]

Here's a blurb from an article I read on on /. that got me thinking 
about my decade long journey w. Linux distros./
"To little surprise, Ubuntu was the most popular Linux distribution 
running on the respondents' laptops.38.9% of the respondents were said 
to be using Ubuntu 
while 
interesting in second place was Arch Linux at 27.1% followed by Debian 
at 15.3%. Rounding out the top ten were then Fedora at 14.8%, Linux Mint 
in 5th at 10.8%, openSUSE/SUSE in sixth at 4.2%, Gentoo in seventh at 
3.9%, CentOS/RHEL in eighth at 3.1%, Solus in ninth at 2%, and Manjaro 
in tenth at 1.6%. The other Linux distributions had each commanded less 
than 1% of the overall response/"//

I suspect a lot of PLUG'ers are Ubuntu users. I tried various Ubuntu 
versions over the years and there was always things I didn't like such 
as upgrades, silly audio probs,  or that it ran slower compared to 
Debian based distros. So I mostly ran Debian and lived with non-fully 
functional Desktop Enviros, or wireless driver probs, or going into or 
coming out of suspend mode would b0rk up the works. I often had to hack 
on Debian, which at times was fun & interesting and at other times was 
really frustrating & annoying.

Last year I cam across Deepin. It's a Debian based distro w. their own 
Desktop Enviro. And not only do all the lil' things work as you would 
expect like w. a MS Win or MAC OS, it works well, is beautiful and 
fast/fluid. Rolling updates are quick & painless. I didn't have 
blacklist my onboard sound to use external speakers or figure out what 
the correct wifi driver to use is. Deepin has also made its DE available 
to most other popular distros.

After a decade of running Linux on personal computers, for me the dream 
of the Linux Desktop has finally become a daily reality for this quite 
happy user! It has been a most glorious year of running Linux. The best 
in a decade I can honestly say.

It's not my intention for this to be an advertisement but just a sharing 
of my experience of the evolution using Linux and the Desktop Enviro. 
Something which many Linux devs never cared about for many years.

Happy Linux-ing!

Cheers!,

Mike


___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] GIAC certification.

[Mike C.]

"Doesn't work if you live in poor Columbia county :-("

-- There's also the Oregon Library Passport Program, 
https://multcolib.org/oregon-passport-program , of which the Clatskanie, 
Scappoose and Vernonia Libraries participate in. It's a free, but limited use 
card, so maybe it doesn't provide access to Lynda.com.

Or perhaps you have friends or family some of the many other counties the are 
members of the Metropolitan Interlibrary Exchange.

Even if you paid $20/mth for the basic Lynda membership. That's a pennies on 
the dollar investment as compared to the courses you mentioned. There's a free 
10-day trial and you can cancel your membership at anytime.

Either way, it's only one of the few resources that I mentioned. if I were you 
I'd focus more on your general attitude and how to solve problems and overcome 
obstacles that stand in the way of what you want to do. In my experience it'll 
take you a lot farther both in your career and life in general.

Best of luck!

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] GIAC certification.

[Mike C.]

> Are there books I can read that cover the material I need
> to understand?
>
> -- Michael C. Robinson
>
The simple & obvious answer is yes, of course there is.

The better question to ask is which books, PDFs, & online courses would 
teach you what you need to know to pass GISF test. Which I doubt if 
anyone on this mailing list could answer with a high degree of 
certainty. Having self-studied for various certs: A+, CCNA, MCSE to name 
a few I can tell you that books + braindumps always worked for me. I 
never paid for 1 certification training course.

If you don't know what braindumps are just Google "GISF or GIAC 
braindump". It used to be that test takers would share questions, 
topics, notes o and otherwise breakdown the cert test so other people 
would know what material to focus on. They used to be freely shared. Not 
sure if that's the case these days.

If you search for GISF/GIAC books on Amazon, they'll likely have reviews 
on how well the book prepares someone for the test.

Other possibly useful resources:

SANS Cyber Aces is SANS’ philanthropic initiative to help individuals 
discover and develop skills and careers in cybersecurity. SANS donates 
free, online courses that teach the fundamentals of cybersecurity to 
program participants, organizes state-wide competitions, and helps 
connect participants to employers.
http://cyberaces.org/courses/

If you've a Mult. County Library card you can access Lynda.com freely. I 
haven't tried it yet, but that might have some cybersecurity training:
https://multcolib.org/resource/lyndacom

EDx has a free online Cybersecurity Fundamentals course that started on 
May 23rd.
https://www.edx.org/course/cybersecurity-fundamentals-ritx-cyber501x-0

Hopefully, that helps point you in the general direction.

Good luck!

-- Mike





___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Change firefox open tab order

[Mike C.]

> Once upon a time with earlier versions of firefox I could change the
> sequence of open tabs by moving them. Then firefox removed that feature. Is
> there a way of moving open tab order in the newer firefox version?
>
>

   "This stopped working a couple of years ago.

I can move a tap to another position but as soon as I lift my finger from
the trackball button the tab snaps back to its original position."

In my mind there are 3 possible sources to this problem.

1. Feature removal
2. Know issue (Bug)
3. Unknown issue (corruption of FFox install)

1. The tab groups feature was removed in FFox 45. Not sure if that's applicable.
2. The only known tab related issue I could find is when flash is playing in a 
tab users have problems switching tabs. Not the same as moving, but possibly 
related?
3. For weird issues, Mozzilla support mentions the possibility of a hacked 
user.js file. The user.js file doesn't exist by default.

That leaves me to suggest run FFox in safe mode first, then check for a user.js 
file and remove it if one is found and then re-install and/or upgrade FFox.

HTH!


___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Linux / Android Security?

[Mike C.]

> Unless you want to stay at the surface, I?d suggest you pick a topic to start 
> with and learn from there.

I'd say the most interesting topic to me right now is the security & privacy in 
my digital communications & personal
information.

> Most computer security topics end up at the network and programming level 
> (some exceptions include social engineering and operational security). You 
> can start with networking, but eventually you?ll need to be able to read and 
> write code if you really want to get into security.

Agreed, I kind of hit a wall a few years ago w. network oriented security 
before the proliferation of smartphones, cloud based software and now IoT.

How to program securely (you?ll also have to split apart the difference between 
?security = no holes in code? and ?security = no leaking information? because 
they?re not the same).

Yes. Baked in, intentional security vs. afterthought, bolt-on security. Data 
breaches, info leaks and the
exploitation of personal information is the motivating force here. For a few 
years, I worked to protect the info
and interests of corporations mostly. Now it's a much more personal matter.


> There are a ton of topics under the umbrella of security.
> Security Now! isn?t bad. You may also want to check out ?Paul?s security 
> weekly?, This week in Law, Packet pushers, Risky Biz, DtSR (Down the Security 
> Rabbit Hole), The Social-Engineer podcast.

A Security Now podcast about all the software we use daily on multiple devices 
connected to many networks creates
a really big attack surface with many vectors that even security researchers 
are struggling to understand and combat.

I used to think about how to be secure against more direct & intentional 
attacks against my home computer. Now I'm
seriously concerned about a rogue band of zombie IoT devices exploiting some 
little known vulnerability in SuperTux2 and
and p0wning my digital life.

> You may want to get on an OpenBSD mailing list. You can learn a lot there.

Good advice! Will do!

> My reading ofthe news and Brian Krebs' blog suggests that the major point of 
> entry to
> securit breaches is the weakest link: people.

Yes, both users and programmers. I've been seriously questioning that notion 
that everyone should write code
and everyone should use computer technology & software.

> Hi Mike,
>
> You should consider coming to OWASP meetings as well.  One of them is
> tonight, which unfortunately conflicts with RainSec, but that doesn't
> typically happen.  We post our event notices a variety of places, but
> Calagator is where all the info typically resides:
>http://calagator.org/events/1250471438

I thought about this before, but as I'm not a programmer I figured much of it 
would be over my head.

Thank you all for the good and useful feedback. I look forward to more 
conversations and learnings on this topic.
Feel free to email me directly about events, podcasts, articles, etc. that you 
think might be of interest.

Cheers,

Mike


___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Linux / Android Security?

[Mike C.]

Perhaps I've missed Security oriented threads and/or PLUG Talks, but I'm 
very interested in connecting with other security wonks. It's one of the 
many reasons I chose Linux a decade ago.

I went to a couple of talks in town on cyber security & privacy. They 
were both sparsely attended. I learned a few new tips & tricks, but 
mostly went home with a bunch of questions to research.

I listen to the Security Now! podcast. I've worked w. Firewalls, VPNs, 
Tripwire, and other "bolt-on" technology. But there's so much I don't 
know and I feel like a cyber security victim in the waiting from 
governments, criminals, corporations, etc

There's a monthly RainSec meetup. It's intended for "Security 
Professionals". Which I'm technically not. Has anyone attended a RainSec 
meetup?

There's also the Beer of Trust PGP Key-Signing events, 
http://calagator.org/events/1250471462, which I unfortunately keep missing.

I'm also not just interested in the tools and best practices, but also 
how they intersect with our constitutional rights and freedoms.

So, what's the ask, you're thinking. I guess I'm wondering if there are 
any Linux / Android Security Pros and/or wonks on PLUG and what the 
group interest level is on PLUG talks on cyber security & privacy.

Thank you,

Mike




___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] FreeGeek...

[Mike C.]

"Nobody in Portland seems interested in inexperienced computer scientists."

Color me skeptical about this claim. I find it hard to believe you can find
even a software tech support, QA or DevOps job wouldn't at least pay
$15/hr, especially as a contractor. I recently quit a contract gig at Intel
as Network Software Test Technician that paid $30/hr. Although I was a CS
major prior to the Internet, I don't have any real world programming
experience and just have some now expired SysAdmin / Networking certs.
Their ideal candidate would have some programming knowledge from
Powershell, Bash up to C / C++.

It's interesting to me that almost every Sys Admin job I look at or get
contacted about wants someone with programming skills that I don't have and
somehow I'm able to still get jobs. Not the dream jobs. Although I have a
few good references and a lot of varied work experience on my resume due to
my struggle to stay at a job longer than a year and a half or so. But I'm
nothing special in today's IT world. In fact I've been struggling with
finding a Linux Sys Admin job because I don't have any
scripting/programming experience.

Anywho, here's some ideas that might be more fruitful in your job search
than an internship at Free Geek.

1. Go to some of the many daily Tech events in Portland that are listed on
http://calagator.org/events . Some are meetup groups, some are study
groups, some actually work on projects and others are talks. But all of
them will provide you with the opportunity to network with people who work
in the Tech industry in Portland. I import the Calagator calendar into my
Thunderbird email client via gmail to stay abreast of all the events.

2.  There's a Portland tech job fair coming up on April 27th.
https://portland.craigslist.org/wsc/sad/6066445489.html

3. LinuxFest NW is coming up. May 6th & 7th. Another networking
opportunity.

In my 20 years of working in the tech field, I've found nary evidence that
finding an IT job isn't much more than doing the work to get a job. That's
a good resume, cover letter, phone calls, emails, networking, interviews
and good ol' fashioned persistence. I dare say that being a decent human
being, with a well written resume and cover letter who knows how to take an
interview that is so often stiff and awkward and turn into a conversation
about the problems the hiring manager is currently trying to solve and that
you have the skills, knowledge, experience and/or personality
characteristics to help solve those problems gets the job.

I hope that's helpful.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux Mint / Evolution <--SYNC--> Galaxy S7 ? (Charles Sliger)

[Mike C.]

>
> From what I can gather on the web, this seems like it should enable
> syncing the Calendar and Contacts info between my Linux Mint system and
> my Samsung Galaxy S7 smartphone.
>
> I can't seem to find documentation on how it actually works other than
> generalized CalDAV / WebDAV info.z
>

I haven't tried this before so I cannot offer any personal guidance or
support, but SyncEvolution seems like the solution you're looking for.

"SyncEvolution makes it easy to keep two instances of Evolution in sync, or
to keep a phone in sync with Evolution. This will give you a setup that
syncs the address book, calendar, memo, and todo sources.

https://syncevolution.org/wiki/synchronizing-evolution-http-howto

Good Luck!

-- Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] serial communication over ethernet (VY)

[Mike C.]

>
> Hello All:
>
> I am looking for a mechanism from Linux to configure a device that's a
> small ethernet server:
>
>https://www.lantronix.com/wp-content/uploads/pdf/XPort-AR_CR.pdf
>
> The initial steps involve configuring its BAUD rate, IP address etc..
> On Windows, per their instructions, folks are asked to use things like
> telnet and hyperterminal,
> or other serial communication tools.
>
> On Linux, I have configured serial ports before, using things like
> minicom.  But those devices would show up as /dev/TTY***.In this
> device, it is showing up in an ethernet port.
>
> what tools can I use to configure this device in such scenario under Linux?
> I know exactly which ethernet port it is connected to (e.g.  eth1)
>
> thanks in advanced for any tip.
>
>
Are you connecting to the device via a serial port?

Standard configuration for serial port communication is: 9600, 8, N, 1

i.e.
Bits per second (Baud Rate): 9600
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: None

This getting started document explains how to connect via the serial port.
https://www.lantronix.com/wp-content/uploads/pdf/XPort-AR_QS.pdf

The device also has DHCP enabled, so you could just plug into your LAN. You
can run the command arp -a before plugging in it and then after. You should
see the new mac & ip addr entry in your computer's arp table.

Here's an example of an arp table entry on my computer:

gateway (10.0.0.1) at 00:00:ca:11:22:33 [ether] on enp2s0

The first 6 characters of any mac addr are reserved for the OUI,
Organizationally Unique Identifier. In my example arp table entry, 00:00:ca
is for Arris.

Lantronix's OUI is: 00:80:A3

HTH,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Other options besides VNC (or RDP)

[Mike C.]

>
> I'm looking for any other options to remote into a graphical desktop
> besides VNC or RDP.
>
> I'd like a client that runs on Linux and Android with MAC and Windows a
> bonus.  Server should run on Linux with Android, MAC and Windows as
> another bonus.
>
> I remember coming across something, while searching for something
> compeletely different, but the name now eludes me.  Must be a case of
> CRS. :-(
>

I used No Machine when it was known as FreeNX on Linux and thought it was
the best remote access software out there at the time before web browser
remote access was a thing.

I haven't looked at it in a few years and after a quick review of NoMachine
ver. 5, it's very clear that there has been extensive development done.
Some great features to me are: multiple monitor support, headless linux
server and extended x-window support.

I wish I currently had a reason to use it. I may have to invent one!
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] What certifications to take?

[Mike C.]

>
>
> As a field service person who also is trying to do my own contracting I
> guess I am a hybrid between the two. In some positions and jobs just
> explaining what
> I have done has been a big win. Others they wanted to see certs or
> licenses.
>
> It is interesting that I have gotten a lot of jobs based on the fact that I
> am an amateur radio operator (ham radio) and that I have published some a
> few
> times in the amateur radio networking conferences.
>
> Also there are other jobs where the fact that I am HACCP certified has got
> me in the door also.
>
> What I have found out is you can never tell what the sweet spot is but if
> they advise you that it is to your advantage to have a certain type of
> certification in the job descriptor and application requisites then it is
> best to try to
> have those pieces of paper to back you up, just as when they say you need
> a passport
> and the available time to travel, having the passport and being willing to
> travel causes some of them to perk up. I have a passport and a Global
> Access card,
> and am used to 95%+ travel. The down side is some of them will then think
> that you are over qualified and back off.
>
> So if you can have a well rounded set of creds and background and figure
> out
> just how much to tell so as not to go under or over you will get the job.
>
>
I must say Chuck that I'm a bit envious of what you're doing. It's a
direction I've tried to go in for many years, but haven't been able to pull
it off yet for various legitimate and lame reasons.

I have a background in radio as an Avionics Tech but I never got my ham
radio license and it's somethng I've thought a lot about lately. I used to
travel quite a bit as a contract Network Engineer.

I've also run into the over-qualified claim, but most often that was for
perm/f-t positions. Currently, my interest lies more in Linux and
privacy/security.

Unfortunately, I rarely make to a PLUG meeting but maybe someday I'll make
your acquaintence and we'll have an interesting chat.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] What certifications to take?

[Mike C.]

>
> > Chuck,
> >
> >I'm not a computer professional (hardware, software, networking, etc.
> as
> > my posts here consistently demonstrate), but I have run a
> sole-practitioner
> > consultancy for more than two decades and suggest that my perspective
> might
> > have value for you, Mike, and others in the same position.
> >
> >The bottom line in job seeking (whether as employee or consultant) is
> > what
> > value you bring to the company. They don't care about us, only what we
> can
> > do for them.
>
>
I'm going to be a bit argumentative to Rich's perspective and advice. I
think it's a bit simplistic, idealistic and not very applicible to those of
us who are IT professionals.

If you're being hired to a job such as a Desktop Technician, Network
Engineer or software developer, certfications and/or degrees are generally
used as a measuring stick of your competecny and hence value to the
company. Because you're only as valuable to the company as you're in being
able to fix PC hardware & software problems quickly and corectly. That's
what they're paying you to do becuase downtime is costly.

Certifications are a general competency check and by no means replaces real
world experience. However,if you can't get real world experience than
they're the next best thing. Perhaps the best thing to do if possible is to
build/create something that solves a problem and document it and/or
demonstrate it.

I'm willing to bet I've had more jobs in the IT field than anyone on this
list: PC Tech,. Linux Admin, MS WIN Admin, Data Network Engineer, Telecom
Netwrok Engineer, IT Security. QA, Software Techncial Support and IT
Manager.

What enabled me to do this is not that I'm a genius, far from it.
Certifications always opened the door for me. When I was offered a job at
AT, I had just passed my CCNA a few months prior. I had never touched a
router in the real world and didn't have a college degree. I was paid
$10,000 more than the guy who did at AT who traned me on the job.

I had a job offer on the table as a contractor at Coca-Cola in Atlanta. It
was supposed to be for a Network Enginee position but they wanted someone
with a Checkpoint certfication.and asked me if I could get it in a few
weeks. I studied, took the test, got the cert and got the job that paid $
60.hr.

I could and would gladly write more similar paragraphs but the bottom line
is that acquiring certs has only helped me and never harmed me. Not every
cert is worth the effort, time & cost. It doesn't make much sense to get A+
certified if you want to be a Software Developer.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] What certifications to take?

[Mike C.]

>
> 'Folks,
> I am being offered some grants to obtain certifications. I am a field
> service person by job. I am looking at the different certifications for
> networking
> and IT, figured I would ask here what would be good for me to aim for.
>
> In the type of work I do, I deal with network issues, computer
> configuration and communication with other networked devices (PLC's and
> other devices).
>
> I see field service jobs that require certifications, so figured I would
> ask what I should try to get first in order to have something that will
> cover most
> of what I do. Then if I need others perhaps I can obtain them later on.
>
> I have needed to obtain certification, but field service does not allow you
> to set in one place long enough, I am between jobs so I have a chance to
> do so and
> it will be paid for by someone else.
>

I think a relavent question here is what kinda of work, problems, projects
interest you?

There are a plethora of certifications to choose from. Based on the
desciription of the work you do, I can think of 3 of the top of my head
that are applicable: A+, Network+, low voltage cabling. CompTIA is a good
place to start, https://certification.comptia.org/certifications

I got A+ certified in '99 and I'm thinking about going through it again as
the hardware has evolved exponentially and is far more advanced and
complicated these days.

Also, Dell has completely taken over the server market and recently aquired
EMC, the storage giant.
http://www.dell.com/en-us/work/learn/dell-certification

I hope that's helpful.

Cheers,

MIke
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Identifying network interfaces and their status

[Mike C.]

On Sat, Jan 14, 2017 at 11:21 AM, Mike C. <mconno...@gmail.com> wrote:

> All this information is available when, as root, you issue the command
>> ifconfig -a (the -a option shows all network interfaces and their status).
>> The man page explains it.
>>
>> Rich
>>
>
> FWIW, ifconfig is deprecated and replace by the ip command. IP has all the
> same functionality as ifconfig plus more.
>
> https://www.linux.com/learn/replacing-ifconfig-ip
>
> Cheers!
>

   Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] PLUG Digest, Vol 148, Issue 14

[Mike C.]

>
> All this information is available when, as root, you issue the command
> ifconfig -a (the -a option shows all network interfaces and their status).
> The man page explains it.
>
> Rich
>

FWIW, ifconfig is deprecated and replace by the ip command. IP has all the
same functionality as ifconfig plus more.

https://www.linux.com/learn/replacing-ifconfig-ip

Cheers!

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Chromebook and Debian Jessie

[Mike C.]

>
> All the Google searches show how to use semanage, but with no status for
> the selinux user that is created the Dbus cannot send messages to the X
> window system.  The
> message I get is:
>
> Unable to contact settings server
>
> THE QUESTION, finally:
> How do I get out of this ChromeOS jail?   I want X windows to work so I
> an use OpenCPN on my sailboat.
>
>
A quick and easy way to get out of the ChromeOS jail is to disable SELInux
temporarly and put it into permissive mode which shouold allow to use
OpenCPN and give you time to research the problem more or just be able to
toggle SELinx for when you use OpenCPN.


   - *Permissive* - switch the SELinux kernel into a mode where every
   operation is allowed. Operations that would be denied are allowed and a
   message is logged identifying that it would be denied. The mechanism that
   defines labels for files which are being created/changed is still active.

Temporarily switch off enforcement
You can switch the system into permissive mode with the following command:

echo 0 >/selinux/enforce

You'll need to be logged in as root, and in the sysadm_r role:

newrole -r sysadm_r

To switch back into enforcing mode:

echo 1 >/selinux/enforce

To check what mode the system is in,

cat /selinux/enforce
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Weird issue network ports dhcp client RPi

[Mike C.]

>
> Here is the syslog of when I disconnect the RJ-45 connector:
>
> Oct 19 14:09:18 WxPi dhcpcd[464]: eth0: carrier lost
> Oct 19 14:09:18 WxPi rsyslogd-2007: action 'action 17' suspended, next
> retry is Wed Oct 19 14:09:48 2016 [try http://www.rsyslog.com/e/2007 ]
> Oct 19 14:09:18 WxPi kernel: [  131.168314] smsc95xx 1-1.1:1.0 eth0: link
> down
> Oct 19 14:09:18 WxPi dhcpcd[464]: eth0: deleting route to 192.168.7.0/24
> Oct 19 14:09:18 WxPi avahi-daemon[452]: Withdrawing address record for
> 192.168.7.55 on eth0.
> Oct 19 14:09:18 WxPi dhcpcd[464]: eth0: deleting default route via
> 192.168.7.1
> Oct 19 14:09:18 WxPi avahi-daemon[452]: Leaving mDNS multicast group on
> interface eth0.IPv4 with address 192.168.7.55.
> Oct 19 14:09:18 WxPi avahi-daemon[452]: Interface eth0.IPv4 no longer
> relevant for mDNS.
> Oct 19 14:09:18 WxPi dhcpcd[1218]: sending commands to master dhcpcd
> process
> Oct 19 14:09:18 WxPi avahi-daemon[452]: Interface eth0.IPv6 no longer
> relevant for mDNS.
> Oct 19 14:09:18 WxPi avahi-daemon[452]: Leaving mDNS multicast group on
> interface eth0.IPv6 with address fe80::ba27:ebff:fe19:4ac7.
> Oct 19 14:09:18 WxPi avahi-daemon[452]: Withdrawing address record for
> fe80::ba27:ebff:fe19:4ac7 on eth0.
> Oct 19 14:09:18 WxPi kernel: [  131.451171] smsc95xx 1-1.1:1.0 eth0:
> hardware isn't capable of remote wakeup
> Oct 19 14:09:18 WxPi dhcpcd[464]: control command: /sbin/dhcpcd -k eth0
> Oct 19 14:09:18 WxPi dhcpcd[464]: eth0: removing interface
> Oct 19 14:09:18 WxPi kernel: [  131.539033] smsc95xx 1-1.1:1.0 eth0:
> hardware isn't capable of remote wakeup
> Oct 19 14:09:18 WxPi kernel: [  131.539493] IPv6: ADDRCONF(NETDEV_UP):
> eth0: link is not ready
> Oct 19 14:09:20 WxPi ntpd[598]: Deleting interface #7 eth0,
> fe80::ba27:ebff:fe19:4ac7#123, interface stats: received=0, sent=0,
> dropped=0, active_tim
> e=112 secs
> Oct 19 14:09:20 WxPi ntpd[598]: Deleting interface #4 eth0,
> 192.168.7.55#123, interface stats: received=0, sent=0, dropped=0,
> active_time=112 secs
> Oct 19 14:09:20 WxPi ntpd[598]: peers refreshed
> Oct 19 14:09:29 WxPi dhcpcd[1349]: sending commands to master dhcpcd
> process
> Oct 19 14:09:29 WxPi dhcpcd[464]: control command: /sbin/dhcpcd -k wlan0
> Oct 19 14:09:29 WxPi dhcpcd[464]: wlan0: removing interface
> Oct 19 14:09:29 WxPi dhcpcd[464]: wlan0: deleting address
> fe80::37d2:4b61:ba0e:fe01
> Oct 19 14:09:29 WxPi avahi-daemon[452]: Withdrawing address record for
> fe80::37d2:4b61:ba0e:fe01 on wlan0.
> Oct 19 14:09:29 WxPi avahi-daemon[452]: Leaving mDNS multicast group on
> interface wlan0.IPv6 with address fe80::37d2:4b61:ba0e:fe01.
> Oct 19 14:09:29 WxPi avahi-daemon[452]: Interface wlan0.IPv6 no longer
> relevant for mDNS.
> Oct 19 14:09:29 WxPi avahi-daemon[452]: Withdrawing address record for
> 192.168.7.65 on wlan0.
> Oct 19 14:09:29 WxPi avahi-daemon[452]: Leaving mDNS multicast group on
> interface wlan0.IPv4 with address 192.168.7.65.
> Oct 19 14:09:29 WxPi avahi-daemon[452]: Interface wlan0.IPv4 no longer
> relevant for mDNS.
> Oct 19 14:09:29 WxPi dhcpcd[464]: wlan0: releasing lease of 192.168.7.65
> Oct 19 14:09:29 WxPi wpa_supplicant[562]: wlan0: CTRL-EVENT-DISCONNECTED
> bssid=c4:3d:c7:95:7f:84 reason=3 locally_generated=1
> Oct 19 14:09:29 WxPi dhclient: receive_packet failed on wlan0: Network is
> down
> Oct 19 14:09:29 WxPi kernel: [  142.552261] R8188EU: ERROR indicate
> disassoc
> Oct 19 14:09:29 WxPi kernel: [  142.584187] IPv6: ADDRCONF(NETDEV_UP):
> wlan0: link is not ready
> Oct 19 14:09:29 WxPi dhcpcd[464]: wlan0: dhcp_openudp: Cannot assign
> requested address
> Oct 19 14:09:29 WxPi dhcpcd[464]: wlan0: deleting route to 192.168.7.0/24
> Oct 19 14:09:29 WxPi dhcpcd[464]: wlan0: deleting default route via
> 192.168.7.1
> Oct 19 14:09:29 WxPi kernel: [  142.906954] R8188EU: ERROR indicate
> disassoc
> Oct 19 14:09:29 WxPi wpa_supplicant[562]: wlan0: CTRL-EVENT-TERMINATING
> Oct 19 14:09:29 WxPi kernel: [  143.031122] IPv6: ADDRCONF(NETDEV_CHANGE):
> eth0: link becomes ready
> Oct 19 14:09:29 WxPi kernel: [  143.033077] smsc95xx 1-1.1:1.0 eth0: link
> up, 100Mbps, full-duplex, lpa 0xCDE1
> Oct 19 14:09:30 WxPi kernel: [  143.081165] IPv6: ADDRCONF(NETDEV_UP):
> wlan0: link is not ready
> Oct 19 14:09:30 WxPi dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255
> port 67 interval 5
> Oct 19 14:09:30 WxPi dhclient: receive_packet failed on wlan0: Network is
> down
> Oct 19 14:09:30 WxPi weewx[1082]: genimages: Generated 12 images for
> StandardReport in 2.98 seconds
> Oct 19 14:09:30 WxPi weewx[1082]: reportengine: copied 0 files to
> /var/www/weewx
> Oct 19 14:09:32 WxPi ntpd[598]: Deleting interface #6 wlan0,
> fe80::37d2:4b61:ba0e:fe01#123, interface stats: received=0, sent=0,
> dropped=0, active_time=124 secs
> Oct 19 14:09:32 WxPi ntpd[598]: Deleting interface #5 wlan0,
> 192.168.7.65#123, interface stats: received=40, sent=40, dropped=0,
> active_time=124 secs
> Oct 19 14:09:32 WxPi ntpd[598]: 52.6.160.3 interface 192.168.7.65 -> 

Re: [PLUG] PLUG Digest, Vol 145, Issue 13

[Mike C.]

>
> Folks,
> I just did a update to a RPi B+. Before I did the update all was working
> just fine, after doing so I lost my network connection (wifi) I can see the
> interfaces but no IP. I plug in a ethernet cable, but do not see the dhcp
> client pulling an address, I reboot the RPi, and then I get addresses on
> both the wired and wireless side. I figure that all was OK so I pull the
> wired side, within seconds both ports have lost their IP addresses. I can
> see in the syslog where it happens, for some reason looks like the dhcp
> client is removing BOTH addresses, even worse in order to get a link back
> I have to reboot the thing.
>
>
I found this thread,
https://www.raspberrypi.org/forums/viewtopic.php?f=63=110692. from this
past May. It seems there was a change to DHCP that might be the culprit.

Here's the relevant thread:

"by *drice
*
»
Mon May 18, 2015 7:39 pm

Edit /etc/dhcpcd.conf

Comment out duid and uncomment clientid.

Save the file and restart the service or the whole Pi.

It looks like they recently changed this so that instead of sending the MAC
address to the DHCP server it is sending the DHCPv6 DUID which is not the
same and some routers can't handle at all. I suppose this is technically
RFC4361 compliant but it breaks existing DHCP reservations."

Curious to know if that's the problem. HTH.

Cheers!
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] PDX Jaguar Land Rover Open Source Tech Center runs Debian!

[Mike C.]

As a self-proclaimed Debian-head, mostly due to their social contract,
commitment to free software and package mgmt. system, this story might be
of more interest to me than anyone else. But it's a very rare occasion
these days that any organization besides small shops run Debian. And their
looking for Linux Systems Engineer. Maybe that's you...

"Deploy Linux based servers running Debian which will support served
applications to OSTC including Linux image creation tools and served
applications.

Key Criteria for Role:

Education – Bachelors Degree or equivalent experience

Expert knowledge of Linux

Expert of Linux based Servers using Debian

Advanced knowledge of C++

Working within development teams

Professional AGILE experience

Very good Project Management skills"
http://www.linkup.com/job/ee0349d0db4b6c0ba5b8bc52b2c58e1603ad/systems-network-it-administrator-job-in-portland-or

For the love of Debian and FOSS!,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Learning Linux Sys Admin & Linux/Open Source tools

[Mike C.]

>
> I found a couple of things recently that might be of use.
> http://devopsbootcamp.osuosl.org/
> http://tfitch.com/automation-tools-bootcamp/vagrant.html
>
> I got these from an Open Spaces session at DevOps Days PDX.
>
> I've looked at both of their lists and it covers most of the things that I
> use just about every day in my work with my development team.
>
>
That's incredibly useful and helpful information! Thank you!

"This program is based on the PSU Braindump ,
where for 21 years they have been turning PSU students into sysadmins who
have rapidly been flowing into the growing number of startups in Portland."

Blows my mind that I've never heard of the "PSU Braindump" until now!

A few months ago, OSU's Open Source Lab was hiring a Linux SysAdmin. I
drooled all over my keyboard like I did when the Center for Biological
Diversity was also hiring a Linux SysAdmin.

Another very drool inducing Linux SysAdmin job posting is the current one
for Laika. The producers of 'Kubo'.  http://goo.gl/QPyjx1
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Learning Linux Sys Admin & Linux/Open Source tools

[Mike C.]

>
> Mike,
>
>From a non-computer-industry-professional perspective: responsible
> managers (that is, those for whom you'd want to work) frequently seek those
> who are adaptable and able to quickly learn new things. Every industry and
> business changes (at the corporate level read the article from The
> Economist
> on linux and AWS) and those that are early adopters who survive and thrive.
>
>The same principle applies to individuals. You might have experience
> with
> a few tools which are not exactly what a potential employer is using (or
> thinking of using) but that does not mean you could not quickly learn them
> and become productive. Were I in your position I'd structure my CV and
> resume (the former listing qualifications, the latter business
> accomplishments on behalf of employers) and cover letters on the range of
> responsibilities, tools, and situations you've successfully mastered in
> your
> career so far.
>
>It is commonly written that people fear change and avoid it. That's true
> for all of us to some extent. But, when we understand the cost of not
> changing that fear transforms into welcoming acceptance.
>
>The most important fact I take from messages on this thread (and Rich
> Burroughs' is a prime example) is that SysAdmin, network admin, devops,
> whatever name is appropriate for the market segment you want to join is
> constantly in flux. Your value to an employer is not what you are good at
> now but how you will contribute to the profits of the company in the
> future.
> Ability to quickly learn new tools and productively apply them, being aware
> of potential new tools, and being flexible is worth a lot.
>
>Something to think about.
>
> Rich
>
> Rich - You're spot on with all of this. I've recently added "notable
contributions" to each job summary on my resume. No one has yet really
seemed to care.

There's a few rubs here that I'll enumerate for contemplation /
conversation sake.

1.  While I was doing other things in life, Linux Sys Admin shifted from
LAMP stack, Email, NFS, DNS, etc to more DevOps, virtualization, AWS and
automation. Every Linux job description I've seen thus far spells that out
loud and clear.

2. There's a really big communication gap to be bridged between a resume /
cover letter and the hiring manager that usually includes HR, recruiters
and poorly written job descriptions that are based on "what you're good at"
now and not on "how you can learn, change, grow and contribute to the
company in the future."

Over my 15 years of working in the IT field, I've seen a reluctance of
companies to invest in employees and build customized systems and software
in-house to meet a businesses needs.

It's a different world now, especially in Portland. where Linux oriented
jobs are being driven by software development companies. Great for Linux!
Difficult for ol' school Linux SysAdmin folks who love and appreciate Linux
and want to be able to make a living working with it.

-- Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Learning Linux Sys Admin & Linux/Open Source tools

[Mike C.]

>
>
> If you are looking for an Ops Engineer type role (you said it was one of
> your options), in a lot of shops you'd be using Chef or Puppet in that type
> of role. I'm partial to Puppet (I'm going to work there in a few weeks in
> exactly this kind of role), but I know a ton of really smart people who use
> Chef too. Also Ansible seems to be gaining in popularity.
>
> Other shops don't use these tools at all or are moving away from them as
> they adopt containers. Learning things like Docker and Kubernetes could be
> really helpful too.
>
> There are less defined learning paths for some of these things. The Devops
> tool space is completely in flux right now and I'm really not sure where
> things are going to end up.
>
> If you are interested in Puppet, there's a pretty awesome Puppet User's
> Group here in Portland. Sometimes the actual engineers who wrote the code
> for a given feature are the ones presenting at a meeting.
>
> You also mentioned Python and my impression is that it's very popular in
> operations shops. A lot of the job nowadays seems to be about glueing
> together different open source apps, so being able to interact with APIs is
> important. The Requests library for Python is great.
>
> Puppet does have training classes and I'm sure Chef does too. I would be
> surprised if they're not pretty expensive. But Puppet does have a VM you
> can grab for free called the Learning VM and some exercises you can walk
> through to get your feet wet.
>
> The Ops Engineer space is a lot more confusing than the traditional
> sysadmin one now, but I'd make the argument that those jobs are probably
> going to land you in more inseresting shops/roles. I think it's really
> where the industry is heading.
>
> One of the big shifts in this kind of role from the traditional sysadmin is
> writing unit tests/acceptance tests for your code. I've found it very
> liberating. If your tests are good you can refactor and know pretty quickly
> whether things are broken or not. Both Chef and Puppet have tools built on
> top of Ruby's Rspec, that's another good thing to get your feet wet with.
> And Python has its own testing tools.
>
> Sorry if this is kinda rambling and vague but that's honestly how this
> space feels right now. I'm still going through this shift myself. I was the
> sysadmin who hardly wrote any code for many years and now I think of myself
> as an engineer (not a particularly great one).
>
>
> Rich
>
> P.S. Perl makes my brain hurt too, it's not just you.
>
> P.P.S. My last PLUG talk was in something like 2000 (not kidding), but I
> could possibly do something Puppet related if people are interested. I did
> a talk at Puppet Camp Portland in January on how to get your feet wet with
> module development and some of the testing tools for it. That one might be
> helpful. I wouldn't be able to until at least October.
>
>
Rich - I didn't find that vague and rambling. It's pretty good insight into
the Sys Admin / DevOps space for someone who's not in it, looking at it
from the outside and trying to make sense out of it all.

I especially liked to hear that you made the transition from a traditional
Sys Admin role to more of a DevOps role as that'll be my path too.


> Beyond that, however, the difficulties you've encountered trying to
> outline a career-development path are due to the idiosyncratic way
> employers think about the jobs they're posting.
>
> Few sysadmin jobs are best described as "support Linux." Linux is the
> tool; it will be discarded when a new one proves its worth. Sysadmin
> jobs are "support the tools (which happen to live in a Linux
> infrastructure) that keep our enterprise viable."
>
> You won't be selling Linux skills. They're required -- and will help
> you improve the situation at your future employer -- but what you
> really need to sell is your skills at leveraging computer
> infrastructure to help an organization move forward.
>
> That said, you can then think about the major markets for Linux
> systems administrators:
>
> * Educational institutions: user support, research focus, diverse
>computing environment, unclear lines of responsibilities.
>
> * Small businesses: absolutely everything related to the computer and
>network lifecycle plus lots of tool-building on the cheap.
>
> * Nonprofits: similar to small businesses, with a lower budget.
>
> * Large enterprises: heavy specialization; probably need to know
>someone to get a serious interview.
>
> * Government: similar to large enterprises with a slightly more open
>hiring process.
>
> Take the time to learn the technical tools; they'll serve you well.
> Unless you have deep knowledge of an unusual or difficult bit of
> computing infrastructure (hardware or software), however, the tools
> won't generally set you apart.
>
> What a valued sysadmin really does is help people survive and
> thrive in their sector of the economy.
>
> That's how employers think about their sysadmin job postings, which is
> 

Re: [PLUG] Learning Linux Sys Admin & Linux/Open Source tools

[Mike C.]

>
> Louis - Thank you for your reply.


Your responses compel me to be a bit more clear about some things.

"10) at some point, you will have to get into networking"

-- I've over 10 yrs of work experience as a Network Engineer, in which I've
worked with Unix on Network Management platforms and I've used Linux
Networking tools for network troubleshooting. I've even built Linux test
boxes and run LAN / WAN networks through those text boxes to do network
traffic analysis.

I'm doing a lot of what you said, but learning scripting languages even as
a former Comp. Sci. major is kind of dry and uninteresting when there's not
a problem to solve or project deadline to meet. Not too event mention that
there are drums waiting to be played, bikes waiting to be ridden and
Network Engineer jobs a plenty.

I guess what I'm having difficulty with is that to me there doesn't seem to
be a clear and well defined development path.

For example, when I got into Network Engineering. I started out by taking
the TCP/IP exam of the MCSE than I self-studied for Cisco Certified Network
Administrator and got my first job as a Network Engineer without any
hands-on real world experience.

>From there, I was able have access to training, lab time, certifications
and projects that took me from a rank novice to a seasoned veteran in just
a few short years.

So what I've experienced over the years is a floundering at Jr. Linux Sys
Admin level as there's only so much I've been able to do on my own and
there doesn't seem to be many job opportunities for a Jr. Linux Sys Admin
to work under a Sr. Level Sys Admin and get good hands-on experience and
mentoring.

I realize it's my own personal struggle and everyone has walked their own
path to Linux Sys Admin greatness. The path seems a lot lot harder for to
my find than for a Network Engineer. The trail heads aren't very well
marked and the trails not very well mapped out.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Learning Linux Sys Admin & Linux/Open Source tools

[Mike C.]

After many years of working as a Network Engineer and being a Linux
hobbyist and doing some junior Linux Sys Admin gigs, I've decided to make
the push into developing the skills and acquiring the knowledge to secure
gainful employment as a Linux Sys Admin and/or DevOps engineer.

I just took advantage of The Linux Foundation's 25th Anniversary 50% off
sale and I'm enrolled in the following self-study courses.

Essentials of System Administration

Linux Networking and Administration

Linux Security Fundamentals

Software Defined Networking Fundamentals
First question I have is has anyone else taken any of these courses and if
so I'm interested in hearing what you got from the course and what it's
done for you in your job.

Now for the more open conversation part. There is a big difference between
being a Linux hobbyist / Jr. Sys Admin managing a few servers at a small
company and learning, getting experience with the vast array of common and
uncommon Linux/FOSS apps and tools.

Cobbler, Puppet, Salt, OpenStack, Graphite, Logstash, memcached, Perl,
asterisk, RabbitMQ, openLDAP, Isilon, Arista, Zimbra, Asterisk, RabbitMQ,
KVM, ZFS, InfluxDB, Cfengine.

I know about some of these and I've even worked with a few of them. I
studied Computer Science in a previous life and PERL makes my brain hurt. I
can do simple stuff in shell, Python and Ruby.

The road ahead seems very unclear as I know 2 common skills/experience that
I'm sorely lacking in are scripting and automation. Neither of which will I
get from any of the Linux Foundation courses.

So I don't really know how to get there from here as what I'm finding is
that most Linux Sys Admin jobs are Sr. level and they want folks to walk
through the door with many years of work experience with the apps, tools
and skills I've mentioned.

I know that sometimes the Advanced Topics cover some of these topics, which
is all well, good and fine but it doesn't provide any hands-on experience.

If you've been in these shoes before or where in these shoes, what would
you recommend/? Should I just setup a home lab and start learning all this
stuff?

It would be awesome to connect with Sr. level experienced Linux Sys Admin
folks.

Thank you for taking the time to wade through my ramblings!

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Locating reason for permissions change

[Mike C.]

> Not being aware of what I might have done that caused the permissions to
>> revert I would like to learn if there is some way to log when and why the
>> permissions change. While returning the perms to 777 is easy it's annoying
>> to have to do this unexpectedly.
>>
>>Ideas wanted.
>>
>> The Linux Audit System is your friend. There should be just enough
> information but not too much,  here (http://www.la-samhna.de/
> library/audit.html) to get to you started using it. Watching 1 file is
> pretty quick and easy.
>
> Cheers!,
>
> Mike
>
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] PLUG Digest, Vol 143, Issue 19

[Mike C.]

>
>  Not being aware of what I might have done that caused the permissions to
> revert I would like to learn if there is some way to log when and why the
> permissions change. While returning the perms to 777 is easy it's annoying
> to have to do this unexpectedly.
>
>Ideas wanted.
>
> The Linux Audit System is your friend. There should be just enough
information but not too much,  here (
http://www.la-samhna.de/library/audit.html) to get to you started using it.
Watching 1 file is pretty quick and easy.

Cheers!,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Wifi Compatibilty and Linux Distro's

[Mike C.]

>
> What wireless card works well ?most? of the time with various distro?s?
>
> That's a really difficult question to answer as after doing wireless
network support for the past year I learned that there are many variables
to good wireless connectivity.

I've been running Debian on IBM / Lenovo laptops for almost a decade now
and the only wireless problems I ever had were fixed by changing the
driver. Which I did more of back the early part of the decade than I've
done in the past few years.

Have you tried a non-Ubuntu based distro such as Slackware, Debian, Fedora
or OpenSuse?

Also, what are you AP are you connecting to?

Lastly, what research have you done on this?  A quick Google netted this,
*Realtek RTL8723BE chipset*3. For a Realtek RTL8723BE chipset you should be
able to improve the stability and quality of your wireless connection, by
disabling power management for the wireless chipset.

Cheers,

MIke
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Show of hands/poll on tcpdump

[Mike C.]

>
> > If asked to self assess your tcpdump comfort level would you reply with:
> >
> > >>* I'm great, what do you need done?
> > >>* I'm comfortable, can do capture with filtering
> > >>* I'm rusty, but could spin up quick
> > >>* Only use it with the man page handy for reference
> > >>* tcpwhat?


Very comfortable with the commonly used options in network troubleshooting
such as interface, protocol/port, packet type, host, monitoring, etc.

Which is a reflection of how I've used it as a Network Engineer.

Troubleshooting client/server software communication would take some time
reading and tinkering.

The far more difficult thing with tcpdump is being able to make sense of
the output.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Probably will return my system 76 Gazelle

[Mike C.]

>
>
> Suggestions on an alternative laptop?  Keys are the first requirement
> (along with Linux, of course.)  And that Dell mentioned here a while ago
> with a non-replaceable battery seems to me to be a bit stupid.  But maybe I
> can be convinced otherwise with suitable arguments.
>
> Thanks,
>
> -Denis
>
> I've been very happily running various Linux distros: Debian, Ubuntu,
> Fedora on old , refurbished and new IBM & Lenovo Thinkpads for about a
> decade now. Very happily means I've never considered using any other
> hardware platform. It just works and works well and the hardware is
> bomb-proof.


I've replaced the fan when the bearing got noisy, I've replaced at 3 least
4 keyboards, hard drive, cd-rom, batteries, Keith L. has replace the
screens with higher resolution ones. Free Geek usually has piles of "as-is"
Thinkpads for parts and ThinkWiKi is a really great community resource. "5,586
active users  have
registered since Sep. 2004 and created 1,332 articles (54,492 page edits so
far)."

So many good reasons!

-- Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] VPN anyone?

[Mike C.]

Message: 1 Date: Sat, 2 Jan 2016 12:19:41 -0800 From: Michael Rasmussen 
<mich...@jamhome.us> Subject: Re: [PLUG] VPN anyone? To: Portland 
Linux/Unix Group <plug@lists.pdxlinux.org> Message-ID: 
<20160102201941.ga25...@jamhome.us> Content-Type: text/plain; 
charset=us-ascii On Sat, Jan 02, 2016 at 09:12:44AM -0800, Mike C. wrote:
>> I believe what the OP is talking about is a privacy VPN. There are several 
>> companies that are selling VPN services so that you can anonymize your 
>> connection.
>   
> And why should I trust any of them?
>   
>
I guess that's a question you have to answer for your self. No one here 
is trying to sell you a VPN Service or for that matter even trying to 
sell you on the idea of one. OP asked about it and I replied w. some 
hopefully relevant and useful information.

PLUG-TALK would be the proper channel to discuss the merits of said 
service and why one should or should not trust any of them.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] VPN anyone?

[Mike C.]

> I guess that's a question you have to answer for your self. No one 
> here is trying to sell you a VPN Service or for that matter even 
> trying to sell you on the idea of one. OP asked about it and I replied 
> w. some hopefully relevant and useful information.
>
> PLUG-TALK would be the proper channel to discuss the merits of said 
> service and why one should or should not trust any of them.

With that being said, I'd be very interested in either a PLUG TALK or 
PLUG CLINIC around personal digital and online security. I was very 
interested in a decade ago as it was a driver to my switch to Linux and 
then I got lazy about it.

I recently learned about wifi routers from Thinkpenquin that has 
hardware that is Respect Your Freedom Certified and ships running 
LibreCMC. I'd also like to replace the proprietary BIOS w. Coreboot.

Corporations have just as much interest in my personal information and 
online activities as our government and like to make it a lot harder for 
both of them to get.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] VPN anyone?

[Mike C.]

I believe what the OP is talking about is a privacy VPN. There are several 
companies that are selling VPN services so that you can anonymize your 
connection.

-Russ


Yes. A VPN Service Provider such as the ones reviewed here => 
http://lifehacker.com/5759186/five-best-vpn-service-providers

Which oddly leaves out, https://www.privateinternetaccess.com/, who is a 
"proud sponsor" of the EFF, Creative Commons and they accept payment via 
Bitcoin.

Also, Riseup has recently released their VPN Service, 
https://help.riseup.net/en/vpn
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Firefox cannot locate localhost: httpd will not start

[Mike C.]

>
> On Mon, 21 Sep 2015, bro...@netgate.net wrote:
>
> > What's in?
> >   /etc/httpd/extra/httpd-mpm.conf
>
> #
> # Server-Pool Management (MPM specific)
> #
>
> #
> # PidFile: The file in which the server should record its process
> # identification number when it starts.
> #
> # Note that this is the default PidFile for most MPMs.
> #
> 
>  PidFile "/var/run/httpd.pid"
> 
>
> #
> # Only one of the below sections will be relevant on your
> # installed httpd.  Use "apachectl -l" to find out the
> # active mpm.
> #
>
> # prefork MPM
> # StartServers: number of server processes to start
> # MinSpareServers: minimum number of server processes which are kept spare
> # MaxSpareServers: maximum number of server processes which are kept spare
> # MaxRequestWorkers: maximum number of server processes allowed to start
> # MaxConnectionsPerChild: maximum number of connections a server process
> serves
> # before terminating
> 
>  StartServers 5
>  MinSpareServers  5
>  MaxSpareServers 10
>  MaxRequestWorkers  250
>  MaxConnectionsPerChild   0
> 
>
> # worker MPM
> # StartServers: initial number of server processes to start
> # MinSpareThreads: minimum number of worker threads which are kept spare
> # MaxSpareThreads: maximum number of worker threads which are kept spare
> # ThreadsPerChild: constant number of worker threads in each server process
> # MaxRequestWorkers: maximum number of worker threads
> # MaxConnectionsPerChild: maximum number of connections a server process
> serves
> # before terminating
> 
>  StartServers 3
>  MinSpareThreads 75
>  MaxSpareThreads250
>  ThreadsPerChild 25
>  MaxRequestWorkers  400
>  MaxConnectionsPerChild   0
> 
>
> # event MPM
> # StartServers: initial number of server processes to start
> # MinSpareThreads: minimum number of worker threads which are kept spare
> # MaxSpareThreads: maximum number of worker threads which are kept spare
> # ThreadsPerChild: constant number of worker threads in each server process
> # MaxRequestWorkers: maximum number of worker threads
> # MaxConnectionsPerChild: maximum number of connections a server process
> serves
> # before terminating
> 
>  StartServers 3
>  MinSpareThreads 75
>  MaxSpareThreads250
>  ThreadsPerChild 25
>  MaxRequestWorkers  400
>  MaxConnectionsPerChild   0
> 
>
> # NetWare MPM
> # ThreadStackSize: Stack size allocated for each worker thread
> # StartThreads: Number of worker threads launched at server startup
> # MinSpareThreads: Minimum number of idle threads, to handle request spikes
> # MaxSpareThreads: Maximum number of idle threads
> # MaxThreads: Maximum number of worker threads alive at the same time
> # MaxConnectionsPerChild: Maximum  number of connections a thread serves.
> It
> # is recommended that the default value of 0 be set
> # for this directive on NetWare.  This will allow
> the
> # thread to continue to service requests
> indefinitely.
> 
>  ThreadStackSize  65536
>  StartThreads   250
>  MinSpareThreads 25
>  MaxSpareThreads250
>  MaxThreads1000
>  MaxConnectionsPerChild   0
> 
>
> # OS/2 MPM
> # StartServers: Number of server processes to maintain
> # MinSpareThreads: Minimum number of idle threads per process,
> #  to handle request spikes
> # MaxSpareThreads: Maximum number of idle threads per process
> # MaxConnectionsPerChild: Maximum number of connections per server process
> 
>  StartServers 2
>  MinSpareThreads  5
>  MaxSpareThreads 10
>  MaxConnectionsPerChild   0
> 
>
> # WinNT MPM
> # ThreadsPerChild: constant number of worker threads in the server process
> # MaxConnectionsPerChild: maximum number of connections a server process
> serves
> 
>  ThreadsPerChild150
>  MaxConnectionsPerChild   0
> 
>
> # The maximum number of free Kbytes that every allocator is allowed
> # to hold without calling free(). In threaded MPMs, every thread has its
> own
> # allocator. When not set, or when set to zero, the threshold will be set
> to
> # unlimited.
> 
>  MaxMemFree2048
> 
> 
>  MaxMemFree 100
> 
>
> I'm confused. Your httpd.conf has an "Include /etc/httpd/extra/httpd-mpm.conf"
statement, but in the mpm.conf all the MPM stanzas appear to be commented
out and I don't see any "LoadModule" statement. e.g. "LoadModule
mpm_worker_module modules/mod_mpm_worker.so"

I'd say try commenting out the "Include /etc/httpd/extra/httpd-mpm.conf"
 statement in your httpd.conf as this is not functionality you need in your
use case.
___
PLUG mailing list
PLUG@lists.pdxlinux.org

Re: [PLUG] Linux distributions

[Mike C.]

It is usually, except in SuSE flavors (and we also used SLES at oldjob),
pretty easy to match up
rpms to a redhat version and more difficult in a debian or ubuntu environment.
Both package management environments aren't the best (apt-/dpkg vs
yum/rpm), though I think redhat gets the tip because apt-cache and dpkg
--get-selections are just weird to anyone not used to
them.

When Debian is installed it's configured to point to the specific
repository for that release, such as Wheezy, which I'm currently running.
So every package I can see in the repository is a Wheezy package.

It also seems that maybe you don't understand the Debian pkg mgmt system
very well. There isn't a dpkg --get command, there's however dpkg -i
which is similar to the rpm -i command to install a specific package and
manually deal with any dependencies.

apt is akin to yum in that it will attempt to install the package and
any dependencies. Apt-get is the command you were thinking of. Aptitude
provides more pkg. mgmt intelligence than apt and is the officially
sanctioned package manager, which you didn't mention.

apt-cache is for searching through the apt software package cache and
getting package info. I rarely use it.

For me, the pkg mgmt system played a huge factor in my distro choice. The
APT package mgmt system and all its tools make so much sense to me. are so
easy to use and useful.

Crunchbang (Debian Wheezy w. Openbox) runs in less than a 150 MB and that
makes me squeal w. joy!

I guess that's what makes Linux so great, there's a flavor for everyone.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux distributions

[Mike C.]

I've been running and administering different versions (stable and testing)
of vanilla Debian and Debian derived distros for about a decade. There are
more than 300 Debian derived distros with about half of that number still
active today.

One that I've been running very happily for the past few years is
Crunchbang It runs the Openbox Window Manager. It's a super light, no
fluff, fast distro! I don't know too many people that run a full fledged
Linux distro on a $300 netbook circa 2011. But I do.

Debian is nothing if not cutting edge and super stable/reliable. They test
for years before an distro upgrade is released. Apt is a great package
manager with user friendly tools such as Synaptic and Aptitude for software
installation and management without any fluff. Debian also has a huge
software repository and you can pull from free, contrib of non-free
repositories. If that's something that matters to you.

The current version, Debian 8, Jessie , was released in April 2015.
Systemd is the default init system. Debian also supports a wide array of
system architecture.

lastly, Debian also has a social contract, a great community, lots of
support, docs, tutorials, and the versions are named after Toy Story
characters.

Yeah, I'm a Debianhead for life. It's always treated me right, so no need
to try anything else.

http://arstechnica.com/information-technology/2015/05/debian-8-linuxs-most-reliable-distro-makes-its-biggest-change-since-1993/

https://crunchbangplusplus.org/about/

Cheers!,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] DSL Modem: D-Link DSL-520B: No Data Between LAN WAN

[Mike C.]

 Message: 1
 Date: Thu, 22 Jan 2015 12:11:18 -0800
 From: Chaz Sliger c...@bctonline.com
 Subject: [PLUG] DSL Modem: D-Link DSL-520B: No Data Between LAN  WAN
 To: PLUG plug@lists.pdxlinux.org
 Message-ID: 1421957478.26120.2.camel@chaz-desktop
 Content-Type: text/plain; charset=UTF-8

 LAN OK, WAN OK, Won't pass data from LAN to WAN
 Phone Case #: C6613856

 CONFIG:
 Static IP, No DHCP, Manualy entered Gateway Router IP  DNS server IP's.

 LAN Connection Works:
 Config/Status via browser works.  Answers pings to it's LAN  WAN
 interface IP Addresses.

 WAN Connection Works:
 Diag reports successful connection to ISP gateway router  Pri DNS
 server.  Verified by telnet to 520B and using ping to test connectivity
 to ISP router  dns.

 PROBLEM:
 520B will not pass traffic between LAN and WAN. (cannot ping ISP from
 computer on LAN)

 The 520B is acting like its internal firewall is blocking all through
 traffic.

 Have tried various combinations of NAT enabler/disable, Firewall
 enable/disable, etc.
 Turned on error logging but nothing in the syslog messages has helped so
 far.

 -chaz


This might be a bit of a long shot but I found this note in Section 7 of
the User Manual (http://www.bhphotovideo.com/lit_files/70908.pdf)

Note: You must enable the NAT service when you configure the WAN
connection at first, the NAT item appears in the Advanced Setup directory.
In the pure bridging mode, there is no NAT service.

This is relevant and worth trying because NAT mediates the lan/wan
connection. You could reset to factory settings and give it a try.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux (pref Debian) brainstorming group - does one exist?

[Mike C.]

  1. Broadband access is loosely defined as communication bandwidth of at
  least 256 kbps. Greater than dial-up but lesser than satellite avg.
  bandwidth.
 
  - Why this constraint? If it's about constraining the ease of internet
  searching there are debian specific mailing lists or IRC for using low
  bandwidth and/or intermittent internet access.

 It started with me having only dialup access at home. My solution
 is purchase of *COMPLETE* distro on DVD. That logically was one
 of motivations for NOT considering any distro using a rolling
 release model.

 
  2. Do you mean no Local Area Network or no local user group networking?

 I was reffering to LANs. But there is also a dearth of Linux
 users in rural SW MO ;/

 
  3. There's a lot of documentation available, some of it in the Debian
  repositories and some of it on the web like the Debian wiki. Could all of
  this documentation be loaded onto the computer before the project starts?

 Quantity? Yes.
 Quality? Well-l-l, it varies ;(
 Actually this is the area where I have hopes of contributing
 something. Some information is just too scattered. Also some
 documentation assume the reader just knows some things.

 
  4. My impression is that you're trying to figure out how development of
  Debian can happen with limited access to information. Is this accurate?

 No. I believe everything I want exists.

 
  If so, another thing that could be done is to install development tools
 and
  open source software so that you could ask questions and look for
 existing
  code examples or non-existing code examples.
 
  I think that this is greatest benefit of the Debian social contract and
  FOSS. The opportunity and resources for self-study.


Taking all of what you've said into consideration, the closest thing that I
know of to a Debian brainstorming group
is the Debian Users Group on LinkedIn. I'm a member along with about 9,000
other folks.

Perhaps that is helpful? Best of luck with your project!
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Linux (pref Debian) brainstorming group - does one exist?

[Mike C.]

 Message: 3
 Date: Sat, 03 Jan 2015 08:50:33 -0600
 From: Richard Owlett rowl...@cloud85.net
 Subject: [PLUG] Linux (pref Debian) brainstorming group - does one
 exist?
 To: plug@lists.pdxlinux.org
 Message-ID: 54a801b9.50...@cloud85.net
 Content-Type: text/plain; charset=UTF-8; format=flowed

 I'm working on a personal project has some rather odd (OK already
 WEIRD ;) goals and constraints. I wish to ask questions without
 getting referrals to How to ask a question or don't do that etc.

 My constraints (some external, some by definition) and
 restricting goals include
1. no wide-band access to internet
2. no local networking
3. initial experiments shall be based on Debian Squeeze from
 purchased set of DVDs
4. a single user system as in - one keyboard, one display, one
 mouse, one explicitly
   specific operator
5. system shall as minimal as possible
6. while using structure of apt, all package dependencies
 shall be explicit. That
   not only means not using recommends/suggests but also
 packages will not be loaded
   only because they are labelled essential.

 This is an invitation to tell me where to go GRIN
 Thank you

 I've been a passionate user and believer of all things Debian for the past
decade and I find your project quite interesting. I have a few clarifying
questions.

1. Broadband access is loosely defined as communication bandwidth of at
least 256 kbps. Greater than dial-up but lesser than satellite avg.
bandwidth.

- Why this constraint? If it's about constraining the ease of internet
searching there are debian specific mailing lists or IRC for using low
bandwidth and/or intermittent internet access.

2. Do you mean no Local Area Network or no local user group networking?

3. There's a lot of documentation available, some of it in the Debian
repositories and some of it on the web like the Debian wiki. Could all of
this documentation be loaded onto the computer before the project starts?

4. My impression is that you're trying to figure out how development of
Debian can happen with limited access to information. Is this accurate?

If so, another thing that could be done is to install development tools and
open source software so that you could ask questions and look for existing
code examples or non-existing code examples.

I think that this is greatest benefit of the Debian social contract and
FOSS. The opportunity and resources for self-study.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] O.T.VoIP and Satellite

[Mike C.]

 Message: 2
 Date: Mon, 29 Dec 2014 15:31:38 -0800
 From: Chuck Hast wch...@gmail.com
 Subject: Re: [PLUG] O.T.VoIP and Satellite
 To: Portland Linux/Unix Group plug@lists.pdxlinux.org
 Message-ID:
 CADNfBV-E-CAKZTq3tkYm5hxi4xCS7ZQ0a0635kt1j3KnD=
 a...@mail.gmail.com
 Content-Type: text/plain; charset=UTF-8

 MIke
 Thank you for the observations. I did test the connection, since I am using
 cellular, I found several phone numbers to test against, and all of them
 provide
 good inbound audio but my outbound audio is just all corrupted.


Call quality or lack thereof, as it relates to the network, is mostly a
function of packet loss, delay and jitter. Jitter is variance in delay. 150
ms 1-way delay is the standard measurement for toll quality voice. That
is, the voice quality is good enough to charge for.


 I do not think that the DHCP assignment caused the problem, but I am trying
 to figure out if something else was changed on the network at the same
 time.
 i.e. different routing.

 I know that normally ip addresses are not geo based, but it was always of
 note that in the past any search or application that took me to a map would
 always take me to a map of the area I live in, now since I am one
 HughesNet, I see
 that I am now taken to sites that are no where near where I am, and I
 figured that it was probably where the gateway to the uplink to the
 satellites was
 located. I know that they have several of them, so I thought that might be
 the issue.


You're correct in that a new DHCP ip address assignment could change the
gateway and the routing to and from the satellite. It's also possible that
only the outbound route is problematic. You would want to run at least some
extended basic ping tests to the default gateway.

What would be really useful at this point is to get some relevant network
connectivity data.

Can you go here - http://voiptest.8x8.com/ and run a few tests and post the
results? I would run the test for 69 secs and run it for both G.729 and
G.711 codecs. The reason being is that your internet connection might
support the lower quality G.729 codec and you might be able to set that in
your microcell or in your smartphone voip app.

When the test is complete please click on the advanced tab and copy and
paste all the statistics reported.

Also, if you go to the summary tab and click on result analysis of
voip test that would be useful info too.




 Typical internet is asymmetric - when somebody is watching a movie
 on netflix or surfing the web, they are receiving a firehose of
 bits and sending out a trickle of ACK packets.

 VOIP usage is symmetric, moderate bandwidth data streams in both
 directions.

 Satellites are also asymmetric - they have a limited number of
 transponders with limited bandwidth, which they will allocate to
 maximize overall customer retention, which means catering to the
 majority.  Which isn't thee and me.

 The satellite provider probably recently reallocated a customer
 uplink transponder as a customer downlink transponder, to better
 serve the netflix users.  There might be an FCC or ITU document
 or ruling about this.  Do you know which particular satellite
 you are talking to?  One of the ANIKs?


This is really getting off into the weeds. What matters with VOIP call
quality is consistency. Consistency of packet loss, delay and jitter.
Jitter is variance in delay. 3 Mbs of bandwidth in each direction should be
sufficient to provide okay call quality. Call distortion is caused mostly
by packet loss, delay and jitter. At the simplest level, 150 ms one way
delay is the standard measurement to provide what's called toll quality
voice. That is, it's good enough to charge for.

A g.729 call requires 32 kbps. The average satellite link bandwidth is
approx 400 kbps. If you're just making a voip call, there shouldn't be any
call quality problems due to asymmetric, moderate bandwidth streams in
both directions.

However, asymmetric routing in which the outbound and inbound calls take
different routes with different packet loss, delay and jitter is a real
problem.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] O.T.VoIP and Satellite

[Mike C.]

 Actually it is quite interesting, I also have Vonage, it did not work at
 all
 well when we first move here, voice in both directions was terrrible, and
 Vonage said that they knew it would not work, so we were expecting
 that, we did not use the Vonage service to the point that I was going
 to ship back all but one device and keep it for grins on the cheapest
 rate, but now the Vonage phones work just fine, so I am really flum-
 moxed.

 That's an interesting twist..


 I was looking a where to change the codec for the cellular side, but
 I do not see where to do it for the cellular side of the phone.

 The uCell just acts like a mini base station, the phone registers with
 it and carries on just as though it was talking to the big ones out on
 the towers and other structures. There are NO knobs on the uCell,
 indeed when I was talking to the ATT CSR, I told him that it sure
 would be nice to have a small web server where you could at least
 link to the thing and watch as it did whatever it does on re-start. Mine
 is in a higher part of the house so I can not see the indicators on the
 front (well now I can I put a IP camera up looking at it so when i am
 asked to tell them what I see I do not have to go running up there I
 just bring up the video) when I am down in front of the computer.


If there's no software menu for either the mCell or the phones then there
won't be a way to change the voip codec. I thought you were using a
cellular smartphone running a VOIP over wifi app.


 The testing I have done are with some numbers that you dial as it
 is from a cell phone and i am testing the cellular stream not the
 VoIP stream from a app to stream over WiFi.

 I was looking at the BW going through my router, when I have a call
 running it is about 27Kb. It is not much, when I am not home the
 modem will show maybe 100KB of data flow during the day from
 my wife using the phones, so they do not pull too much.


As I would expect.




 I went to the 8 x 8 sight and got a 'plugin not supported on
 Chrome, that is the second speed test site that gives me that
 error.


 I ran into the same problem. Iceweasel browser with the IcedTea web plugin
will do the trick.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] O.T.VoIP and Satellite

[Mike C.]

 Here is another test of the link the jitter has dropped down quite a
 bit still not good enough for VoIP, but better.


 Speed test statistics
 -
 Download speed: 3864 kbps
 Upload speed: 894 kbps
 Download consistency of service: 55 %
 Upload consistency of service: -- %
 Download test type: socket
 Upload test type: POST
 Maximum TCP delay: 933 ms
 Average download pause: 7 ms
 Minimum round trip time to server: 1 ms
 Average round trip time to server: 1 ms
 Estimated download bandwidth: 13010 kbps
 Route concurrency: 3.3666103
 Download TCP forced idle: 0 %
 Maximum route speed: 524280 kbps

 VoIP test statistics
 
 Jitter: you -- server: 166.8 ms
 Jitter: server -- you: 3.1 ms
 Packet loss: you -- server: 0.0 %
 Packet loss: server -- you: 0.0 %
 Packet discards: 73.0 %
 Packets out of order: 0.0 %
 Estimated MOS score: 1.1


 General information
 ---
 IP address: 72.168.141.72
 Local time: Dec 30, 2014 11:19:37 AM
 Test server: http://voiptest.8x8.com:82/

 Here it is with a 729 codec simulation:


 Speed test statistics
 -
 Download speed: 3557 kbps
 Upload speed: 896 kbps
 Download consistency of service: 21 %
 Upload consistency of service: -- %
 Download test type: socket
 Upload test type: POST
 Maximum TCP delay: 1242 ms
 Average download pause: 8 ms
 Minimum round trip time to server: 1 ms
 Average round trip time to server: 1 ms
 Estimated download bandwidth: 4777 kbps
 Route concurrency: 1.3429916
 Download TCP forced idle: 0 %
 Maximum route speed: 524280 kbps

 VoIP test statistics
 
 Jitter: you -- server: 106.9 ms
 Jitter: server -- you: 2.9 ms
 Packet loss: you -- server: 0.0 %
 Packet loss: server -- you: 0.0 %
 Packet discards: 65.8 %
 Packets out of order: 0.0 %
 Estimated MOS score: 1.4


 General information
 ---

 Note that the Jitter has dropped, not sure if that is going from 711 to 729
 but I will do more testing.


This is good information and a good start. Yes, the jitter did drop and I'd
expect it to for g.729 since it requires less bandwidth. Even though at 90
Kbps, it's using approx. 10% of the available bandwidth.

The bigger concern for me though is packet discards = 65.8% The VOIP
server will discard packets it receives too late and that it can't use.
This indicates the delay is too high between you and the VOIP server.

It's too bad that only max and not avg tcp delay is provided. As it is, max
tcp delay of 1242 ms is way out of tolerance for VOIP.

You could provide this data to HughesNet and see what they can do. Maybe
there is some way they can clean up the sat-link?

I'd be curious to see test results from say midnight or after. If there's
congestion on the Sat uplink side, that could delay the packets enough for
the VOIP server to discard them.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] O.T.VoIP and Satellite

[Mike C.]

 --

 Message: 8
 Date: Sun, 28 Dec 2014 23:05:21 -0800
 From: Chuck Hast wch...@gmail.com
 Subject: [PLUG] O.T.VoIP and Satellite
 To: Portland Linux/Unix Group plug@lists.pdxlinux.org
 Message-ID:
 
 cadnfbv8dmg_x4oqrl8edtq1mz1z8cmonhqghmuhqnaayfvd...@mail.gmail.com
 Content-Type: text/plain; charset=UTF-8

 Folks,
 This is a issue that I have been trying to figure out, and I have been
 talking to the two parties involved.

 I am a HughesNet user (that is all we have out in the woods here)
 I have been using a ATT microcell on the satellite link since July.

 When I moved here I was told that the microcell would probably not
 work, or at best with a lot of latency, well it did quite well, I always
 told people at the start of a call that I was on a satellite link and that
 there would be some delay, no issues.

 Then on the 15th of Dec the outbound audio went to trash. I can
 hear anything on the far end just fine, voice quality is good nothing
 missing. But the outbound sounds totally distorted if there is any-
 thing at all.

 ATT has been working with me on it, so far they do not see any-
 thing wrong with the microcell, HughesNet totally washes their
 hands, the thing that I have observed is that this whole thing took
 a dump after there was a DHCP assignment change ( Hughesnet
 seems to change them all the time) the other thing that I had noticed
 was that prior to that change, applications that tried to map your IP
 address to your location usualy showed me as being somewhere
 near Kansas City. Now they think I am near Chicago.

 Does anyone on the list have any experience with this sort of thing.
 I am going to see if I can get a hub on between the microcell and
 the rest of the network and try to sniff where it is talking to, then see
 if I do a traceroute to see what manner of delays I see on the link.

 In my miserable experience with VoIP, if there was a issue it always
 seemed like it showed up on both paths, but in this case it is only the
 outbound, so I am assuming that something is causing a delay there
 somewhere.

 The microcell comes on line and appears to be happy, but no joy
 with the outbound audio.




Hey Chuck - I'd start by going to this website and testing you VOIP
connection and hopefully get some useful data.
http://www.voipqualitytest.com/

With many years of Network Engineering work experience, I'd say it's highly
unlikely this problem is caused by a DHCP assignment change. Especially if
the only change in your internet connection is outbound voip call quality.

I also wouldn't put too much into geo-ip mapping either. ISPs are assigned
blocks of ip addresses from IANA and those assignments are not
geographically based. Geo-ip location takes extra logic, such as Google's
My Location service which requires a browser that supports W3C's Geolcation
API. Google also makes use of it by getting your web browser to provide
information an wifi access points nearby.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Centos on Comcast ipv6to4 Help

[Mike C.]

 This tool reports fail.  No IPV6 connectivity.
 I thought the whole point of IPV6to4 (or is it IPV4to6) was that ipv4
 clients could access servers transparently.  Afterall, a significant
 number of client stations in the world are still IPV4.


Given the behavior you've described this is much more likely a port
forwarding problem than a ipv6 problem, especially given the following
information:

Re: IPv6 and DCP3939
Options
http://forums.comcast.com/t5/Home-Networking-Router-WiFi/IPv6-and-DCP3939/td-p/2084758#

‎03-20-2014 04:41 PM

DPC3939 will be removed from mydevice info for v6 support we found some
issues with it..
Senior Network Engineer, Comcast
v6 Project

(
http://forums.comcast.com/t5/Home-Networking-Router-WiFi/IPv6-and-DCP3939/td-p/2084758
)

**
Re: Port Forwarding not working on DPC3939...What gives?
Options
http://forums.comcast.com/t5/Home-Networking-Router-WiFi/Port-Forwarding-not-working-on-DPC3939-What-gives/td-p/2290579#

‎10-23-2014 08:07 PM

To enable port forwarding on the DPC3939 you need to go into the parental
controls -managed devices and allow your device,



Parental controls blocks everything by default.



When I called comcast support about port forwarding they never mentioned
this.
(
http://forums.comcast.com/t5/Home-Networking-Router-WiFi/Port-Forwarding-not-working-on-DPC3939-What-gives/td-p/2290579
)

I hope that is helpful. Good luck.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] outdoor CAT5e

[MIke C. (Tech. Coord.)]

Graybar comes to mind, http://www.graybar.com/locations/or/portland. Seeing
as they specialize in high-quality electrical supplies, communications and
data networking products, it's hard to imagine that you could find a
better selection and/or price anywhere else in Portland. Although they
might sell in larger quantities than you need...

On Thu, Sep 25, 2014 at 8:48 PM, Jason Bergstrom ber...@bergie.net wrote:

 I would also look at Home Depot/Lowes. My recollection is that Home
 Depot has it, and is cheaper than Fry's (which also has it). Both are
 more expensive than Amazon (if there was no requirement to have it today).

 Jason,
 ber...@bergie.net

 On Thu, Sep 25, 2014 at 03:01:50PM -0700, John Bartley K7AAY
 j...@503bartley.com wrote:
  Try Platt Electric 800-25PLATT
  ___
  PLUG mailing list
  PLUG@lists.pdxlinux.org
  http://lists.pdxlinux.org/mailman/listinfo/plug
 ___
 PLUG mailing list
 PLUG@lists.pdxlinux.org
 http://lists.pdxlinux.org/mailman/listinfo/plug

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Internet speed test, ping, traceroute (was Limited ... Comcast)

[Mike C. (tech coordinator)]

On 08/26/2014 01:52 PM, Keith Lofstrom wrote:
 On Tue, Aug 26, 2014 at 08:11:51AM -0700, Dick Steffens wrote:
 On 08/25/2014 09:50 PM, Keith Lofstrom wrote:

 When Verizon offered FIOS, I was outa there. So far, besides the
 escalating prices, I have been happy with the 15M/5M they offer, and
 500 microsecond ping times to friends on the other side of Beaverton
 is kinda cool.
 What tool do you use to test your speed? I've run the tool on
 speedtest.net a number of times. This morning, around 8:00, I got 28.48
 Mbps download speed, 5.30 Mpbs upload speed, and a 12 ms ping.
 I also use internet speed test.  Their ping numbers are useless, because
 their OOKLA servers are chosen geographically, not by routing distance.
 If packets are going between ComCan't and FrontRear, for example, they
 pass through Seattle (probably) or Oakland (maybe) and half a dozen
 switches, even if they are going to your next door neighbor (on a
 different service).  If the packets go through the same fiber switch,
 to other customers using the same service in the same area, you are
 mostly seeing packet queueing delay through the switch, very small.

 For ping times, I use linux ping(8).  When I want details of the path
 the packets take, I use linux traceroute(8).  The latter can be messy,
 because packets can take many routes from here to there.

At this risk of being to network engineering technical for a Linux/Unix 
mailing list, I will suggest my tool of choice when troubleshooting 
network performance problems; Iperf.

Iperf is a tool to measure maximum TCP bandwith and allows for the 
tuning of various parameters and characteristics of UDP. It is the only 
tool that I know of that actually tests true throughput on the wire 
between to network nodes.

Some ISPs even support Iperf so you can test throughput to your ISP's 
internet gateway. Any testing to any points beyond that is highly 
suspicious and subject to change based on many variables outside of your 
or in many cases your ISP's control.

Anyway, with all that being said, I love to geek out on network 
bandwidth performance tuning and here's a great tutorial for using some 
tools for doing just that!

http://www.cyberciti.biz/faq/linux-unix-test-internet-connection-download-upload-speed/

-- May your IP packets have the wind at their back and the light in 
their 1's and 0's...




___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Samsung S5 and Ubuntu 12.04,

[MIke C. (Tech. Coord.)]

https://github.com/hanwen/go-mtpfs - also my first exposure to go, which is
pretty darn neat!) that uses FUSE and still lets me mount the device and
access its filesystem.

Chris - I just became familiar with FUSE as it's used to mount the Synology
backup
hard drive to our Linux server.




On Wed, Aug 20, 2014 at 8:10 PM, chris (fool) mccraw gen...@gmail.com
wrote:

 On Tue, Aug 19, 2014 at 3:55 PM, Chuck Hast wch...@gmail.com wrote:

  On my 12.04 it is pretty fast. I wonder why they abandoned the USB
  block mode?


 it's not about ubuntu version - it's about android (v4 i guess?).  i too
 loved the hey it's a hard drive! situation.  I use something other than
 gMTP (something else MTP-related - ah, there it is:
 https://github.com/hanwen/go-mtpfs - also my first exposure to go, which
 is
 pretty darn neat!) that uses FUSE and still lets me mount the device and
 access its filesystem from the command line (or i suppose a file browser
 like nautilus, though i never use those) after some convolutions.
 ___
 PLUG mailing list
 PLUG@lists.pdxlinux.org
 http://lists.pdxlinux.org/mailman/listinfo/plug

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Laptop Recommendations

[MIke C. (Tech. Coord.)]

I don't know specifically what specs, tech support/warranty, price, etc in
a new Linux laptop but I've been very happily running Debian/Ubuntu on used
 refurbished Lenovo laptops for almost a decade. I've found the Lenovo
hardware to very well supported. Nary a problem w. the exception of
wireless nic drivers a few years ago in which I had to go hunting around
for the correct driver. In the end I just learned more about Linux and
installing drivers! =)

I prefer to do my own install instead of paying a couple hundred extra $ to
a Linux reseller for similarly spec'd laptop as ThinkWiki is a really great
resource for installing Linux on Thinkpads!
http://www.thinkwiki.org/wiki/ThinkWiki

Also, Canonical works closely with *Lenovo* to certify Ubuntu on a range of
their hardware.
http://www.ubuntu.com/certification/desktop/make/Lenovo/?category=Laptop

And Linuxcertified (http://www.linuxcertified.com/linux-laptop-lctp.html)
sells Lenovo laptops w. Linux pre-installed.

Cheers!




On Thu, Aug 14, 2014 at 12:04 PM, John Jason Jordan joh...@comcast.net
wrote:

 On Thu, 14 Aug 2014 08:54:02 -0700
 Mark Phillips m...@phillipsmarketing.biz dijo:

 I think I will look some moremaybe alienware or asus.

 Don't forget System76, Emperor, and various other Linux laptop vendors.
 ___
 PLUG mailing list
 PLUG@lists.pdxlinux.org
 http://lists.pdxlinux.org/mailman/listinfo/plug

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] DHCP, NetBios, and identifying machines by name

[MIke C. (Tech. Coord.)]

I think that nsswitch.conf, /etc/hosts and winbind is want you want to use.

The Name Service Switch (NSS) configuration file, */etc/nsswitch.conf*, is
used by the GNU C Library to determine the sources from which to obtain
name-service information in a range of categories

If one or a few computers need to get name resolution for few other
computers then an /etc/hosts file on each computer makes sense if computer
network addresses and network topology are gong to remain fairly static and
updating the /etc/hosts file on a few computers isn't so bad and a DNServer
isn't necessary.

If you're using a DHCP server, you might be able to do DHCP reservation, if
your network device (wifi router) supports it, which would provide static
ip addresses for using /etc/hosts file for name resolution without
configuring static ip addrs on every computer on the network.

All a DNserver does is centralize updating of hostname/ip pairs and name
resolution lookup.

As this article will also state you don't need the SMB service to be
running for Linux computers to do name lookups of Windows computers, but
the Samba package inlcludes winbind which you can enable as a name lookup
service in nsswitch.conf.

However, if the ip addr of the windows box is not changing then winbind
isn't necessary.

https://www.zulius.com/how-to/resolve-windows-netbios-names-from-linux/

Hope that makes sense and is helpful!

Cheers,

Mike








On Sun, Aug 10, 2014 at 11:23 AM, Dale Snell ddsn...@frontier.com wrote:

 On Sun, 10 Aug 2014 10:24:09 -0700
 t...@wescottdesign.com wrote:

  Now I can see Servo from this computer, and I can get to its files
  using Samba, but all the pure linux apps can't identify it by name
  -- even though I can ping my wife's Windows machine by name!!!
 
  Does anyone know how to resolve this?  We use the office machine as
  our svn server and I have my kid writing software for me this
  summer.  If worse comes to absolute worst I'll just assign the thing
  an ethernet address off the router's DHCP table, but I'd rather not
  have to manage a bunch of fixed IP addresses if I can help it.


 Check /etc/hosts and /etc/hostname.  They should look something
 like this:

 /etc/hosts:

 127.0.0.1   servo servo.local localhost localhost.local localhost4 \
 localhost4.local4
 ::1 servo servo.local localhost localhost.local localhost6 \
 localhost6.local6


 /etc/hostname:

 servo.local


 That should be sufficient.  If not, I'm sure someone will let us
 know.  :-)

 Hope this helps.

 --Dale

 --
 Penn's aunts made great apple pies at low prices.  No one else
 in town could compete with the pie rates of Penn's aunts.

 ___
 PLUG mailing list
 PLUG@lists.pdxlinux.org
 http://lists.pdxlinux.org/mailman/listinfo/plug


___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Migrate Ubuntu Server / install to /home. /var, /opt, etc install?

[MIke C. (Tech. Coord.)]

Thanks all for the ideas and input! I think creating a test environment and
ironing out all the details is very important and smart thing to do.

Another idea, since there's no hot spare hard drives is to install a new
hard drive partitioned they way I want it and move everything over to it.
Repartition the old hard drive, clone/mirror the new drive to the old drive
and keep it as a hot spare.


On Fri, Aug 8, 2014 at 12:31 PM, Robert Citek robert.ci...@gmail.com
wrote:

 On Fri, Aug 8, 2014 at 10:09 AM, Bill Barry b...@billbarry.org wrote:
  On Fri, Aug 8, 2014 at 9:24 AM, Robert Citek robert.ci...@gmail.com
 wrote:
  On Thu, Aug 7, 2014 at 6:33 PM, Bill Barry b...@billbarry.org wrote:
  Boot to a live disk.
  Use resize2fs to shrink the current partition,
 
  resize2fs will only shrink the filesystem, not the partition.  You'll
  still have to use fdisk or gparted for making the partition a bit
  larger than the filesystem.
 
  create the new partitions,
 
  At this point you may want to consider LVM.
 
  boot up,
 
  Is this reboot needed?
 
  I think you need to reboot or run partprobe at this point. You also
  need to create the filesystem after the partitioning.
  And if you move the boot partition you should update grub.

 Good points.  The devils in the details. Would be nice to simulate the
 process in a VM.

 Regards,
 - Robert
 ___
 PLUG mailing list
 PLUG@lists.pdxlinux.org
 http://lists.pdxlinux.org/mailman/listinfo/plug

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Migrate Ubuntu Server / install to /home. /var, /opt, etc install?

[MIke C. (Tech. Coord.)]

One of the of the worst nightmares of a new incoming SysAdmin has to be
having the server not be accessible because the previous SysAdmin thought
it was good idea to only have a root partition and then some backup script
fails and spools up on the local drive, or there's a bug, virus, etc and /
fills up.

Asking people who have direct experience with resolving this nightmare what
the best method is of migrating a production server install on a single /
partition to a multi-partitioned install.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Migrate Ubuntu Server / install to /home. /var, /opt, etc install?

[MIke C. (Tech. Coord.)]

Can you expand on the description of your environment?  Do you have
two servers (one with the single partition and another with multiple
partitions)?

-- I wish it was only 1 server that was set up this way, but unfortunately
it is two servers and they both only have 1 hard drive and 1 large /
partition.

And, given that this is a server, you may want to consider using
logical volumes instead of partitions.

- On a new install, I would certainly use LVM as it has many advantages,
however I don't know how to get there from here without the intermediary
step of re-partitioning.

If there is a way, I'd love to know about it.


On Thu, Aug 7, 2014 at 5:27 PM, Robert Citek robert.ci...@gmail.com wrote:

 On Thu, Aug 7, 2014 at 1:24 PM, MIke C. (Tech. Coord.)
 mike.conn...@albertagrocery.coop wrote:
  Asking people who have direct experience with resolving this nightmare
 what
  the best method is of migrating a production server install on a single /
  partition to a multi-partitioned install.

 Can you expand on the description of your environment?  Do you have
 two servers (one with the single partition and another with multiple
 partitions)?  Or do you have a single system with two disks (one with
 the single partition and another with multiple partitions)?  Or do you
 have a single system with a single disk with the old single partition
 and a bunch of new partitions?  Or something else?

 And, given that this is a server, you may want to consider using
 logical volumes instead of partitions.

 Regards,
 - Robert
 ___
 PLUG mailing list
 PLUG@lists.pdxlinux.org
 http://lists.pdxlinux.org/mailman/listinfo/plug

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Network puzzle

[MIke C. (Tech. Coord.)]

Could the auto-negotiate depend on the order in which things are turned
on?

In a decade of working intensively with speeds of ethernet, I have never
seen this to be the case. Auto-neg is a sold standard that has been very
well tested
and implemented. Any network device made in at least the past 15 years
should default to auto-neg on.

With that being said, if there is a cabling fault or a NIC is failing  that
could certainly cause two net devices to not auto-negotiate.

It's really easy to check eth speed/dup/auto-neg on the linux box side with
ethtool:

~$ ethtool eth0

Settings for eth0:
Supported ports: [ TP ]
Supported link modes:   10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supported pause frame use: No
*Supports auto-negotiation: Yes*
Advertised link modes:  10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised pause frame use: Symmetric
*Advertised auto-negotiation: Yes*
Link partner advertised link modes:  10baseT/Half 10baseT/Full
 100baseT/Half 100baseT/Full
Link partner advertised pause frame use: Symmetric
*Link partner advertised auto-negotiation: Yes*
Speed: 100Mb/s
Duplex: Full



On Thu, Jul 31, 2014 at 6:22 PM, Bill Barry b...@billbarry.org wrote:

 It could be as Neal suggests an auto-negotiate problem.  This system was
 working and then with no physical changes, stopped working. Could the
 auto-negotiate depend on the order in which things are turned on?

 Bill


 On Thu, Jul 31, 2014 at 12:40 AM, Neal nsed...@gmail.com wrote:

  Minor point -- the WRT54G is also not gigabit. :-)
 
  Major question -- do you have any of the switches or devices set to a
  specific speed or are they all auto-negotiate?
 
  NealS
  ___
  PLUG mailing list
  PLUG@lists.pdxlinux.org
  http://lists.pdxlinux.org/mailman/listinfo/plug
 
 ___
 PLUG mailing list
 PLUG@lists.pdxlinux.org
 http://lists.pdxlinux.org/mailman/listinfo/plug

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Linux pre-installed work computer recommendations?

[Mike C.]

I'm beginning the search for a new Linux workstation now that I've
convinced some unwitting victims to pay me for Linux/Network admin work at
my new job and I'm curious if anyone has any direct experience with the
following:

1. Trisquel GNU Linux - I really like that they're a non-profit producing
truly free distro.

2. Thinkpenguin - I like their wee  pocket wee boxes. Especially given my
micro work space. They also donate part of their profits to Trisquel.

3. Los Alamos Computers - 100% free software and Lenovo hardware w. 5 yr
warranty. I've been nothing but very satisfied and happy with the
Debian/Ubuntu Linux  IBM/Lenovo combo!

Cheers!,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] . SELinux Audit Report (Rich Shepard)

[Mike C.]

 Message: 2
 Date: Sun, 20 Jul 2014 06:16:00 -0700 (PDT)
 From: Rich Shepard rshep...@appl-ecosys.com
 Subject: [PLUG] SELinux Audit Report
 To: p...@pdxlinux.org
 Message-ID: alpine.LNX.2.11.1407200611480.28801@localhost
 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

While logwatch.pl is still not being run from root's crontab, my manual
 running this morning starts with a log report I've not before seen:

   - Selinux Audit Begin 

   **Unmatched Entries** (Only first 10 out of 713 are printed)
type=1326 audit(1405757401.043:10184): auid=4294967295 uid=33 gid=33
 ses=4294967295 pid=16637 comm=sshd sig=31 syscall=102 compat=0
 ip=0xb73dd922 code=0x0
type=1326 audit(1405757404.968:10185): auid=4294967295 uid=33 gid=33
 ses=4294967295 pid=16639 comm=sshd sig=31 syscall=102 compat=0
 ip=0xb7383922 code=0x0

This looks to be reports of attempts to crack the network via sshd, yet
 these attempts are also found in the sshd section:

   - SSHD Begin 

   Disconnecting after too many authentication failures for user:
  admin : 103 Time(s)
  root : 610 Time(s)

   Failed logins from:
  61.174.50.235 (235.50.174.61.dial.wz.zj.dynamic.163data.com.cn): 153
 times
  61.174.51.196 (196.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 297
 times
  61.174.51.204 (204.51.174.61.dial.wz.zj.dynamic.163data.com.cn): 40
 times

What is the selinux audit telling me and how do I recognize when I need
 to
 respond to something in there?

 Rich

 -- Rich, this looks to me like pretty standard script kiddie brute force
 attacks on a public facing SSH server.


Figuring out what and how to respond to is going to be mostly a personal
learning experience that is going to depend on your personal security needs
and administrative overhead, that is the time and energy you're willing to
put in.

In this case, if you have a strong password that you feel confident won't
be cracked by dictionary attacks, then there isn't anything more you have
to do,

However, there are tools you can use to reduce the amount of time and
energy you expend on such activity.  DenyHosts and Fail2Ban are two such
tools that come to mind.

1. DenyHosts

*DenyHosts* is an open source log-based intrusion prevention security
script for SSH servers was written in* python* programming language that
intended to run by Linux system administrators and users to monitor and
analyzes SSH server access logs for failed login attempts knows as *dictionary
based attacks* and *brute force attacks*. The script works by banning
*IP* addresses
after set number of failed login attempts and also prevent such attacks
from gaining access to server.
DenyHosts Features

   1. Keeps track of */var/log/secure* to find all successful and failed
   login attempts and filters them.
   2. Keeps eye on all failed login attempts by user and offending host.
   3. Keeps watch on each existing and non-existent user (eg. *xyz*) when a
   failed login attempts.
   4. Keeps track of each offending user, host and suspicious login
   attempts (If number of login failures) bans that host *IP* address by
   adding an entry in */etc/hosts.deny* file.
   5. Optionally sends an email notifications of newly blocked hosts and
   suspicious logins.
   6. Also maintains all valid and invalid failed user login attempts in
   separate files, so that it makes easy for identifying which valid or
   invalid user is under attack. So, that we can delete that account or change
   password or disable shell for that user.

2. Fail2Ban

*Fail2ban* is one of the most popular open source intrusion *detection*/
*prevention* framework written in *python* programming language. It
operates by scanning log files such as*/var/log/secure*, */var/log/auth.log*
, */var/log/pwdfail* etc. for too many failed login attempts. Fail2ban used
to update *Netfilter/iptables* or *TCP Wrapper’s* hosts.deny file, to
reject an attacker’s *IP* address for a set amount of time. It also has a
ability to unban a blocked IP address for a certain period of time set by
administrators. However, an certain minutes of unban is more enough to stop
such malicious attacks.

There's also a couple of other things you can do to seriously reduce the
number of brute force login attempts to your SSH Server. One is to use a
different port# other than the standard port# that the SSH server listens
on. Another one is to disable password logins and to only use SSH keys
instead. And lastly you can specify the ip address(es) that login attempts
will be allowed from.

You should be able to find ample how-tos on the interwebz for doing all
three of these.

Hope that's helpful.

Cheers,

Mike

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Debian firewall for newbies? (elcaseti .)

[Mike C.]

 Message: 1
 Date: Sat, 19 Jul 2014 11:23:56 -0700
 From: elcaseti . elcas...@gmail.com
 Subject: Re: [PLUG] Debian firewall for newbies?
 To: Portland Linux/Unix Group plug@lists.pdxlinux.org
 Message-ID:
 
 cactdran2mfj4tfox7cuyp1dlkye_fhn1m0c-xbwnsctypsm...@mail.gmail.com
 Content-Type: text/plain; charset=ISO-8859-1

 Leopard flower looks like exactly what I want.  Too bad it is an abandoned
 project.  Does anybody know of a similar firewall that is still developed?

 Mange Takk


 I'd recommend the Uncomplicated FireWall front-end to iptables. It's very
 simple syntax and if your command line shy, there's even a gui verson.


https://help.ubuntu.com/community/UFW



Also, taking your newbie-ishness into consideration, it's worth noting
that installing a firewall and securing a server are 2 very different
things. Debian has a harden package,
http://www.debian.org/doc/manuals/securing-debian-howto/ch-automatic-harden.en.html
and also a a detailed how-to on securing Debian.
http://www.debian.org/doc/manuals/securing-debian-howto/

I hope that is helpful!

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Hughes net

[Mike C.]

 Message: 1
 Date: Sat, 28 Jun 2014 18:21:41 -0700
 From: Keith Lofstrom kei...@gate.kl-ic.com
 Subject: Re: [PLUG] Hughes net
 To: Portland Linux/Unix Group plug@lists.pdxlinux.org
 Message-ID: 20140629012141.ga17...@gate.kl-ic.com
 Content-Type: text/plain; charset=us-ascii

 On Fri, Jun 27, 2014 at 12:07:49PM -0700, Chuck Hast wrote:
  The new place I have moved to only has internet access via Huges
  Net (ugh!) I am using a router behind their router/radio. According
  to the info I have googled, this thing is supposed to assign addresses
  in the 192.168.0.x address range with the router being 192.168.0.1
  It only allows for 5 IP assignments, so I have put a router running
  OpenWRT behind it, I notice that it gives out a IP assignment of
  100.119.170.x with the GW being 100.119.170.1, also when I plug
  a linux box into the device it gets a assignment in that block of
  addresses. BUT when the field service guy plugged his windows
  box into the Huges box it gave him a 192.168.0.x address, what
  goes here? I googled this and all indicates that the box is supposed
  to hand out 192.168.0.x addresses, there are several admonitions
  that you need to make sure (for obvious reasons) that your local
  router does not use the 192.168.0.x subnet due to the HughesNet
  device using it as the default (I always change those things to some
  other subnet because .0.x and .1.x are the most common defaults.
 
  Why does this device hand out 100.119.170.x addresses (looks like
  routable addresses) to the linux box or the router but 192.168.0.x
  addresses to the windows box?


Have you worked through the steps in the How to configure your home
network article? http://customer.kb.hughesnet.com/Pages/1189.aspx

Because until you do that there really isn't much help the PLUG mailing
list can offer you. Although many of us here, including myself have a lot
of experience with wired/wireless networks and OpenWrt, we're not Hughesnet
tech support and do not know the particulars of how they do things.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] ntpd and subnet

[Mike C.]

 Message: 1
 Date: Tue, 24 Jun 2014 10:49:20 -0700 (PDT)
 From: Rich Shepard rshep...@appl-ecosys.com
 Subject: [PLUG] ntpd and subnet
 To: p...@pdxlinux.org
 Message-ID: alpine.LNX.2.11.1406241036270.2555@localhost
 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

The ethernet-connected hosts here have static IP addresses. The wireless
 access point serves dynamic IP addresses on a different subnet. Only two
 portables use the WAP and both have a time keeping issue: each machine
 gains
 time and can get days ahead.

  I've set up one of the laptops to use na.pool ntp servers but it still
 keeps gaining time. My Web searches and thread on linuxquestions.org have
 produced no solution for the one laptop; just this morning I saw the second
 has the same problem and realized the common factor is wireless
 connectivity.

Any ideas of why only the portables connecting via the WAP keep gaining
 time would be much appreciated. Also, any diagnostics or tests I can run to
 isolate the source of the problem would be good.

 TIA,

 Rich


Rich, your best tools here are going to be logging and using the ntp
commands to get some information back from the ntp daemon.

The first thing I'd do is setup logging. If NTP is failing to startup your
log file should be littered with error messages.

Create an empty log file with: touch /var/log/ntp.log  and then enter the
line logfile /var/log/ntp.log into your ntp.conf and restart ntpd.

What is the output of the command ntpq -p and ntpq -n right after boot up?

To the best of my knowledge, NTP is not a try once, fail and never try
again. However, I do know they it will only try DNS resolution of the NTP
servers once. So you can also try entering the ip addresses of your chosen
NTP servers into ntp.conf to see if that's what is happening.

My debian based laptop connects to internet ntp servers over wireless and
is often suspended or off for days with no clock drift problems like you're
experiencing.

However, you can add these lines to your ntp.conf to

server 127.127.1.0
fudge 127.127.1.0 stratum 10

The fudge 127.127.1.10 stratum 10 directive is a “dummy” server acting as
fallback IP in case the external time source becomes momentarily
unreachable. When this happens, NTP will continue to work and base itself
on this “internal” server.

Good luck and I hope some of this is helpful to you.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] : IPSET on system boot or network start/restart/reload (Debian)

[Mike C.]

 Anyone have experience with using IPSET on Debian?  I'm pretty new to
 Debian and my Google Foo seems to be barred from finding decent answers.
 This is my second or third go-round looking for it.  In fact I saw my
 earlier posting to the list about this.

 So any pointers, clue-sticks, etc. would be appreciated.


 \\||/
 Rod


I've been running Debian for about a decade now, hadn't heard of this and
was curious about it. A quick google search returned 3 useful articles:

http://daemonkeeper.net/781/mass-blocking-ip-addresses-with-ipset/

 http://www.linuxjournal.com/content/advanced-firewall-configurations-ipset
 http://blog.robin.smidsrod.no/2011/10/07/autoblock-sshd-dictionary-attacks


-- HTH
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Finding RHCSA jobs (Daniel Hedlund)

[Mike C.]

 On Wed, Mar 5, 2014 at 11:04 AM, Pete Lancashire p...@petelancashire.com
 wrote:

  This should be moved to plug-jobs so this is all I'll say here
 

 I would think that discussions about the best places to look for
 Linux-related job listings would be acceptable on this list, or plug-talk.
  The plug-jobs list is used almost exclusively for posting job
 opportunities; it's moderated so discussions don't work very well there (I
 help moderate it and I only check once every day or two).

 If memory serves there used to be a description for each of the
mailing-lists and I though it went something like this.

PLUG = All things Linux related.
PLUG-TALK = For PLUG members to discuss anything non-Linux related.
PLUG-JOBS - Linux/Unix job postings in the Portland metro area.

Personally, I feel like unless something is blatantly off-topic and/or
toxic to the the healthy and functional discussion of all things Linux
there's no reed to force people to move threads unless there's many
complaints about the person and/or topic.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Network confusion

[Mike C.]

snip

And that's where strange things happen. While it appears to be working
fine, I cannot get into its admin page with Firefox. The ifconfig
command now returns:

eth0  Link encap:Ethernet  HWaddr 00:90:f5:ef:f2:59
  inet6 addr: fe80::290:f5ff:feef:f259/64 Scope:Link
  UP BROADCAST MULTICAST  MTU:1500  Metric:1
  RX packets:224 errors:0 dropped:12 overruns:0 frame:0
  TX packets:89 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:48950 (48.9 KB)  TX bytes:12754 (12.7 KB)

eth1  Link encap:Ethernet  HWaddr 00:23:54:8c:65:20
  inet addr:192.168.0.126  Bcast:192.168.0.255
Mask:255.255.255.0 inet6 addr: fe80::223:54ff:fe8c:6520/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:55497133 errors:0 dropped:0 overruns:0 frame:0
  TX packets:74416205 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:8725814863 (8.7 GB)  TX bytes:65815244794 (65.8 GB)

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:65536  Metric:1
  RX packets:788901 errors:0 dropped:0 overruns:0 frame:0
  TX packets:788901 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:70046669 (70.0 MB)  TX bytes:70046669 (70.0 MB)

wlan0 Link encap:Ethernet  HWaddr 00:c2:c6:00:1e:1e
  inet addr:192.168.0.147  Bcast:192.168.0.255
Mask:255.255.255.0 inet6 addr: fe80::2c2:c6ff:fe00:1e1e/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:37562 errors:0 dropped:2 overruns:0 frame:0
  TX packets:11214 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:2950545 (2.9 MB)  TX bytes:1381951 (1.3 MB)


It seems counter-intuitive but what you have is an asymmetric routing
problem. Packets are going out to the linksys on 1 interface and coming
back in on the other and the 2 interfaces don't exchange packets between
themselves on the Linux box unless you configure policy routing.

To test this just try pinging the management ip addr of the linksys first
with both the eth1 and wlan0 up and then unlpug the ethernet cable from
eth1.

If you successfully ping the linksys mngmt ip addr over the wifi net then
you should be able to login to the admin page and make the necessary
changes.

Here's a link to the policy routing and an example of what it looks like if
that's something that interests you in the future.

http://pontus.ullgren.com/view/multiple_interfaces_on_the_same_subnet
__

uto eth2
iface eth2 inet static
   address 192.168.1.20
   network 1192.168.1.0
   netmask 255.255.255.0
   broadcast 192.168.1.255
   up ip route add 192.168.1.0/24 dev eth2 proto kernel scope link src
192.168.61.20 table 20
   up ip route add default via 192.168.1.1 dev eth2 table 20
   up ip rule add from 192.168.1.20 lookup 20

auto eth3
iface eth3 inet static
   address 192.168.1.21
   network 1192.168.1.0
   netmask 255.255.255.0
   broadcast 192.168.1.255
   up ip route add 192.168.1.0/24 dev eth3 proto kernel scope link src
192.168.61.21 table 30
   up ip route add default via 192.168.1.1 dev eth3 table 30
   up ip rule add from 192.168.1.21 lookup 30

_
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Wireless local network

[Mike C.]

 I need help setting up a local wireless network.

 I have a (long term borrowed) laptop on which I have installed Ubuntu
 12.04 running Unity.
 On my desktop I am running Ubuntu 12.04 w/Unity

 Wireless router is AirRouter.  I can get to the internet through the
 wireless without a
 problem.  I want to be able to read from and write to files on the
 desktop from the laptop.

 openssh-server and openssh-client are both installed on both machines.

 I ran into server refused connection. Web searching I see instructions to
 run:
 parents@R2D4:~$ sudo netstat -anp | grep sshd

 I get:
 tcp0  0 0.0.0.0:20220.0.0.0:*
 LISTEN  572/sshd
 tcp6   0  0 :::2022 :::*
 LISTEN  572/sshd

 If you don't get results, or they don't show you're listening on tcp
 0.0.0.0:22... fix that.

 I fixed that by changing the port in the client to 2022.

 Made progress, but now get Permission denied.  The client dialog box
 wants folder, user name and password, which I believe I have entered
 correctly.

 Ideas?

 Thanks,
 -Denis


I suspect that because you're using the non-standard ssh port that you will
need to use the -L option and possibly the -g option if the remote host
is also not listening on the standard ssh port #. In addition, running the
command with the -v option might yield some useful output.

*-L **port:host:hostport*Specifies that the given port on the local
(client) host is to be forwarded to the given host and port on the remote
side. This works by allocating a socket to listen to *port* on the local
side, and whenever a connection is made to this port, the connection is
forwarded over the secure channel, and a connection is made to *host* port
*hostport* from the remote machine. Port forwardings can also be specified
in the configuration file. Only root can forward privileged ports. IPv6
addresses can be specified with an alternative syntax: *port/host/hostpor*


eg.

ssh -vg -L 2022:localhost: user@remotepc

HTH!
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Network confusion

[Mike C.]

 After getting the Linksys working with the name 'linksys' the ifconfig
 command now shows eth0 (no traffic), eth1 (all my traffic), wlan0, and
 lo. Previously wlan0 did not appear. It appears that eth0 is not wlan0,
 but I don't know what it is or where it came from.


Following this thread is a bit a tricky so I'm not sure if you're still
having a problem logging into the new linksys router.

If you are, it's probably because it has the default ip of 192.168.1.1 and
not the ip addr assigned by the d-link via a dhcp mac addr reservation.

If that is the case, you'll need to connect to the linksys directly via an
ethernet cable or wifi and either have the linksys assign your laptop on
the 192.168.1.0 subnet or you'll have to set a static ip addr on your
laptop such as 192.168.1.2 or something.

Hopefully, that's helpful.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Printers and IP addresses

[Mike C.]

  The only problem is that the router doesn't see any of the printers,
 

 This is because you have set all the IP addresses for your printers
 manually. The router only tracks IP addresses for devices which have
 requested an IP from it.


Not exactly true. Any networked ethernet device will have at least a mac
table/arp cache that contains the ip address and mac address of locally
connected devices. The command arp -a from the command line will show you
what locally connected ethernet devices a printer, computer, switch or
router knows about.

A switch or a router contains a CAM table which lists the MAC addresses and
what ports they are known on. This is so that when ethernet frames come
into the switch/router, it knows which port to send the packets out in
unicast instead of broadcasting out all the ports like a hub.

Looking at the screenshot in this tutorial, the computer name can be an ip
address, which is very common practice with printers.
http://www.gilsmethod.com/how-to-reserve-ip-addresses-with-d-link-routers

If you don't see the mac or ip address listed then the network might be
segmented in some way. Can you ping the ip addresses of the printers? If
you can then they should be populated into the CAM table and be able to be
selected from the drop down menu.


  even though I turned them all on. Therefore, I can't see an easy way to
  reserve addresses for them. In each case the printer's IP address was
  set on its control panel. I suppose I could fumble around in their
  control panels to see if I could find a way to identify it to the
  router,

 You've already mitigated this by issuing a DHCP reservation for your
 other devices so they won't collide with your static assignments any
 more. However the next time you plug something in, it's only a matter of
 time before this happens again. You should segregate your IP address space
 such that devices configured statically are assigned addresses outside
 your router's DHCP range. You can change either the static IPs or the DHCP
 range (or both) to accomplish this.

 -wes


Yes, as Wes is saying, set your DHCP pool range to like .100 to .150 and
then just configure static ip addresses outside of that range. You'll just
have to document them or not and just ping what you think is the next
available, non-dhcp range ip address on your network.

Hope this makes some sense...

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Debian firewall for newbies

[Mike C.]

snip
 Carlos Aguayo wrote:

  Since you are interested in knowing what connections are active, you
  might be interested in an interactive firewall, so that you can
  build your trust list explicitly.  I have heard good things about this
  project, your mileage may vary:
 
   http://sourceforge.net/projects/leopardflower/
 
  Carlos

 That's more my mindset. The page also lists other projects with
 similar goals. I'll investigate further for an optimal solution.

snip



Ah, back in the day of M$ Win, i'd have suggested Kerio or Commodo. Once
they're installed they listen and then report on new network connections
and allow you to build the firewall ruleset on the fly by allowing or
denying each newly learned network connection.

The most functionally similar FOSS firewall I know of is
http://gufw.org/, which is a GUI front end to Uncomplicated Firewall (
https://help.ubuntu.com/community/UFW). Gufw does have a listening report
hat allows you to see active connections.

You can create rules from a preconfigured list of commonly known programs
such as amule and by service name such as ftp, ssh, etc since ufw reads
from /etc/services.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Debian firewall for newbies?

[Mike C.]

 snip
  Richard == Richard Owlett rowl...@cloud85.net writes:

 Richard What I want should be simple, block *EVERYTHING* except
 Richard email, newsgroup, and browsing with SeaMonkey or it's Debian
 Richard blessed counterpart. There will be occasional downloads fro
 Richard Debian repositories.

 Firewalls can't (generally) tell what application you are using.  All
 they really see is your network source/destination addresses and ports
 and such. snip


Firewalls generally work by traffic type such as email, voice over ip, etc
by using what are know as well known port numbers, port numbers up to 1024
that have been generally agreed upon and standardizes, also by
source/destination and days/hours of access.

 I can think of at least a half dozen firewall apps that are available on
Debian. Which one are you using? For a novice of firewalls, I'd recommend
guarddog or firestarter. They both have GUIs for configuring the firewall
and are easy to configure with very little customization and/or firewall
knowledge.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Networking in Linux Containers

[Mike C.]

snip

 I am experimenting with Linux Containers, as I would like to run several
 web servers without the overhead of proper virtualization.  I am using
 Oracle Linux 6.5 on both the host and the container.  I never got static IP
 addresses to work, so I instead gave the container a fixed reservation from
 the DHCP server.  It is now getting the desired IP address, and it's
 populating /etc/resolv.conf with the appropriate DNS servers.  I am able to
 SSH into the container, and ping around the local network and the internet
 from the container, but by IP only. DNS lookups work on all clients on the
 network, and from the host, but not from the containers; To be clear: I can
 ping Google by IP address, but ping won't resolve the hostname if I try
 pinging google.com.

 I do not have a local DNS (yet); That will come later when I install
 IdM/FreeIPA.  Right now, the DHCP server is issuing 8.8.8.8 and 8.8.4.4 as
 the DNS servers, and that works on all of the network clients in the house
 EXCEPT the Linux Containers. snip


Hey Tyrell - The first thing I'd suggest doing is to verify that you can
send a DNS request and receive a DNS response to/fro an Internet DNS
server. You can do this by running the nslookup command from a terminal
prompt.

You can do this 2 ways. If you don't set the server, nslookup will attempt
to make the query from the DNS servers specified in /etc/resolv.conf.

Even though your DHCP is configured with DNS server parameters, each DHCP
client has to request the DNS server ip addrs from the DHCP server.

So it could be that what's in the /etc/resolv.conf in the LXC container is
not what you think it should be.

So I would set the DNS server with server 8.8.8.8 after you enter the
nslookup command. Then at the  prompt just enter in yahoo.com or
whatever for the dns lookup test.

 e.g.

 $ nslookup

  server 8.8.8.8

 Default server: 8.8.8.8

 Address: 8.8.8.8#53

  yahoo.com

 Server: 8.8.8.8

 Address: 8.8.8.8#53


 Non-authoritative answer:

 Name: yahoo.com

 Address: 98.139.183.24

 Name: yahoo.com

 Address: 98.138.253.109

 Name: yahoo.com

 Address: 206.190.36.45


 HTH!
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Wireless Security and Access Protocols

[Mike C.]

On Fri, 20 Dec 2013, Paul Mullen wrote:


  I suspect it has less to do with the version of wicd, and more with the
  wpa_supplicant configuration on your system.  (wpa_supplicant is the
  software that handles all of the authentication for wireless networking.)
   http://w1.fi/wpa_supplicant/


  SNIP 

  The most secure mode and authentication supported by the Belkin are
WPA/WAP2-Personal (PSK) and WPA2-PSK.

   Wicd does not have these protocols on the version with Slackware-14.0. My
choices are:
WPA 1/2 Hex
WPA PEAP
WPA Password
WPA2 LEAP
WPA2 PEAP
 SNIP 

Rich - You can set the key management in the wpa_supplicant.conf file as
shown in the example below to wpa-psk.


QUICK EXAMPLES
   1. WPA-Personal  (PSK)  as home network and WPA-Enterprise with EAP-TLS
  as work network.

  # allow frontend (e.g., wpa_cli) to be used by all users in
'wheel' group
  ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
  #
  # home network; allow all valid ciphers
  network={
   ssid=home
   scan_ssid=1
   key_mgmt=WPA-PSK
   psk=very secret passphrase
  }
  #

http://manpages.debian.org/cgi-bin/man.cgi?sektion=5query=wpa_supplicant.confapropos=0manpath=sidlocale=en

You can also create a wpa_supplicant template for wicd to use. I've never
done this and I'm not real clear on how it all works, but it might be of
interest or help.

http://wicd.sourceforge.net/templates.php

HTH!

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Wireless Security and Access Protocols

[Mike C.]

snip

On Slackware-14.0 there's an /etc/wpa_supplicant.conf with two lines:

 ctrl_interface=/var/run/wpa_supplicant
 ctrl_interface_group=root

 and there is no wpa_supplicant in /var/run. Interesting.
 snip


The below is for SW 10, but I suspect if look at /etc/rc.d/rc.wireless for
the list of expected directories it should illuminate what is expected for
SW 14

The Slackware 10 rc scripts expect:

   - wpa_supplicant and wpa_cli to be in the same directory (see
   /etc/rc.d/rc.wireless for the list of expected directories)
   - the configuration file must be /etc/wpa_supplicant.conf
   - the control directory must be /var/run/wpa_supplicant

See more at http://perfec.to/wifi/slackware-wpa.html

Also, here's a good write up  on how to manually step through running the
wpa_supplicant and being able to watch it in action to see what it's doing.

http://www.slackware.com/~alien/slackbuilds/wpa_supplicant/build/README.slackware
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] (OT) DD-WRT Router Failed on Reboot

[Mike C.]

snip
Yes, I rebooted the laptop and still cannot connect to the router. I can
get to other routers and computers on the lan.

Actually I would say it is not acting as a router...I think it is dead in
 the water. I cannot access the internet, but I can access my local lan.

 Mark
 snip


If you can access your LAN but not get out of it than you have a
gateway/routing problem.

Other routers? What is your current default gateway on the laptop?

e.g.
:~$ netstat -rn

Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt
Iface
0.0.0.0 192.168.217.1

Are you sure the def gwy is in fact the dd-wrt box? What happens to def gwy
if you disconnect the dd-wrt box from the lan?

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Mythbuntu networking

[Mike C.]

snip From the machine where the music lives I can see the Jetway. Using
Nautilus I can open the Music directory on the Jetway. I can drag a folder
of music from the source machine to the Jetway and watch the progress bar
as the copy is being made. However, on the Jetway I don't find anything. I
tried looking at the folder with Thunar and also with a terminal window,
but nothing is there. Any idea what I'm missing? snip

-- Nautilus should work just fine for you in this situation. I came across
this interesting piece of information on a forum thread.

*Note:* Nautilus works best in 'pull' mode, (that is) copying from the
remote PC to your local PC. In 'push' mode (copying to a remote host) it
will often replace file date-stamps (due to a Nautilus and/or SSH/SFTP bug)
with today's time/date.

http://askubuntu.com/questions/157507/opening-the-file-browser-of-the-remote-machine-via-terminal-and-moving-files-aro



___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] : Renewable Energy Linux(/UNIX) Systems Adminitrator in Seattle

[Mike C.]

 3TIER, a leading provider of renewable energy information services,
 invites applications for a full-time Systems Administrator at its downtown
 Seattle headquarters.

 Hey Paul - Thank you for spreading the good work about this great
opportunity! In the future, could you please post any job opps to the
 Plug-Jobs mailing list (plug-j...@lists.pdxlinux.org).

This helps keeps job opps from getting lost in the main Plug digest emails
and ensures that only people who are subscribed to the plug-jobs email list
will get job opps messages.

Thank you!

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Ethernet Issues on Portables -- UPDATE

[Mike C.]

The Dell continues to behave strangely. For reasons beyond my
 knowledge, rc.inet1.conf lost the NO in the line 'use dhcp' for eth0.
 That's why resolv.conf was constantly being emptied. I modified the network
 configuration file and upon rebooting the resolv.conf contents were
 retained. But, for some (again) unknown reason, rc.inetd is not being run
 so there is no network deamon and no routes. Manually running
 /etc/rc.d/rc.inetd start restored the routes. If need be, I can duplicate
 that line in rc.local. It would be nice to learn why it's not being run
 during the boot process.

This still leaves one issue that I have not been able to resolve despite
 searching the Web for insights: eth0 has no carrier.


Rich - no carrier simply means there is no Ethernet signal for which to
carry data over. It's generally indicative of a physical layer issue, bad
cable, port nic, etc. However, if you've got a link light on both ends of
the Ethernet cable then all is well at the physical layer.

However, when you combine that with the rc.inetd  script not being run it
makes me wonder if you have the wrong nic driver/module. The reason I say
this is because if you look at the  rc.inet1.conf script, it will do
nothing if the nic kernel driver is not loaded.

# Function to bring up a network interface.  If the interface is #
already up or does not yet exist (perhaps because the kernel driver #
is not loaded yet), do nothing.

http://slackware.com/~alien/rc_scripts/rc.inet1

'lspci will list out the Ethernet and wireless network controllers

00:1f.3 SMBus: Intel Corporation NM10/ICH7 Family SMBus Controller (rev 02)
07:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188CE
802.11b/g/n WiFi Adapter (rev 01)
09:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 05)

Then if I run lsmod and grep on rtl for the Realtek nic, I can see the
kernel modules are loaded:

lsmod | grep rtl
rtl8192ce  56076  0
rtlwifi71765  1 rtl8192ce
rtl8192c_common43842  1 rtl8192ce
mac80211  171389  3 rtl8192c_common,rtlwifi,rtl8192ce
cfg80211  113445  2 mac80211,rtlwifi
usbcore   104555  8
ehci_hcd,uhci_hcd,usb_storage,ums_realtek,usbhid,rtlwifi,uvcvideo

I hope that helps point you in the right direction.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Digital cameras with wifi

[Mike C.]

 I tried doing a port scan of the Windows machine running the Sony app,
 but came up with nothing. The box says the camera is also DLNA
 certified, and I wonder if that may also play a role.

 It's generally not a huge hardship to transfer the files over USB, but
 I'm curious, and haven't run into any promising search results on the
 web yet.

 Scott


 From the Sony manual:
You cannot transfer images recorded on the internal memory using the
Wi-Fifunction (DSC-WX80/WX200
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Belkin N900 Not Seen at 192.168.2.1 = Russel S.

[Mike C.]

Russel = Having to modify the client device means you have already
failed.  It is supposed to be just works.

DHCP is built on a client-server model. DHCP allows but does not
require the configuration of client parameters not directly related to
the IP protocol.
http://www.ietf.org/rfc/rfc2131.txt


Russel = The Zhone/Paradyne DSL modems that Integra deploys are in
the latter category.  In fact, by default, they hand out leases over
the entire available address range (.2 through .254 in a /24).
Russel = *They don't bother to check whether the IP address is in use
(e.g. by pinging) before hand.* This makes trying to use static IPs on
these networks highly problematic

-- This behavior is not defined in the RFC.

The client SHOULD perform a final check on the parameters (e.g., ARP
for allocated network address), and notes the duration of the lease
specified in the DHCPACK message.  At this point, the client is
configured.  If the client detects that the address is already in use
(e.g., through the use of ARP), the client MUST send a DHCPDECLINE
message to the server and restarts the configuration process.


In manual allocation, a client's IP address is assigned by the
network administrator, and DHCP is used simply to convey the assigned
address to the client.

-- In other words the Network Administrator is responsible for either
specifying specific ip addrs for specific hosts or carving out a pool
of ip addresses that will be manually configured and not include them
in the DHCP dynamically assigned ip address pool.

-- In summary, I realize that many of the consumer market products
don't implement the DHCP RFC completely or that some ISPs may change
the features and functions as they see fit. I just want to be clear
where the problem lies, which is not with DHCP itself as much as the
lack of understanding of how it works, how it's configured and how it
may or may not be implemented by a hardware vendor or ISP.



On Thu, Aug 15, 2013 at 12:00 PM, plug-requ...@lists.pdxlinux.org wrote:

 Send PLUG mailing list submissions to
 plug@lists.pdxlinux.org

 To subscribe or unsubscribe via the World Wide Web, visit
 http://lists.pdxlinux.org/mailman/listinfo/plug
 or, via email, send a message with subject or body 'help' to
 plug-requ...@lists.pdxlinux.org

 You can reach the person managing the list at
 plug-ow...@lists.pdxlinux.org

 When replying, please edit your Subject line so it is more specific
 than Re: Contents of PLUG digest...


 Today's Topics:

1. Re: Belkin N900 Not Seen at 192.168.2.1 = Russel S.
   (Russell Senior)


 --

 Message: 1
 Date: Wed, 14 Aug 2013 17:47:42 -0700
 From: Russell Senior russ...@personaltelco.net
 Subject: Re: [PLUG] Belkin N900 Not Seen at 192.168.2.1 = Russel S.
 To: Portland Linux/Unix Group plug@lists.pdxlinux.org
 Message-ID: 86k3jn93v5@coulee.tdb.com
 Content-Type: text/plain; charset=us-ascii

  Mike == Mike C mconno...@gmail.com writes:

 Russell Not such a good idea, IMHO.  The access point dhcp server
 Russell is going to be giving itself out as the default route, unless
 Russell you can tell it otherwise.

 [...]

 Mike With that being said, the standard issue dhcleint,conf file
 Mike would request routers from the DHCP server and would need to
 Mike modified.

 Having to modify the client device means you have already failed.  It
 is supposed to be just works.

 Russell Also, some embedded dhcp servers listen for other dhcp
 Russell servers on the network before starting.  If they hear one,
 Russell they'll disable themselves.  Others, stomp right ahead
 Russell blindly.

 Mike I've been working with computer networks for 15 yrs and I have
 Mike yet to see this behavior.

 Let me tell you, I have.  And I'd be happy to introduce you to them.

 I wouldn't swear to it, but I think dnsmasq might do the former out of
 the box.  In any case, I know for certain I have seen this behavior
 multiple times, enough to learn to watch out for it.  Looking back
 through my notes, it might have been seen with a stock WRT54G and
 another device with OpenWrt dnsmasq.

 The Zhone/Paradyne DSL modems that Integra deploys are in the latter
 category.  In fact, by default, they hand out leases over the entire
 available address range (.2 through .254 in a /24).  They don't bother
 to check whether the IP address is in use (e.g. by pinging) before
 hand.  This makes trying to use static IPs on these networks highly
 problematic. It is just a matter of time before the helpful DHCP
 server cheerfully stomps on your carefully chosen IPaddr.  Just as a
 capper, Integra refuses to provide a login to let you configure the
 DSL modem yourself.  Which means, every trivial little change you
 might want to make requires a support call.


 --
 Russell Senior, President
 russ...@personaltelco.net


 --

 ___
 PLUG

Re: [PLUG] Belkin N900 Not Seen at 192.168.2.1 = Russel S.

[Mike C.]

Not such a good idea, IMHO.  The access point dhcp server is going
to be giving itself out as the default route, unless you can tell it
otherwise.

Russel - This is an incorrect understanding of how DHCP actually works. The
DHCP server is configured with various parameters such as: ip address
pools, subnet masks, dns servers, routers, etc. The dhclient.conf file is
where the DHCP client is configured to request and require specific
parameters such as routers.

 request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
#require subnet-mask, domain-name-servers;

With that being said, the standard issue dhcleint,conf file would request
routers from the DHCP server and would need to modified.

Also, some embedded dhcp servers listen for other dhcp
servers on the network before starting.  If they hear one, they'll
disable themselves.  Others, stomp right ahead blindly.

I've been working with computer networks for 15 yrs and I have yet to see
this behavior. I realize standards, like DHCP, are not always implemented
thoroughly or correctly, but having multiple DHCP servers on the same
network is often used in failure scenarios. The only thing that requires is
a correct overlap configuration of ip addresses.

 If you are doing this wan-port-trick at all, better to positively turn
off the
unneeded DHCP server,I think, to avoid the ambiguity.  Too many cooks
in the kitchen, etc

This all sounds to
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Wireless Routers/Access Points

[Mike C.]

 there is no configuration involved - just don't use the WAN port. POOF
your
 router has become an access point. when I do this, I also disable the
 internal DHCP server, to avoid conflicts with my previously existing DHCP
 server. but your situation is a little different.

 -wes


As far as I can see, there is really no good argument nor any advantage to
not do this. A true wifi access point is typically more of an enterprise
class device. It doesn't have a WAN port because it's designed just to
uplink the wireless network traffic to a switch/router and connect with the
rest of the enterprise network.

As Wes alluded to, the routing happens on the WAN port as a routers primary
purpose is to connect two separate ip subnets. So if you just connect your
Belkin via a switch port to your upstream switch/router and use static ips
for the devices hanging off the Belkin then you should be all set.

Ideally, the way I would configure this is have both wireless devices use
DHCP but have separate pools so there's no conflicts. So in your case this
might look something like:

Belkin N900: 192.168.2.1
Upstream Router: 192.168.2.103
Belkin N900 DHCP pool: 192.168.2.2 - 192.168.2.102
Upstream Route DHCP pool: 192.168.2.104 - 192.168.2.204
Netmask for all of this is: 255.255.255.0

This way you have plenty of ip addrs for each wifi ap switch/router device
that are clearly defined and easily remembered. You can even print out a
piece of paper with the ip nets and tape them to the device. If you want
configure a device with a static ip on one of the two ip nets, just ping ip
addrs in the dhcp pool from a computer that has an ip on that ip net to
find one that is not in use.

Or to even one step further, you can break those DHCP pools in half. For
example:

Belkin DHCP Pool: 192.168.2.2 - 192.168.2.52
Belkin Static ip addrs: 192.168.2.53. - 192.168.2.103

Let me know if I can be of any help in getting this all setup.

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Belkin N900 Not Seen at 192.168.2.1

[Mike C.]

After many months I'm finally setting up the Belkin Advance N900 wireless
router. It's connected via a cat5 cable directly to my laptop. The default
IP address for the Belkin is 192.168.2.1

Rich - Can you ping and get a response from the ip address of the Belkin.
If not, and you're directly connected to it, you must have an ip address on
the same subnet. Also, which port of the Belkin device are you connected
to? Hopefully, one of the LAN switch ports. If it responds to a ping, then
try telnet 192.168.2.1 80. That will tell you whether or not you connect
to the device via http in the event some configuration setting has disabled
that ability.


On Sun, Aug 11, 2013 at 10:54 AM, plug-requ...@lists.pdxlinux.org wrote:

 Send PLUG mailing list submissions to
 plug@lists.pdxlinux.org

 To subscribe or unsubscribe via the World Wide Web, visit
 http://lists.pdxlinux.org/mailman/listinfo/plug
 or, via email, send a message with subject or body 'help' to
 plug-requ...@lists.pdxlinux.org

 You can reach the person managing the list at
 plug-ow...@lists.pdxlinux.org

 When replying, please edit your Subject line so it is more specific
 than Re: Contents of PLUG digest...


 Today's Topics:

1. Default Route Lost When System Is Rebooted (Rich Shepard)
2. Re: Default Route Lost When System Is Rebooted [RESOLVED]
   (Rich Shepard)
3. Re: Ownerships and permissions mess (Richard England)
4. Re: Need 32-bit Debian based user (wes)
5. Belkin N900 Not Seen at 192.168.2.1 (Rich Shepard)
6. Re: Belkin N900 Not Seen at 192.168.2.1 (Dale Snell)
7. Re: Belkin N900 Not Seen at 192.168.2.1 (Russell Johnson)
8. Re: Belkin N900 Not Seen at 192.168.2.1 (Fred James)
9. Re: Belkin N900 Not Seen at 192.168.2.1 (Rich Shepard)
   10. Re: Belkin N900 Not Seen at 192.168.2.1 (Fred James)
   11. Re: Belkin N900 Not Seen at 192.168.2.1 (Rich Shepard)


 --

 Message: 1
 Date: Sat, 10 Aug 2013 12:54:40 -0700 (PDT)
 From: Rich Shepard rshep...@appl-ecosys.com
 Subject: [PLUG] Default Route Lost When System Is Rebooted
 To: p...@pdxlinux.org
 Message-ID:
 alpine.lnx.2.00.1308101251070.17...@salmo.appl-ecosys.com
 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

Last week I discovered that the default route for eth0 on the Sony Vaio
 went AWOL so I added it back. However, when the laptop was shut down and
 rebooted the default route was again missing.

Has anyone ideas on what might remove the default route when the system
 is
 shut down? I've not seen this happen before and the only changes were
 upgraded packages such as bind, php, and openssl.

 Rich



 --

 Message: 2
 Date: Sat, 10 Aug 2013 13:12:27 -0700 (PDT)
 From: Rich Shepard rshep...@appl-ecosys.com
 Subject: Re: [PLUG] Default Route Lost When System Is Rebooted
 [RESOLVED]
 To: p...@pdxlinux.org
 Message-ID:
 alpine.lnx.2.00.1308101309030.17...@salmo.appl-ecosys.com
 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

 On Sat, 10 Aug 2013, Rich Shepard wrote:

Has anyone ideas on what might remove the default route when the system
  is shut down? I've not seen this happen before and the only changes were
  upgraded packages such as bind, php, and openssl.

Please accept my apologies for cluttering your mailbox on such a nice
 summer Saturday afternoon. After posting my message I went back to looking
 for the source of the problem and found it; naturally, after sending the
 message, not before.

Apparently, when checking configuration files after upgrading packages I
 must have inadvertently changed one digit in the IP address of the default
 gateway in /etc/rc.d/rc.inet1.conf. Sigh. As there was no valid default
 gateway in the configuration file none was established when the system was
 rebooted.

 Mea culpa,

 Rich



 --

 Message: 3
 Date: Sat, 10 Aug 2013 14:52:16 -0700
 From: Richard England rlengl...@frontier.com
 Subject: Re: [PLUG] Ownerships and permissions mess
 To: plug@lists.pdxlinux.org
 Message-ID: 5206b610.2030...@frontier.com
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed

 On 08/10/2013 08:40 AM, Michael Rasmussen wrote:
  On Sat, Aug 10, 2013 at 09:30:56AM -0500, David Fleck wrote:
  On 08/08/2013 06:47 PM, John Jason Jordan wrote:
  Is there a way to do a ls command and have it sort by date of
 creation?
  Try
 
  ls -lrt
  Creation?
 
  That isn't available in contemporary *nix, including Linuxes.
 
   ctime  https://en.wikipedia.org/wiki/Stat_(Unix)
 
   ctime originally meant creation time,[8] however it has since been
   used almost always to refer to change time. It is updated any time
   file content changes (together with mtime), and also by changes in
   metadata such as file permissions, file ownership, and creation and
   deletion of hard links. In some 

Re: [PLUG] Connect: Network not reachable

[Mike C.]

/etc/resolv.conf is correct (matches what's on the other LAN hosts).
 That's normally the problem when I return with my portable and with
 wireless
 DHCP connection has reset that file. Why it's not fixing the problem here
I
 don't know.

ifconfig -a shows that etho is RUNNING.

/etc/rc.d/rc.inet1.conf is set as before.

I've re-run '/etc/rc.d/rc.inet1 restart', '/etc/rc.d/inetd restart' and
 rebooted the machine but still cannot get outside the local LAN.

What have I missed here?

Rich - It sounds to me like you've got a routing problem. FYI, the host
command is not a very valid or useful test in this case. because it's most
likely getting the DNS information from your upstream wifi router. That is
to say the Sony network client is making a doing a name lookup to a DNS
server on the internet.

What does your routing table look like when you run the command netstat
-rn

Also, what is the output of ifconfig -a
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Urgent! Lost network connection after upgrade

[Mike C.]

  Now, how do I go about manually assigning an IP address?

 ifconfig eth0 192.168.0.5 netmask 255.255.255.0
 
 the theory here is that network-manager may have interfered with this
 process. now that you've stopped it, it's time to try again.
 
 you can check whether this worked or not by running ifconfig by itself
 again, and see if eth0 now shoes an inet 192.168.0.5 entry.
 
 if it does not, something is seriously fubar and you're probably
 looking at something that's beyond email assistance.

 The command executed without error, but did not change anything.
 Ifconfig still shows no address and I still can't go anywhere.

 I'd say the last thing you could try is to manually configure the eth0
interface in the Interface Configuration Files and reboot and see if the
eth0 interface will setup. Here's some instructions on how to do it. I'm a
Debian kinda guy so I can't speak to Fedora specifics and/or quirks. But,
it's worth a last ditch shot!

https://docs.fedoraproject.org/en-US/Fedora/15/html/Deployment_Guide/s1-networkscripts-interfaces.html#s2-networkscripts-interfaces-eth0


 --

___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Urgent! Lost network connection after upgrade

[Mike C.]

Regarding my last post about the interface config files. After modifying
them, you'll want to either reboot or restart networking services. I'd say
reboot and hope that the interface config file is read before NM is
invoked.

But as I don't know much about Fedora and I know that NM is heavily
embedded into most Linux sub-systems, you might even have to remove the NM
package entirely to ensure that the problem with NM isn't interfering with
your attempts to directly control the eth0 interface.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Urgent! Lost network connection after upgrade

[Mike C.]

Creating object for path '/org/freedesktop/NetworkManager/ActiveConnection/17'
failed in libnm-glib.

A possible solution might be to disable the Network Manager app. As JJJ
mentioned and I tend to agree with something is stopping you from being
able to manually assign an ip address to eth0.

Network Manager is a many headed monster with lots of tentacles and if it's
not happy about something it might be interfering with your attempts to
configure eth0 manually via ifconfig.

So perhaps try disable NM and try manually assigning and ip addr again.
Don't bother with adding any routes until we can get eth0 to take an ip
addr assignment.

sudo stop network-manager
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] File system space troubles (SOLVED)

[Mike C.]

Thomas - My apologies for posting to the plug-jobs email list. I typed plug
into the To field, clicked the drop down email address menu in gmail and
fired.

Thank you all for your words of wisdom, tools, and commands.

I used Austin's command to determine that /var and /var/log were the two
largest users of hard drive space. I found 3 1GB log files (syslog,
kernel.log, and messages). I archived them and moved them into /home.

I deleted those logs, but it wasn't until after a reboot that df -h
reported 3.9 GBs free in /.

On my own system and other commercial systems I'm use to having separate
/usr /var and /tmp dirs that way if those dirs fill up, you still have a
functional system while you sort out the disk space.

I  guess what I didn't and still don't understand is that my friend's
system has a 400 GB drive and only 200 GB was used by /home by all 9.2 GB
of / was being used.

So am I to understand that when you don't have a separate /usr /var/ and
/tmp dirs that all of those files are stored in / ?

Also, what's interesting to me is that a non-custom partition table only
allocates 10 GB for everything that doesn't get stored in /home. Even on a
430 GB hard drive. Am I understanding that correctly?

Dumb question time. I don't suppose there's a way to symlink those dirs to
a space in the /home dir to avoid this problem in the future is there?

Thanks again for all of your help!

Cheers,

Mike
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Computer Repair

[Mike C.]

All,

 I have a computer that won't boot, no beeps, nothing. The power supply
 lights up and the cpu fan starts, but just silence after that. I've taken
 everything out but the cpu and memory.

 I had this happen to me recently on two different occasions with two
different laptops. One was resolved by resetting the CMOS by holding the
power button for 30 secs on the Toshiba nb-505  and the other was a bad
keyboard on my Lenovo Thinkpad.

It's also worth checking in with the support forum for your computer.
Usually, there's some good help there.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] LILO tutorial

[Mike C.]

 I need complete documentation on LILO with emphasis on
 lilo.conf .
 Assume I'm stranded on a desert isle (SW Missouri is a fair
 approximation) with a computer and a set of install disks.
 What *ONE* document will answer ALL my LILO questions.
 Hint: man pages and mini-HOTO's don't hack it. They presume
 and summarize too much.

 -- I can't imagine a more complete documentation on Lilo than the Lilo
User's Guide.

http://ftp.utcluj.ro/pub/docs/ldp/bible-src/lilo/user/user.html

However, I imagine that is going to be a bit too much info to wade through.
A good reference to keep on hand though.

I think this article covers the basics of lilo.conf pretty well.

http://www.control-escape.com/linux/lilo-cfg.html

I hope that's helpful.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] PLUG Digest, Vol 103, Issue 16

[Mike C.]

  --snip---
 
  When I look at the XServer Display Configuration it shows the digital
  screen is off. Normally it's on. The configuration is set to Twin View.
  Normally that's set to Separate X Screen.
 
  When I click on the right hand monitor (in the tool) the resolution
  shows as off. If I change that to 1680 x 1050 and click Apply, nothing
  happens. This is what's making me think the card is failing, or at least
  part of it has failed.
 
  Any recommendations?
 
  Assuming the card has failed, any recommendations on a better nVidia
 card?
 
  Thanks.
 
  BTW, I set the auto save feature of LibreOffice to 1 minute, and
  recovered most of the work I was doing.
 
 You would get either NO display or a garbled/distorted etc display if
 your card is failing.  Since X comes up, the card is probably fine
 (unless you just lost the DVI port...). Sounds like you are the victim
 of a Ubuntu drive-by update.  If using proprietary Nvidia drivers, this
 can be an issue.  What can happen is that the Nvidia kernel driver
 doesn't load (depends on kernel version) so Ubuntu switched to nouveau
 and your monitor autodetection is all screwy.

 I would update the Nvidia driver, reboot, then reset the settings.

 Using the Nvidia X server Settings tool, X Server Display
 Configuration - Advanced button, see if you can set up the monitors
 like you had before (run it via sudo or as root).  Then save the
 settings to /etc/X11/xorg.conf.d/xorg.conf

 Remember to pay attention to the following entries:

 Position
 Viewport Out
 Panning

 next select the monitors on at a time, and see which one is
 [x] make this the primary display for the X screen.
 *


- Once your get xserver config sorted out I'd recommend getting into the
habit of creating a backup of the xorg.conf file and keeping a copy of it
my home directory and/or thumb drive. When  I used to run Ubuntu I had more
problems with xserver than I care to admit and this practice saved me hours
of frustration.
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Main plug list civil and on-topic

[Mike C.]

  The most recent flame war erupted two years ago, and some folks

 left the list because of it.  They stopped leaving when we
 forced one person to leave.

 I was one of those folks who left for a short while after witnessing many
a flame war with the one person who was forced to leave. I think civil and
on-topic not only sets reasonable expectations of discourse for newbies
but it also serves as a good reminder for the rest of us when things start
to go sideways into the bushes.

-mc
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] /usr/bin/alsamixer: file not found (for user)

[Mike C.]

   Last week I was able to run alsamixer as a user on the Sony Vaio; this

 morning I cannot because the system tells me that there is no such file or
 directory as alsamixer, even when passed the absolute path of
 /usr/bin/alsamixer. Root has no problems with this file.




 The permissions are 755 so a user should be able to execute it. If the
 distribution is applicable it's Slackware-14.0/x86_64 will all security
 patches applied.

The man page does not seem to help me; command line options are
 ineffective if the executable cannot be found. Web searches for 'alsamixer
 not found' and 'alsamixer not found for user' did not return anything
 relevant.

There must be a simple reason for this but I have difficulty finding the
 reason and solution.

 Rich


-- It's not clear whether or not the alsamixer executable file actually
exists because you say root has no problems and the user perms are set to
755. Is there an alsamixer file in  /usr/bin that can be executed as the
root user?

As a test can you execute amixer as a non-root user?
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] /usr/bin/alsamixer: file not found (for user)

[Mike C.]

   Last week I was able to run alsamixer as a user on the Sony Vaio; this

 morning I cannot because the system tells me that there is no such file or
 directory as alsamixer, even when passed the absolute path of
 /usr/bin/alsamixer. Root has no problems with this file. The permissions
 are
 755 so a user should be able to execute it. If the distribution is
 applicable
 it's Slackware-14.0/x86_64 will all security patches applied.

The man page does not seem to help me; command line options are
 ineffective if the executable cannot be found. Web searches for 'alsamixer
 not found' and 'alsamixer not found for user' did not return anything
 relevant.

There must be a simple reason for this but I have difficulty finding the
 reason and solution.

 Rich


-- If it's true that the alsamixer executable file does exist and you can
execute it as root but not as a non-root user than run the *id
user* command
to verify if your user is in the audio group.

*mannix@mc-crunch:~$ id mannix*
id mannix
uid=1000(mannix) gid=1000(mannix)
groups=1000(mannix),20(dialout),24(cdrom),25(floppy),27(sudo),*29(audio)*
,30(dip),44(video),46(plugdev),100(users),107(netdev),108(bluetooth),109(fuse),112(powerdev)

Then verify that all the files in /dev/snd belong to the audio group.

crw-rw+  1 root audio 116,  5 Mar 18 16:59 controlC0
crw-rw+  1 root audio 116,  4 Mar 18 16:59 hwC0D0
crw-rw+  1 root audio 116,  3 Mar 18 16:59 pcmC0D0c
crw-rw+  1 root audio 116,  2 Mar 19 10:17 pcmC0D0p
crw-rw+  1 root audio 116,  1 Mar 18 16:59 seq
crw-rw+  1 root audio 116, 33 Mar 18 16:59 timer

If all seems to look right, you could do this:


- Allow all users read and write access to all sound devices, for
example with chmod -R a+rwX /dev/snd/.. This might be slightly insecure



___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Samba access - different results from different machines

[Mike C.]

  snip
   I'd like to set things up so that

 all of the machines are able to access the shared directories of any of
 the other machines. I don't know how to phrase the question for Mr.
 Google. I get lots of instructions for installing Samba, but nothing
 that covers my question.

 Recommended reading?

 Thanks.

 --
 Regards,

 Dick Steffens


-- I typed smb password windows 7 ubuntu 10.04 into the Google search
bar. This was the 2nd hit. After a cursory review of the article, it seems
very applicable and and also very well documented.

Now I made complete tutorial on samba configuration to share you data from
Ubuntu to Windows and also Windows to Ubuntu. Share data from Linux Ubuntu
with/without permissions. Permission is up to you, if you want to set
permission or not.

http://www.noobslab.com/2012/03/configure-samba-sharing-between-ubuntu.html
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] How to undo an update?

[Mike C.]

 Using Synaptic I uninstalled  LibreOffice 4.0.1.2

 I ran sudo add-apt-repository ppa:libreoffice/libreoffice-3-5

 I ran sudo apt-get update

 Further reading suggested that I run sudo add-apt-repository
 ppa:libreoffice/ppa

 Followed by another sudo apt-get update

 Synaptic still shows 4.0.1.2, but doesn't show 3.5.2.

 More web research recommended that I run sudo apt-get install
 libreoffice libreoffice-gnome

 That installed 4.0.1.2.


 What did I miss? How do I install 3.5.2 and not 4.0.1.2?

 Thanks.


 --
 Regards,

 Dick Steffens

-- Dick - The instructions here should help you out. HTH!

http://www.howtogeek.com/117929/how-to-downgrade-packages-on-ubuntu/
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug