Re: [PLUG] Thunderbird Changes

[Ted Mittelstaedt]

That's minor stuff.   Thunderbird versions greater than 91.13.1 are completely 
broken with self-signed certificates.  While yes there's always Lets Encrypt, 
why go through the extreme bullcrap of setting up LetsEncrypt on a mailserver 
that is buried behind firewalls and does not have port 80 forwarded to it when 
you can sign your own certificates?

There's a way to turn off auto-updates on thunderbird.

Ted

-Original Message-
From: PLUG  On Behalf Of Dick Steffens
Sent: Monday, October 16, 2023 2:11 PM
To: PLUG List 
Subject: [PLUG] Thunderbird Changes



When did the developers decide against DFWAB? (Don't Fix What Ain't Broke)



First annoyance:

The latest version of Thunderbird (115.3.1) comes with some annoying changes.

Several buttons that used to be in a toolbar disappeared. Somehow I tripped 
over a way to add a button that is for starting a new message on my main 
machine but have not been able to find it on my laptop. The old button said 
"Write" and the new button says "New Message". T-Bird on both machines is 
115.3.1. The main machine is Xubuntu 22.04, and the laptop is Xubuntu 20.04.

I've tried Edit > Settings, and View > Toolbars > Customize..., but have not 
found what I'm looking for. In the Customize the toolbars page that is a 
collection of things to add, but nothing related to New Message. 
Just to see what would happen, I "added" one of the buttons, but it never 
showed up. And yes, I did click .

Any idea where I should be looking?

Second annoyance:

When I reply to a message, I usually delete a bunch of stuff by holding the 
shift key down and clicking where I want the beginning of the deletion to 
occur, and then hit . That used to leave the cursor showing. Now it 
doesn't. If I start typing, the first character I type does not appear, and all 
the blank lines above my signature block are deleted. Hitting  three 
times cleans that up, and the cursor is showing after one blank line below the 
text to which I'm replying. That works, but why is it needed?

Anyway, back to my opening rant, what is the point of all these changes? 
Do they fix something? For me they break things.

Grouse, grouse.

--
Regards,

Dick Steffens

Re: [PLUG] Resolved: Battery Backup Question

[Ted Mittelstaedt]

UPS Lead Acid gel cells are not what they used to be.  A decade ago I could get 
a 12v 7ah gel call from Panasonic that would sit in a box
For 6 months, not significantly sulfate, then work in a UPS for 5 years.

Today everything on the market is complete crap.  Even the AGM versions are 
hardly better.  Race to the bottom destroyed the lead acid battery market.

But in truth the gel cell technology is not really suitable for modern UPSes 
which because of consumer ignorance have become very badly designed.

20 years ago a computer UPS would be rated at 450VA, and come with 2 12V 12ah 
batteries and would put out power for 30 minutes then gracefully shut the PC 
down and the batteries would not be trashed.

Today the UPS is rated at 1500VA and people plug it into a branch circuit that 
already has half the house on it, and comes with 2 little pissy 12v 8ah 
batteries.  Then it lasts 5 minutes then rolls over and dies leaving the 
batteries sucked dry.  So then the batteries would sit around dead as doornails 
for a day, sulfating to shit, then when utility power came back and the battery 
recharged you would have 30% of the battery capacity permanently destroyed.

UPSes today do high current discharges which are much better suited to wet cell 
lead acid batteries.  So combine crap quality batteries with moron configuring 
and overloading the discharge of the batteries and you get a year out of them.

Alarm systems are low-current drain devices specifically because they assume 
they will be battery powered when they are most needed.  Totally different than 
uPSes.   You should at the least have bought High Current variants of your 
batteries but I'll bet lunch you were not sold those.

Ted

-Original Message-
From: PLUG  On Behalf Of Dick Steffens
Sent: Thursday, September 28, 2023 11:35 AM
To: plug@pdxlinux.org
Subject: [PLUG] Resolved: Battery Backup Question

On 9/27/23 16:13, Dick Steffens wrote:
> On 9/27/23 16:10, Bill Barry wrote:
>> Yes, I would definitely take it out of the circuit and test it. There 
>> is little else that can go wrong with a UPS. Especially since all the 
>> warning signals are working.
>>
>> BIll
>
> Probably tomorrow. Thanks for confirming the idea.
>

The old battery was down to 11.something V at the battery place, and their 
tester said it had an internal resistance in the 40s. The new battery has an 
internal resistance of 100 something.

With the new battery, the UPS starts up normally.

I have the feeling that the old battery wasn't that old, but I haven't found 
the receipt, so it could be over a year. The guy said they use the same battery 
in their alarm system, and it's expected to last 5 years. 
I'm going to tape a note to the UPS with today's date and the expectation of 5 
years.

I'm also going to set it up for my other office computer, since I moved its UPS 
to the main one. While I'm at it, I'll use my Kill A Watt to see what each 
device I plug into it is drawing. I'll start a log of these things for future 
reference.

Thanks to all who provided advice.

--
Regards,

Dick Steffens

Re: [PLUG] Internship for people with Linux command line familiarity

[Ted Mittelstaedt]

What is the goal for the target population?  Just to get them Internet 
connectivity?  And when they get Internet connectivity what will they be using 
it for?  The reason I'm asking is if the target population has so little 
computer ability that the result of them getting Internet connectivity is that 
they will immediately be using it to watch the latest made for TV movie airing 
on the Hallmark Channel, then why would you assume it would even be possible to 
train them in any computer use skills let alone Linux command line?  I suspect 
your partners may know this target population a bit better than you do

Frankly I think the command line is absolutely fantastic for 3 things:

a) automating software
b) operating software that the authors never got around to writing a web based 
control interface for.
c) Fixing software that isn't working the way it's supposed to be

Otherwise you might consider that there's better human-to-software interfaces 
than the command line.

Ted


-Original Message-
From: PLUG  On Behalf Of Russell Senior
Sent: Saturday, September 23, 2023 3:40 PM
To: Portland Linux/Unix Group 
Subject: [PLUG] Internship for people with Linux command line familiarity

I'm involved with a grant funded project in which Personal Telco Project is to 
indoctrinate a few people in Community Networking serving a target population. 
We want people who are members of the target population, but in order to meet 
the project goals we feel like they need to start with a basic familiarity with 
Linux command line, since basically every part of the network management will 
require it. Our partners are concerned they won't be able to find anyone with 
the starting skills we have asked for. As someone for whom the Year of the 
Linux Desktop has been every year since 1993, I have trouble understanding 
their concern. We are only looking for a few people in the Portland metro area, 
and there are certainly a few such people here, it is just a matter of finding 
them and funneling them towards the entrance gate. We aren't in charge of 
selecting people, but given our partners concerns it seems appropriate to help 
them recruit potential candidates, and PLUG seems like a good place to start 
looking.

I have thought about asking local community colleges that teach Linux skills.

Any other thoughts?

--
Russell Senior, President
russ...@personaltelco.net

Re: [PLUG] domainnetworks.com scam

[Ted Mittelstaedt]

These letters are standard when people use their real company names and 
addresses on the
WHOIS data for the domain.  I get them a lot.  Yours, tripod.com, is concealed 
behind a fake
Company name so of course you won't ever receive such a scam letter.  
(www.tripod.com does
Not match the whois data which is CSC Corporate domains.  It basically appears 
like tripod.com is
A brand of CSC)

Some Registries like Network Solutions have taken to concealing registration 
WHOIS data for
.org and other domains that they deem are owned by "inexperienced users"  They 
call it
Privacy guard and other pretty names but mainly it's an anti-poaching 
technique.  In some cases
Some Registries prohibit the domain name owners from using their real names for 
certain TLDs.

Ted

-Original Message-
From: PLUG  On Behalf Of Robert Kopp
Sent: Friday, August 18, 2023 5:39 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] domainnetworks.com scam

Perhaps some domain registration services are inviting people to obtain premium 
domains with names similar to those they already have, but at higher prices. 
But if it doesn't look like a premium name, that's not the reason. I've never 
received such an ad, in any case. 

Robert "Tim" Kopp
http://analytic.tripod.com/
 
 






On Friday, August 18, 2023 at 03:28:03 PM PDT, Rich Shepard 
 wrote: 





On Fri, 18 Aug 2023, Keith Lofstrom wrote:


> My wife got a letter from "MARKETING SERVICES" aka Domain Networks of 
> Hendersonville, NC offering an "ANNUAL WEBSITE DOMAIN LISTING" for the 
> low, low price of $289 :-(

Keith,


I've registerd my domains with namecheap.com for quite a few years and I'm 
highly satisfied with their services (and low price).

I regularly get these letters urging me to use their registration services for 
several hundred dollars a year. They go directly into the recycling bin.

They are the snail-mail successor of the last century's Nigerian scam letters.

Rich

Re: [PLUG] Zoom error 10?

[Ted Mittelstaedt]

I believe the current version of Ubuntu enables Wayland while Ubuntu 20 does 
not, it is possible the latest Zoom is expecting Wayland to be enabled the 
older one uses xorg?

There's a ton of compatibility layers where xorg and wayland apps can run on 
each others managers, in theory that is.

Can you back-rev?

Ted

-Original Message-
From: PLUG  On Behalf Of Denis Heidtmann
Sent: Friday, August 18, 2023 3:13 PM
To: General Linux/UNIX discussion and help, civil and on-topic 

Subject: [PLUG] Zoom error 10?

I installed the latest Zoom (at Zoom's insistence). The package manager shows 
version 2.0.106600.0904 doubleclick (runs software install) show version 
5.15.7.6521

When I attempt to run zoom via a link in an email I get unexpected error code 
10. I occasionally find that zoom is already running; On those occasions I use 
top to kill that instance. I still get the error. Running in a terminal gets me 
to the screen where I can input the meeting number; I get the same error.

I am above my pay grade on this. I am hoping for some help.
I am running Ubuntu 20.04.6 LTS

Thanks,
-Denis

Re: [PLUG] Seeking a Universal Remote

[Ted Mittelstaedt]

https://www.lirc.org/

Put it in a Raspberry Pi with a 5v rechargeable battery and Bob's your uncle

Ted

-Original Message-
From: PLUG  On Behalf Of Michael Rasmussen
Sent: Saturday, August 5, 2023 7:43 AM
To: Portland Linux/Unix Group 
Subject: [PLUG] Seeking a Universal Remote

Looking for a universal remote for TVs that is Linux programmable. I have a
Logitech  Harmony 650 that works fine - until I need to change it.

Any suggestions?

-- 

Michael Rasmussen
Be Appropriate && Follow Your Curiosity

Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks MediaWiki - why?)

[Ted Mittelstaedt]

I haven't looked at it's code myself but you get the idea.  The same reasoning 
applies to many projects that people complain about not being updated.

For that matter what is the deal about not having python2 on Debian bullseye?  
I see instructions all over the Internet for installing it.

Ted

-Original Message-
From: PLUG [mailto:plug-boun...@pdxlinux.org] On Behalf Of Russell Senior
Sent: Monday, July 31, 2023 6:47 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks 
MediaWiki - why?)

Moinmoin isn't a binary, fwiw.

On Mon, Jul 31, 2023, 17:31 Ted Mittelstaedt  wrote:

>
> > a dead-end solution with a future of pain, fragility, and
> >(probably) unpatched security vulnerabilities while people scramble 
> >to
> find
> and implement a solution (that may no >longer exist within even a 
> reasonable set of parameters).
>
> I feel compelled to point out that if people spent half the time 
> simply paying a software programmer to upgrade the codebase of these 
> projects that they spend complaining about the projects becoming dead 
> end, that they would have updated projects that work for a tenth of 
> the price that Micro$oft wants them to pay for windows versions of 
> things.
>
> How many hundreds if not thousands of wikis on the Internet that use 
> Moinmoin have ever just considered posting a message "We just upgraded 
> to Debian Bullseye and we get 10 compiler errors when attempting to 
> build Moinmoin on it.  $5000 to the first person who fixes that and 
> produces a functioning binary, and feeds the changes back into the public 
> source"
>
> OR, how many of them have picked up a compiler and tried their hand at 
> fixing it themselves?
>
> Ted
>
> -Original Message-
> From: PLUG [mailto:plug-boun...@pdxlinux.org] On Behalf Of Paul 
> Heinlein
> Sent: Monday, July 31, 2023 8:38 AM
> To: Portland Linux/Unix Group 
> Subject: Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks 
> MediaWiki - why?)
>
> On Sun, 30 Jul 2023, Russell Senior wrote:
>
> > A slightly related story: Debian's wiki is moinmoin. Moinmoin v1.x 
> > is based on python 2. Python2 is (of course) deprecated and pretty 
> > much abandoned as of Debian Bullseye. It seems somewhat ironic that 
> > the wiki that proudly announces Debian 12 (bookworm) as of July 22, 
> > has to run Debian 10 (buster, i.e. oldoldstable) because that's the 
> > last version that supports python2 enough to run the wiki.
> >
> >
> > https://u35970666.ct.sendgrid.net/ls/click?upn=TqJK0v-2BTL1dmkjS-2FZ
> > RB 
> > wGRDG4t3PuCk88LFqqcTvyYGDJGeFNIjwU8pGkcA3tIrkXxPogHNGRue04tX0s41yELy
> > VT 
> > 2kQTzNKeJ1a3JRIU5c-3DkyL0_VIYZ4N8dmyIPGy7Y8nsPO1q5dom4O0HMDO1WKXG4iy
> > 6c 
> > RPYqUFHozao-2Fpbo-2BoZqOchXuKORABSzW180gWYBHeRPNrdK7edxBEXDVaeFmkWm4
> > xn 
> > UhizY9EOtln7Mj8LEiArb78-2BbHAD0AsaSTK9AWj1JB0cOk7hkn-2BvgslB0tXdYqMV
> > 8B ZkiZeBlgfBwozTDycTSoXvNA4kNrtVykLP6PwQ-3D-3D
> >
> > I have a particularly acute awareness of this because Personal 
> > Telco's wiki also uses moinmoin, and it stopped working when I tried 
> > to update to Debian 11 (bullseye) about a year ago. We had a brief 
> > outage while I figured out what had gone wrong.
>
> This is a sadly familiar story. A high-level software package depends 
> on dozens, perhaps hundreds, of lower-level language runtimes, 
> libraries, and even utilities. One or more of those lower-level 
> packages gets deprecated, drops features, becomes orphaned, or simply 
> doesn't keep up with the rest of the dependency ecosystem.
>
> Voila -- a dead-end solution with a future of pain, fragility, and
> (probably) unpatched security vulnerabilities while people scramble to 
> find and implement a solution (that may no longer exist within even a 
> reasonable set of parameters).
>
> I feel vaguely guilty every time I say it, but if computers were easy 
> I wouldn't have a job.
>
> --
> Paul Heinlein
> heinl...@madboa.com
> 45°22'48" N, 122°35'36" W
>
>

Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks MediaWiki - why?)

[Ted Mittelstaedt]

GTK2 abandonment caused problems for a number of small projects but you can 
still in general find libs for gtk2 on most of the larger distros.

$5k for "fixing" moinmoin is pretty fair I'd say.  Version 2 is, after all, 
installable and runs.  The maintainer says it's "unstable" but I have to wonder 
if that's really true.  Sometimes that language is code for "it works but I 
don't want to spend time answering your RTFM questions and the community isn't 
large enough yet to do it"

Ted

-Original Message-
From: PLUG [mailto:plug-boun...@pdxlinux.org] On Behalf Of Ben Koenig
Sent: Monday, July 31, 2023 11:15 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks 
MediaWiki - why?)

I wonder why WINE, FFMPEG, the Linux Kernel, all mainstream distros...

- KDE
- GNOME
- XFCE
- QT
- GTK

and many other projects DO NOT have this problem, despite all of them being 
infinitely more complex than a collection of python scripts.

The longterm success and/or failure of any software project comes down to the 
maintainability of the codebase. Projects with good, clean codebases get more 
love because the cost of contributing is much lower. Given how many big 
projects use moinmoin I think it's safe to say that nobody has bothered to fix 
it because it's a hot fucking mess.

FWIW... $5000 for a 2to3 conversion of moinmoin is a fucking insult to the 
developer who ends up doing all the work. But if Debian needs a modern system 
to run their moinmoin wiki I'd be happy to set them up with a Slackware 15.0 
installation with python2.7.
-Ben


--- Original Message ---
On Monday, July 31st, 2023 at 5:31 PM, Ted Mittelstaedt 
 wrote:


> > a dead-end solution with a future of pain, fragility, and
> > (probably) unpatched security vulnerabilities while people scramble 
> > to find
> 
> and implement a solution (that may no >longer exist within even a 
> reasonable
> 
> set of parameters).
> 
> I feel compelled to point out that if people spent half the time 
> simply paying a software programmer to upgrade the codebase of these 
> projects that they spend complaining about the projects becoming dead 
> end, that they would have updated projects that work for a tenth of 
> the price that Micro$oft wants them to pay for windows versions of things.
> 
> How many hundreds if not thousands of wikis on the Internet that use 
> Moinmoin have ever just considered posting a message "We just upgraded 
> to Debian Bullseye and we get 10 compiler errors when attempting to 
> build Moinmoin on it. $5000 to the first person who fixes that and 
> produces a functioning binary, and feeds the changes back into the public 
> source"
> 
> OR, how many of them have picked up a compiler and tried their hand at 
> fixing it themselves?
> 
> Ted
> 

Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks MediaWiki - why?)

[Ted Mittelstaedt]

Per https://moinmo.in/MoinMoin2/InstallDebian  and  
https://github.com/moinwiki/moin version 2.0+  it is

"unstable, for production please use 1.9.x."

Ted

-Original Message-
From: PLUG [mailto:plug-boun...@pdxlinux.org] On Behalf Of Russell Senior
Sent: Tuesday, August 1, 2023 1:06 AM
To: plug@pdxlinux.org
Subject: Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks 
MediaWiki - why?)



On 7/31/23 23:15, Ben Koenig wrote:
> The longterm success and/or failure of any software project comes down to the 
> maintainability of the codebase. Projects with good, clean codebases get more 
> love because the cost of contributing is much lower. Given how many big 
> projects use moinmoin I think it's safe to say that nobody has bothered to 
> fix it because it's a hot fucking mess.
The wikipedia entry says "a steamed or boiled bean pudding".

I think what actually happened is that v1.x achieved a kind of stability and it 
basically didn't change for a decade and the people who knew how it worked kind 
of wandered away. It was only the abandonment of python2 that has led to the 
"crisis". There has been a slow moving effort to build a v2 of MoinMoin, but 
it's reportedly not ready for production, or wasn't when I looked last (again, 
about a year ago).


--
Russell Senior
russ...@pdxlinux.org

Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks MediaWiki - why?)

[Ted Mittelstaedt]

$5k dropped on some overseas programming group in India will get you a whole 
lotta translating!

Ted

-Original Message-
From: PLUG [mailto:plug-boun...@pdxlinux.org] On Behalf Of John Sechrest
Sent: Monday, July 31, 2023 5:34 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks 
MediaWiki - why?)

I wonder how far you would get by asking Bard or chatgpt or one of the other AI 
things to translate Python 2 to current python


On Mon, Jul 31, 2023 at 5:31 PM Ted Mittelstaedt 
wrote:

>
> > a dead-end solution with a future of pain, fragility, and
> >(probably) unpatched security vulnerabilities while people scramble 
> >to
> find
> and implement a solution (that may no >longer exist within even a 
> reasonable set of parameters).
>
> I feel compelled to point out that if people spent half the time 
> simply paying a software programmer to upgrade the codebase of these 
> projects that they spend complaining about the projects becoming dead 
> end, that they would have updated projects that work for a tenth of 
> the price that Micro$oft wants them to pay for windows versions of 
> things.
>
> How many hundreds if not thousands of wikis on the Internet that use 
> Moinmoin have ever just considered posting a message "We just upgraded 
> to Debian Bullseye and we get 10 compiler errors when attempting to 
> build Moinmoin on it.  $5000 to the first person who fixes that and 
> produces a functioning binary, and feeds the changes back into the public 
> source"
>
> OR, how many of them have picked up a compiler and tried their hand at 
> fixing it themselves?
>
> Ted
>
> -Original Message-
> From: PLUG [mailto:plug-boun...@pdxlinux.org] On Behalf Of Paul 
> Heinlein
> Sent: Monday, July 31, 2023 8:38 AM
> To: Portland Linux/Unix Group 
> Subject: Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks 
> MediaWiki - why?)
>
> On Sun, 30 Jul 2023, Russell Senior wrote:
>
> > A slightly related story: Debian's wiki is moinmoin. Moinmoin v1.x 
> > is based on python 2. Python2 is (of course) deprecated and pretty 
> > much abandoned as of Debian Bullseye. It seems somewhat ironic that 
> > the wiki that proudly announces Debian 12 (bookworm) as of July 22, 
> > has to run Debian 10 (buster, i.e. oldoldstable) because that's the 
> > last version that supports python2 enough to run the wiki.
> >
> >
> > https://u35970666.ct.sendgrid.net/ls/click?upn=TqJK0v-2BTL1dmkjS-2FZ
> > RB 
> > wGRDG4t3PuCk88LFqqcTvyYGDJGeFNIjwU8pGkcA3tIrkXxPogHNGRue04tX0s41yELy
> > VT 
> > 2kQTzNKeJ1a3JRIU5c-3DkyL0_VIYZ4N8dmyIPGy7Y8nsPO1q5dom4O0HMDO1WKXG4iy
> > 6c 
> > RPYqUFHozao-2Fpbo-2BoZqOchXuKORABSzW180gWYBHeRPNrdK7edxBEXDVaeFmkWm4
> > xn 
> > UhizY9EOtln7Mj8LEiArb78-2BbHAD0AsaSTK9AWj1JB0cOk7hkn-2BvgslB0tXdYqMV
> > 8B ZkiZeBlgfBwozTDycTSoXvNA4kNrtVykLP6PwQ-3D-3D
> >
> > I have a particularly acute awareness of this because Personal 
> > Telco's wiki also uses moinmoin, and it stopped working when I tried 
> > to update to Debian 11 (bullseye) about a year ago. We had a brief 
> > outage while I figured out what had gone wrong.
>
> This is a sadly familiar story. A high-level software package depends 
> on dozens, perhaps hundreds, of lower-level language runtimes, 
> libraries, and even utilities. One or more of those lower-level 
> packages gets deprecated, drops features, becomes orphaned, or simply 
> doesn't keep up with the rest of the dependency ecosystem.
>
> Voila -- a dead-end solution with a future of pain, fragility, and
> (probably) unpatched security vulnerabilities while people scramble to 
> find and implement a solution (that may no longer exist within even a 
> reasonable set of parameters).
>
> I feel vaguely guilty every time I say it, but if computers were easy 
> I wouldn't have a job.
>
> --
> Paul Heinlein
> heinl...@madboa.com
> 45°22'48" N, 122°35'36" W
>
>

--
--
[image: www.seattleangelconference.com]
<http://www.seattleangelconference.com/>

*JOHN SECHREST*
*Founder, *Seattle Angel Conference
TEL  (541) 250-0844EMAIL  sechr...@seattleangel.com
Schedule A Meeting <http://sechrest.youcanbookme.com/>

http://seattleangelconference.com
@nwangelconf

An Investor driven event bringing together new investors and new entrepreneurs 
to expand the startup ecosystem.

Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks MediaWiki - why?)

[Ted Mittelstaedt]

> a dead-end solution with a future of pain, fragility, and
>(probably) unpatched security vulnerabilities while people scramble to find
and implement a solution (that may no >longer exist within even a reasonable
set of parameters).

I feel compelled to point out that if people spent half the time simply
paying a software programmer to upgrade the codebase of these projects that
they spend complaining about the projects becoming dead end, that they would
have updated projects that work for a tenth of the price that Micro$oft
wants them to pay for windows versions of things.

How many hundreds if not thousands of wikis on the Internet that use
Moinmoin have ever just considered posting a message "We just upgraded to
Debian Bullseye and we get 10 compiler errors when attempting to build
Moinmoin on it.  $5000 to the first person who fixes that and produces a
functioning binary, and feeds the changes back into the public source"

OR, how many of them have picked up a compiler and tried their hand at
fixing it themselves?

Ted

-Original Message-
From: PLUG [mailto:plug-boun...@pdxlinux.org] On Behalf Of Paul Heinlein
Sent: Monday, July 31, 2023 8:38 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] wikis breaking on updates (was: Re: Upgrage Breaks
MediaWiki - why?)

On Sun, 30 Jul 2023, Russell Senior wrote:

> A slightly related story: Debian's wiki is moinmoin. Moinmoin v1.x is 
> based on python 2. Python2 is (of course) deprecated and pretty much 
> abandoned as of Debian Bullseye. It seems somewhat ironic that the 
> wiki that proudly announces Debian 12 (bookworm) as of July 22, has to 
> run Debian 10 (buster, i.e. oldoldstable) because that's the last 
> version that supports python2 enough to run the wiki.
>
>  
> https://u35970666.ct.sendgrid.net/ls/click?upn=TqJK0v-2BTL1dmkjS-2FZRB
> wGRDG4t3PuCk88LFqqcTvyYGDJGeFNIjwU8pGkcA3tIrkXxPogHNGRue04tX0s41yELyVT
> 2kQTzNKeJ1a3JRIU5c-3DkyL0_VIYZ4N8dmyIPGy7Y8nsPO1q5dom4O0HMDO1WKXG4iy6c
> RPYqUFHozao-2Fpbo-2BoZqOchXuKORABSzW180gWYBHeRPNrdK7edxBEXDVaeFmkWm4xn
> UhizY9EOtln7Mj8LEiArb78-2BbHAD0AsaSTK9AWj1JB0cOk7hkn-2BvgslB0tXdYqMV8B
> ZkiZeBlgfBwozTDycTSoXvNA4kNrtVykLP6PwQ-3D-3D
>
> I have a particularly acute awareness of this because Personal Telco's 
> wiki also uses moinmoin, and it stopped working when I tried to update 
> to Debian 11 (bullseye) about a year ago. We had a brief outage while 
> I figured out what had gone wrong.

This is a sadly familiar story. A high-level software package depends on
dozens, perhaps hundreds, of lower-level language runtimes, libraries, and
even utilities. One or more of those lower-level packages gets deprecated,
drops features, becomes orphaned, or simply doesn't keep up with the rest of
the dependency ecosystem.

Voila -- a dead-end solution with a future of pain, fragility, and
(probably) unpatched security vulnerabilities while people scramble to find
and implement a solution (that may no longer exist within even a reasonable
set of parameters).

I feel vaguely guilty every time I say it, but if computers were easy I
wouldn't have a job.

--
Paul Heinlein
heinl...@madboa.com
45°22'48" N, 122°35'36" W

Re: [PLUG] SSD swap partition and/or swap file

[Ted Mittelstaedt]

> Using a swap file on SSD will allow fine tuning

I'm not sure this is a good idea.  SSD bits degrade every time they are 
written.  While modern SSD chips have a memory manager chip that is supposed to 
lock out failed bits, you still are degrading it when you write to it.  And 
there's a LOT of writes to swap.  For a desktop that you throw the SSD away 
when it fails because the user is supposed to be saving to the network, that 
might be one thing but I wouldn't do it if you don't have a server and are 
saving everything to your desktop.

With the price of ram just fill it up and if the system -insists- on creating a 
swapfile, then create a ramdisk and swap to that.

Ted

-Original Message-
From: PLUG  On Behalf Of Michael Ewan
Sent: Saturday, July 29, 2023 9:08 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] SSD swap partition and/or swap file

There is a difference between swap and paging, but both use the "swap"
space.  Modern memory management and cheap ram have mostly done away with 
swapping however paging happens all the time.  The best thing to do is install 
sar if not already installed via 'apt-get install sysstat'.  Sar will give you 
paging stats, start the service and check the results after a few hours of 
normal operation with 'sar -B' and 'sar -S'.  Bottom line, swap is very bad, 
some small amount of paging is normal when there is not enough RAM for 
everything that is running on the system.  Back when I was running large UNIX 
(not Linux) hosts for MRP applications, we sized the the system RAM so there 
was never page outs, the same could be accomplished for a largish Linux box.  
Using sar you can gauge how much paging space you will need.  Most estimates 
you will find in the literature will be way too large.  Using a swap file on 
SSD will allow fine tuning.  With enough RAM you would not need swap space at 
all, but you should configure some small amount to avoid crashes.

On Fri, Jul 28, 2023 at 4:05 PM Keith Lofstrom  wrote:

> Question about swap file vs swap partition.
>
> I have a dozen spinny disks with too many ancient distros on too many 
> machines.
>
> I am slowly consolidating to a few Debian 12 Bookworm machines with 
> Samsung terabyte SSDs.
>
>
> When large-RAM low-power fast motherboards become cheap enough, I will 
> migrate to those.  More RAM may imply larger swap areas (a 
> semi-religious debate I hope to avoid). I want to be ready if the 
> "large swap" zealots win the debate and design software dependent on 
> swap.
>
> SSD swap seems MUCH better than spinny-disk swap, very fast access 
> compared to moving a spinny disk head across a platter ... though way 
> slower than RAM.
>
> 
>
> Large SSD swap also facilitates fast hibernate, though Debian startup 
> and shutdown are amazingly fast using an SSD (10 seconds 
> startup/login, 2 second shutdown).
>
> Perhaps I don't need hibernate-to-swap.
>
> 
>
> One of my recent SSD experiments resulted in a too-small swap 
> partition.  Inept resizing attempts borked the file system.
>
> But ... I can also create a huge swap file on a regular
> ext4 file system, and easily up-size the swap file when I install more 
> RAM.  Resizing a partition is more complex.
>
> I've read some online debates about swap partitions vs.
> swap files.  Most of the debates are from the spinny disk era; the 
> speed tradeoffs have changed radically.
> My main concern is reliability, software compatibility, and ease of 
> maintenance rather than maximum speed.
>
> 
>
> I suspect I will need SOME separate-partition swap, but I hope I can 
> get by with a few gigabytes, relying mostly on a big swap file, 
> growing that swap file over time as I migrate to motherboards and 
> laptops with more RAM.
>
> At 69.9 years of age, I should also minimize complexity, deploying 
> systems that I can maintain with an 80 or 90 y.o. brain someday.  My 
> father-in-law is 105, and his Windoze computer took many days to 
> decrapify.  I won't have a son-in-law to do that for me.
>
> So, that's a lot of yammering, another sequela of excess age.  In 
> summary:
>
> "Optimum SSD swap? ?? ???"
>
> Keith
>
> --
> Keith Lofstrom  kei...@keithl.com
>

Re: [PLUG] SSD swap partition and/or swap file

[Ted Mittelstaedt]

The entire point of swap is to have a place to put stuff that can't fit in
main ram because "back in the day" ram was expensive so we almost always put
too little of it in computers.

Today ram is cheap and the idea now is that they know you probably are going
to have more ram than your programs need so modern OS's will commit the
remaining unused ram to a big disk cache.

Modern OS will also take little-used programs from core ram and deliberately
swap them to disk with the idea that a program only running once in a while
is better off swapped.

So I generally just create swapfiles these days and dispense with the
partitions

Ted

-Original Message-
From: PLUG  On Behalf Of Keith Lofstrom
Sent: Friday, July 28, 2023 3:46 PM
To: plug@pdxlinux.org
Subject: [PLUG] SSD swap partition and/or swap file

Question about swap file vs swap partition.

I have a dozen spinny disks with too many ancient distros on too many
machines. 

I am slowly consolidating to a few Debian 12 Bookworm machines with Samsung
terabyte SSDs.


When large-RAM low-power fast motherboards become cheap enough, I will
migrate to those.  More RAM may imply larger swap areas (a semi-religious
debate I hope to avoid). I want to be ready if the "large swap" zealots win
the debate and design software dependent on swap.

SSD swap seems MUCH better than spinny-disk swap, very fast access compared
to moving a spinny disk head across a platter ... though way slower than
RAM.



Large SSD swap also facilitates fast hibernate, though Debian startup and
shutdown are amazingly fast using an SSD (10 seconds startup/login, 2 second
shutdown). 

Perhaps I don't need hibernate-to-swap.



One of my recent SSD experiments resulted in a too-small swap partition.
Inept resizing attempts borked the file system.

But ... I can also create a huge swap file on a regular
ext4 file system, and easily up-size the swap file when I install more RAM.
Resizing a partition is more complex.

I've read some online debates about swap partitions vs.
swap files.  Most of the debates are from the spinny disk era; the speed
tradeoffs have changed radically. 
My main concern is reliability, software compatibility, and ease of
maintenance rather than maximum speed.  



I suspect I will need SOME separate-partition swap, but I hope I can get by
with a few gigabytes, relying mostly on a big swap file, growing that swap
file over time as I migrate to motherboards and laptops with more RAM.

At 69.9 years of age, I should also minimize complexity, deploying systems
that I can maintain with an 80 or 90 y.o. brain someday.  My father-in-law
is 105, and his Windoze computer took many days to decrapify.  I won't have
a son-in-law to do that for me.

So, that's a lot of yammering, another sequela of excess age.  In summary:

"Optimum SSD swap? ?? ???"

Keith

-- 
Keith Lofstrom  kei...@keithl.com

Re: [PLUG] Sluggish response

[Ted Mittelstaedt]

No look for reallocated sector count or some such.  The disk is supposed to say 
how many it's done and how many are left.  There's a screenshot on a windows 
SMART program that shows it graphically:

https://crystalmark.info/en/software/crystaldiskinfo/

Some info may be here

https://www.smartmontools.org/wiki/BadBlockHowto

One problem with smart disks these days is that many of them will do a 
read/write "scrub" on a failing sector dozens of times in an effort to "heal" 
it.  Borrowing from the spinwrite marketing baloney from years past.  If 
there's a series of bad sectors in a row the disk can take 30 minutes or more 
doing this before finally deciding to do an internal permanent re-map of the 
bad sectors or just failing entirely, whichever comes first.  So you go to 
write a file and the machine takes forever because underneath it all the disk 
is hammering itself to death in a Hail Mary to save your data.

SMART attributes appear to be vendor-defined so they are not all common in 
between disks.  The disks also sometimes lie in saying how many reallocated 
sectors they have.

Disks also love to lie like dogs on how many blocks and sectors and such they 
have.  So the idea of a low level edit is out of the question.

Some disks marketed to those cheap little NAS devices are labeled red and those 
will just error out on a sector fail for the bad sector.

Most disks will NOT reallocate a bad sector unless you try writing to it.  This 
can be a problem with filesystems that write to a sector by reading it first 
then writing it.

If you suspect a disk, doing a dd if=/dev/zero  of=/dev/disk0 or whatever your 
device is, over the entire disk, will sometimes force remaps on any bad sectors 
and the disks will return to normal speed.

Ted

-Original Message-
From: PLUG  On Behalf Of Dick Steffens
Sent: Thursday, June 15, 2023 11:43 AM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Sluggish response

On 6/14/23 07:43, Tomas Kuchta wrote:
> On Wed, Jun 14, 2023, 01:41 Ted Mittelstaedt  wrote:
>
>> If it is a magnetic media drive that is older the drive could be 
>> suffering end stage sector failure where the bad sector table is 
>> filled up.  I've seen it many times and it always makes the drive get 
>> very slow
>>
>> Ted.
>>
> Bad sectors should be evident in Smart tools. It might be good idea to 
> check it to prove/dis-proof disk issues.
>
> -T

> rsteff@ENU-1:~$ sudo smartctl -H /dev/sdb smartctl 7.1 2019-12-30 
> r5022 [x86_64-linux-5.4.0-150-generic] (local
> build)
> Copyright (C) 2002-19, Bruce Allen, Christian Franke, 
> www.smartmontools.org
>
> === START OF READ SMART DATA SECTION === SMART overall-health 
> self-assessment test result: PASSED

I've run a few other smartctl options. I don't really know what I should 
specifically be looking for. One of the results said

> Offline data collection status:  (0x00) Offline data collection 
> activity
>                 was never started.
>                 Auto Offline Data Collection: Disabled.
> Self-test execution status:  (   0)    The previous self-test 
> routine completed
>                 without error or no self-test has ever
>                 been run.

Is there something I should be running?

--
Regards,

Dick Steffens

Re: [PLUG] Sluggish response

[Ted Mittelstaedt]

If it is a magnetic media drive that is older the drive could be suffering end 
stage sector failure where the bad sector table is filled up.  I've seen it 
many times and it always makes the drive get very slow

Ted

-Original Message-
From: PLUG  On Behalf Of Dick Steffens
Sent: Tuesday, June 13, 2023 2:27 PM
To: PLUG List 
Subject: [PLUG] Sluggish response

I'm running Xubuntu 20.04. I'm experiencing longer than expected delays from 
time to time. Generally, within any application, things are fine. I don't have 
any issues with delays in programs like LibreOffice Writer. 
It's mostly when starting an application. Sometimes it's when copying or moving 
a file from one directory to another. The most recent example is I had just 
finished editing an .m4a recording with Audacity. I exported it as a .mp3 file. 
My default is to save files to the desktop and them move them to the directory 
where I want them to live. It took nearly a minute to move the 4.3 MB .mp3 file 
from the desktop to another directory. I plan to keep the original file, but I 
couldn't move it until the process of moving the .mp3 file completed. Then I 
could move the .m4a file. It is also 4.3 MB, and also took nearly a minute to 
move.

Another example is how long it takes some applications to load. I recall 
starting up LibreOffice Writer in just a couple seconds. Now it takes closer to 
30 seconds. Top doesn't give me any useful clues as to whether something is 
hogging all the processing power.

The processor is an Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz.

free -h tells me
rsteff@ENU-1:~$ free -h
   total    used    free  shared buff/cache available
Mem:  7.6Gi   4.6Gi   169Mi   756Mi 2.9Gi   2.0Gi
Swap: 2.0Gi   857Mi   1.2Gi rsteff@ENU-1:~$

While I do have a number of applications running, I've always had a similar 
number running and response in them used to be pretty quick.

What else can I do to try to figure out what's slowing things down?

Thanks.

--
Regards,

Dick Steffens

Re: [PLUG] "sold as 16GB" PNY flash drives store >30GB

[Ted Mittelstaedt]

I've read the same thing about USB drives.  But I will point out that the last 
time I bought them from Best Buy that 32GB was the smallest size I could find 
there and they were like $4 each or something.

Note that there is a program written for Linux for testing USB drives to make 
sure they are correctly marked for size:

https://github.com/AltraMayor/f3

There's also a windows version of this program around named h2testw

If you do find a USB drive that has been modified to report an incorrect size, 
many of them can be repaired with various tools (usually under Windows)  You 
can start here to learn how to do it:

https://fixfakeflash.wordpress.com/2008/12/11/about-vid-pid-repairing-counterfeit-flash-drives-steps-to-succeed/

In some cases the seller didn't even bother mucking with the USB flash drive 
chip, instead what they did was hack the partition table on the USB flash 
drive.  These can be fixed under Windows by opening a command line and doing a 
diskpart/select disk/clean operation.  That completely wipes out the partition 
table and MBR or GPT entries.   Under Linux you can do sudo apt-get install 
gdisk, then use the Zap command to delete the GPT or MBR boot record.  
Unfortunately, some of the Linux tools out there are confused if you run across 
a disk (USB or otherwise) that was created GPT then had an MBR record written 
over it since it will have the residual GPT record on the end of the disk but 
as I recall gdisk is aware of this problem and will handle it.  Diskpart clean 
definitely handles it properly, clean will wipe all ID blocks from a device.  
Including the C: drive it is running from if you accidently select the wrong 
disk.

Lastly I feel compelled to remind everyone that every data media out there can 
suffer from bitrot and never EVER should you use data media for long term 
storage unless you have multiple devices.

I used to think that magnetic media was safe, that you could backup to a hard 
drive and set it on a shelf and years later come back to it and retrieve data 
from it.  However, I have found that this is not true, that over time the lube 
in mag media can dry out and the disk will not restart if powered up again.  
But USB media I am equally suspicious of.  I have had many USB sticks fail on 
me and the most common reason is the durability of the mechanical construction. 
 

Anyone interested in this should THROUGHLY read the following:

https://nepp.nasa.gov/Whisker/index.html

This is a document put together by NASA detailing the phenomenon of tin whisker 
growth.  For some reason nobody understands, tin used in electronics can grow 
thin whiskers over time.  This is mainly in more humid or hot environments.  I 
have for example repaired a number of automotive instrument panels and observed 
splaying out of tin from circuit board joints in whiskers.  There are examples 
of this on that URL.

Lead was added to solder because it was found it would prevent whisker growth 
and make the solder less brittle and stronger.  But, when governments started 
pushing/outlawing/whatever the use of lead in electronic solder, and pushing 
lead-free solder, it meant that unless the solder was kept at precise 
temperatures during manufacture it would form brittle solder joints that could 
easily break under mechanical load.  This is one of the primary reasons USB 
drives fail, because there is a stress point at the intersection of the metal 
USB A connector and the circuit board of the drive.  Any bending there will 
fracture the solder connections easily, and much more so if the manufacturer 
was not controlling solder temperature.   But, even if the part was made well 
with strong solder joints, whisker growth is much more pronounced with 
lead-free solders.

Most people involved in the computer industry are software folks and not 
hardware, and even for the ones involved in hardware only a handful of those 
are ever involved in long term electronics.  But if you talk to people who for 
example restore antique radios, or people who restore antique computers (which 
is a small but growing hobby) you will find that MANY modern electronic devices 
WILL NOT last reliably for more than around 30 years.

Ted 

-Original Message-
From: PLUG  On Behalf Of John Jason Jordan
Sent: Sunday, May 28, 2023 1:10 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] "sold as 16GB" PNY flash drives store >30GB

On Sun, 28 May 2023 00:37:28 -0700
Keith Lofstrom  dijo:

>I bought a "PNY 16GB Attaché 3 USB 2.0 Flash Drive 10-Pack"
>from Amazon for $27.98, to transfer files from some ancient CentOS 
>machines to replacement Debian machines.
>
>The four I've tested so far format to more than 30GB (!!!) of ext3 file 
>systems.  Hard to believe, so I read/write- tested two of them with 
>random patterns for a few days.
>No bits lost.

In the past I've bought USB drives advertised as 1TB that appeared in GUI file 
browsers as 1TB, but which could not take more than 32GB of data. The end of 
the 

Re: [PLUG] Updated Ubuntu server and Zoneminder.

[Ted Mittelstaedt]

Yes of course it won't - because it was built with that cross platform nonsense.

Ionic and cordova use the integrated into either IoS or Android web browser 
(WebView) to essentially draw windows and such in the Web browser then use that 
as a rendering engine.  The Android browser is based
On the Chromium engine which has a restriction of a maximum of 6 incoming 
streams thus 6 windows thus
6 cameras.

Find a crappy old PC and plug in a giant monitor then load Linux then use 
Firefox on it and you can display the
8 cameras.

Ted

-Original Message-
From: PLUG  On Behalf Of Chuck Hast
Sent: Monday, May 22, 2023 5:36 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Updated Ubuntu server and Zoneminder.

I use it on the desktop. When I want to see something from the phone I just 
connect to ZM and look at the image I am interested in.

But I have a couple of large screens that all I want to see is the camera 
images. Right now ZMNinja had decided that it will not display cameras 7 and 8 
on a system that I have running. At my home sistem it does just fine. I have 
looked to see why it does not want to display those two camera but so far no 
joy.

I would like to see just a bare bones monitor app for a large screen. The 
monitor folks can use their laptops to look at a specific camera, but the large 
screen is for others who are also monitoring.


On Sun, May 21, 2023 at 4:40 PM Ted Mittelstaedt 
wrote:

> As a mobile app ZMNinja isn't that complicated, what makes it complex 
> and squirrely is that asker used Cordova to build it so that it would 
> run on both iphones and Android phones, and the elephant in the room 
> is clearly NOT that he "didn't have time to work on it anymore" but 
> that the app is built with a cross-platform mobile framework that people are 
> abandoning.
>
> Someone needs to step up and migrate it to Capacitor.  But that 
> someone would NOT be me.  If I was going to spend time on this I'd 
> scotch the whole thing and write an Android-only app using Android 
> Studio and Java.  If I was going to code it for money, I'd write an 
> IOS app on Xcode and Swift and keep the codebases separate.
>
> The other problem of course is push notifications, there is a group 
> out there who insist on having an app buzzing their phone 100 times 
> all day when a bird lands in the field of vision.  I see the point 
> with doorbell cams but the camera companies are only just bringing 
> ones on to the market that don't require a subscription to Ring or something 
> like that.
>
> Ted
>
> -Original Message-
> From: PLUG  On Behalf Of Chuck Hast
> Sent: Sunday, May 21, 2023 12:11 PM
> To: Portland Linux/Unix Group 
> Subject: Re: [PLUG] Updated Ubuntu server and Zoneminder.
>
> 1.36.33
> I wish there was another monitor solution, I have found ZMNinja always 
> kind of squirrely. I recall one where it would show the cameras as 
> viewable but as soon as you went to look at them they were not there, 
> got back to the page where you make them viewable and they would have 
> the bar through them. Turn it off and go look, still blocked. Never 
> sure WHAT I did but at one point they were all there. I of course 
> wonder if some of the issue is ZMNinja being built on Chrome.
>
> Zoneminder is just being ZM, i.e. it just works. I did a OS upgrade 
> and thought I had dropped a bomb on it turns out I had NOT killed the 
> old Focal PPA and that was causing major issue, killed the PPA and 
> made sure the latest one was working did a quick reload, and it came 
> back nice and stable as always.
>
>
>
> On Sun, May 21, 2023 at 12:24 PM Ted Mittelstaedt 
> 
> wrote:
>
> > I had some problem with it myself, seems only to work when I use the 
> > "admin" user that has all rights.  ZMNinja seems that it's 
> > -supposed- to be happy with just view access but I don't think it is 
> > - I don't know if it's errors in programming assumptions or whatever 
> > - but it seems to assume that it has a lot more rights to the 
> > cameras than you
> would think is normal.
> > Not sure what's going on there.What version ZM are you running?
> >
> > Ted
> >
> > -Original Message-
> > From: PLUG  On Behalf Of Chuck Hast
> > Sent: Saturday, May 20, 2023 3:58 PM
> > To: Portland Linux/Unix Group 
> > Subject: [PLUG] Updated Ubuntu server and Zoneminder.
> >
> > Anyone running the latest ZM and Ubuntu server? I just did the 
> > update of the whole thing. All seems to be working except that 
> > ZMNinja only shows of the 10 cameras I have on the system. If I open 
> > the [monitors] section it shows all of the cameras but the ones not 
> > showing up have a bar through them. I have tried to get it to allow 

Re: [PLUG] Updated Ubuntu server and Zoneminder.

[Ted Mittelstaedt]

As a mobile app ZMNinja isn't that complicated, what makes it complex and 
squirrely is that asker used Cordova to build it so that it would run on both 
iphones and Android phones, and the elephant in the room is clearly NOT that he 
"didn't have time to work on it anymore" but that the app is built with a 
cross-platform mobile framework that people are abandoning.

Someone needs to step up and migrate it to Capacitor.  But that someone would 
NOT be me.  If I was going to spend time on this I'd scotch the whole thing and 
write an Android-only app using Android Studio and Java.  If I was going to 
code it for money, I'd write an IOS app on Xcode and Swift and keep the 
codebases separate.

The other problem of course is push notifications, there is a group out there 
who insist on having an app buzzing their phone 100 times all day when a bird 
lands in the field of vision.  I see the point with doorbell cams but the 
camera companies are only just bringing ones on to the market that don't 
require a subscription to Ring or something like that.

Ted

-Original Message-
From: PLUG  On Behalf Of Chuck Hast
Sent: Sunday, May 21, 2023 12:11 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Updated Ubuntu server and Zoneminder.

1.36.33
I wish there was another monitor solution, I have found ZMNinja always kind of 
squirrely. I recall one where it would show the cameras as viewable but as soon 
as you went to look at them they were not there, got back to the page where you 
make them viewable and they would have the bar through them. Turn it off and go 
look, still blocked. Never sure WHAT I did but at one point they were all 
there. I of course wonder if some of the issue is ZMNinja being built on Chrome.

Zoneminder is just being ZM, i.e. it just works. I did a OS upgrade and thought 
I had dropped a bomb on it turns out I had NOT killed the old Focal PPA and 
that was causing major issue, killed the PPA and made sure the latest one was 
working did a quick reload, and it came back nice and stable as always.



On Sun, May 21, 2023 at 12:24 PM Ted Mittelstaedt 
wrote:

> I had some problem with it myself, seems only to work when I use the 
> "admin" user that has all rights.  ZMNinja seems that it's -supposed- 
> to be happy with just view access but I don't think it is - I don't 
> know if it's errors in programming assumptions or whatever - but it 
> seems to assume that it has a lot more rights to the cameras than you would 
> think is normal.
> Not sure what's going on there.What version ZM are you running?
>
> Ted
>
> -Original Message-
> From: PLUG  On Behalf Of Chuck Hast
> Sent: Saturday, May 20, 2023 3:58 PM
> To: Portland Linux/Unix Group 
> Subject: [PLUG] Updated Ubuntu server and Zoneminder.
>
> Anyone running the latest ZM and Ubuntu server? I just did the update 
> of the whole thing. All seems to be working except that ZMNinja only 
> shows of the 10 cameras I have on the system. If I open the [monitors] 
> section it shows all of the cameras but the ones not showing up have a 
> bar through them. I have tried to get it to allow them but for some reason it 
> is not.
> It was working just fine before I did the upgrade so it maybe 
> something on the Zoneminder end.
>
> --
>
> Chuck Hast  -- KP4DJT --
> I can do all things through Christ which strengtheneth me.
> Ph 4:13 KJV
> Todo lo puedo en Cristo que me fortalece.
> Fil 4:13 RVR1960
>


-- 

Chuck Hast  -- KP4DJT --
I can do all things through Christ which strengtheneth me.
Ph 4:13 KJV
Todo lo puedo en Cristo que me fortalece.
Fil 4:13 RVR1960

Re: [PLUG] Updated Ubuntu server and Zoneminder.

[Ted Mittelstaedt]

I had some problem with it myself, seems only to work when I use the "admin" 
user that has all rights.  ZMNinja seems that it's -supposed- to be happy with 
just view access but I don't think it is - I don't know if it's errors in 
programming assumptions or whatever - but it seems to assume that it has a lot 
more rights to the cameras than you would think is normal.  Not sure what's 
going on there.What version ZM are you running?

Ted

-Original Message-
From: PLUG  On Behalf Of Chuck Hast
Sent: Saturday, May 20, 2023 3:58 PM
To: Portland Linux/Unix Group 
Subject: [PLUG] Updated Ubuntu server and Zoneminder.

Anyone running the latest ZM and Ubuntu server? I just did the update of the 
whole thing. All seems to be working except that ZMNinja only shows of the 10 
cameras I have on the system. If I open the [monitors] section it shows all of 
the cameras but the ones not showing up have a bar through them. I have tried 
to get it to allow them but for some reason it is not. It was working just fine 
before I did the upgrade so it maybe something on the Zoneminder end.

-- 

Chuck Hast  -- KP4DJT --
I can do all things through Christ which strengtheneth me.
Ph 4:13 KJV
Todo lo puedo en Cristo que me fortalece.
Fil 4:13 RVR1960

Re: [PLUG] Sending a Google-Earth Pro image via email

[Ted Mittelstaedt]

You are correct I was using "apt get" as slang for "do whatever it is under 
your Linux distro to install software" But I will try to be more sensitive to 
the non-Debian distro's users tendency to get butthurt by every last Linux 
guide out there on the Internet that tells people to fix problems on Linux by 
installing software with apt-get.  After all, it's very important to rename the 
software installers on different distros otherwise people might get the idea 
that Linux distros are all just plain old Linux with a GUI wrapper...

I will point out that most people don't even think BSD Unix has anything to do 
with the Linux world and that practically NO Linux people acknowledge any sort 
of debt at all to BSD much less understand Linux wouldn't have ever existed if 
it hadn't been for BSD, so if anyone's going to get butthurt by Debian-centrism 
it's ME!!!  LOL

I doubted Russell would be interested in any case but I wanted to throw out the 
idea in case he might have been.  If he had asked I would have actually looked 
up the process for Slackware and posted links.

One of the central ideas behind Unix is that EVERY Unix system is it's own 
server.  Unix MUA's are NOT supposed to be written to reach out over the 
Internet and talk to a smart host.They are SUPPOSED to pass the email to 
the local mailer which then handles the task of getting it from the machine to 
wherever it's supposed to go.

The fact that you can load Thunderbird on any given Linux distro and the FIRST 
option that it gives you when setting up an account is to talk to some OTHER 
server than it's very own MTA running locally, is a measure of just how 
Windowized that most Linux "workstations" are these days and how much the Linux 
userbase has unconsciously adopted the Microsoft Mantra that the workstation is 
supposed to be dumb as a post while the real work goes on elsewhere (preferably 
on their servers that you pay lots of money t them for using)  Dennis Ritchie 
would be rolling over in his grave if he saw the state of things with Unix 
today.  Sigh.

Once Microsoft realized that the majority of the Linux userbase was no 
different than the Mac or the Windows userbase and just wanted to use their 
machines as glorified dumb terminals that could display artwork on the desktop, 
and were completely happy running neutered machines, that's when they suddenly 
loved Linux.  Give the babies their bottles and let them be happy seeing 
"Linux" on their desktop while the real work is done on an IIS server running 
on Server 2022 in a cloud somewhere.

And Google is no different (especially about the money part) other than the 
real work is done on an NGINX server somewhere not IIS

Sigh.

Ted

-Original Message-
From: PLUG  On Behalf Of Ben Koenig
Sent: Thursday, May 18, 2023 10:30 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Sending a Google-Earth Pro image via email

I'm sorry, but what exactly is the point of asking what distro someone uses, 
only to completely disregard what they tell you? Distros are defined by their 
package manager so unless slackware is debian based it probably doesn't use 
apt.

Regardless this isn't some fancy MUA thing. Google Earth simply wants to 
generate an email and load it into the user's client of choice. On my system it 
only offers thunderbird, but doesn't see kmail or any of the commandline 
options because it wasn't designed to look for every mail client ever created. 
I don't know what system it's using to find the client, might be some sort of 
XDG standard they are looking for.

The workaround is to save the file to disk, then attach to an email you 
composed in the client of your choice. If google doesn't want to see your 
client.
-Ben


--- Original Message ---
On Thursday, May 18th, 2023 at 9:28 PM, Ted Mittelstaedt 
 wrote:


> If you do an apt get install postfix and during the setup set it to send mail 
> to a "smartmailer" ie: your ISP then you should be able to use the MUAs on 
> the system.
> 
> Ted
> 
> -Original Message-
> From: PLUG plug-boun...@pdxlinux.org On Behalf Of Rich Shepard
> 
> Sent: Thursday, May 18, 2023 6:11 PM
> To: plug@pdxlinux.org
> Subject: Re: [PLUG] Sending a Google-Earth Pro image via email
> 
> On Fri, 19 May 2023, Ted Mittelstaedt wrote:
> 
> > What is the operating system/version/make/model/year of Linux you are using?
> 
> 
> Ted,
> 
> Slackware64-15.0 the most current production distribution.
> 
> Rich

Re: [PLUG] Sending a Google-Earth Pro image via email

[Ted Mittelstaedt]

If you do an apt get install postfix and during the setup set it to send mail 
to a "smartmailer" ie: your ISP then you should be able to use the MUAs on the 
system.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Thursday, May 18, 2023 6:11 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Sending a Google-Earth Pro image via email

On Fri, 19 May 2023, Ted Mittelstaedt wrote:

> What is the operating system/version/make/model/year of Linux you are using?

Ted,

Slackware64-15.0 the most current production distribution.

Rich

Re: [PLUG] Sending a Google-Earth Pro image via email

[Ted Mittelstaedt]

What is the operating system/version/make/model/year of Linux you are using?

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Thursday, May 18, 2023 1:30 PM
To: plug@pdxlinux.org
Subject: [PLUG] Sending a Google-Earth Pro image via email

I'm trying to send myself a KML image from Google Earth Pro, but the only MUAs 
made available are the web browser mailer or Google. The Tools -> Options -> 
select the mailer does not allow any other option, such as alpine or mutt.

Does anyone know of a way to use the MUA installed on the host to mail (or
save) that .kml georeferenced image?

Rich

Re: [PLUG] Kaisen Linux The distro for IT pros?

[Ted Mittelstaedt]

I try to build 'em so they only bork when I want 'em to borkLOL

Seriously, I think there's a big value in the idea of separating the computing 
you need to do to interface with the users from the computing you need to do to 
get real work done.

In "the olden days"  a user logged in and typed in  "2+2" and the computer spit 
out "4" and virtually 100% of the work done by the computer was done adding 2 
to 2.

Today to get the user to the point of asking the computer what 2 + 2 is, you 
need the equivalent computing power of what they used to send men to the Moon, 
to power the user interface, and probably 1 times the number of lines of 
code.  99.99% of the work done by computer is getting to the user 
question.  Don't forget they only need Deep Thought to get the answer to the 
Ultimate Question of Life, the Universe and Everything.  They needed Earth and 
Earth Mark II to actually ask the question

Virtually all of the places for borkititude to appear are in the user 
interface.  And since that's the part that users touch, and users are experts 
at breaking computers - if I can put the back end Linux server that does the 
real work at the other end of an Ethernet network, far away from the users, it 
never borks so I never have to bother with a tookit to fix it.

And when the users bork the computer running the user interface code - then 
fixing that is nothing more than a reboot off an install stick.

Ted

-Original Message-
From: PLUG  On Behalf Of MC_Sequoia
Sent: Monday, May 15, 2023 3:52 PM
To: Portland Linux/Unix Group 
Subject: [PLUG] Kaisen Linux The distro for IT pros?

I recently learned about this distro and checked some reviews. It does have a 
pretty extensive tool set and it loads it to RAM so you can install it on a 
b0rK3d Linux box.

In a previous IT work life, I used Linux boxes to troubleshoot network 
problems. I cobbled a dependable toolset together mostly from the Stanford 
Linear Accelerator Network Monitoring Website, 
https://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html and late night browsing 
of the Debian software repository.

I've done some troubleshooting and fixing of Linux servers and my own Linux 
boxes but I've never had what seems to be a rescue distro.

The reviews talked a lot about the pre-packaged toolset but not much about how, 
when to use which tools and if they were the actual tools that could fix 
real-world Linux problems.

I'm curious to know the thoughts of any Linux IT pros about a distro like this 
or if you'd be interested in sharing a toolset you've cobbled together that you 
rely on to rescue Linux systems.

Thanks,

Mike

Sent with [Proton Mail](https://proton.me/) secure email.

Re: [PLUG] Any Ubiquiti Experts?

[Ted Mittelstaedt]

Yeah, some of those hotspots I have really grown to hate.

TMobile is currently sending out a hotspot that - and I kid you not - says 
right in the instructions that you must not leave it plugged into the charger 
for more than 8 hours at a time or the battery will overcharge and be ruined.   
They actually enforce this with software on the hotspot that makes it turn off 
if you leave it plugged into the charger.  Apparently the concept of sticking a 
50 cent battery management chip into the device to manage the rechargeable 
Li-Ion battery in the piece of crap was beyond the capabilities of their 
engineers.

Ted

-Original Message-
From: PLUG  On Behalf Of Ben Koenig
Sent: Friday, May 12, 2023 2:32 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Any Ubiquiti Experts?

Yeah they usually have a couple options, but only a couple. There are some 
really wacky issues from years ago that typically require a software update to 
resolve. Even knowing what the hotspot is currently broadcasting can be helpful 
in narrowing it down or ruling it out.

Try connecting a MBP from 2013/2014 to a wpa 2/3 network and youll see what I 
mean. It works on paper :)

-Ben
Sent from ProtonMail mobile

 Original Message 
On May 12, 2023, 2:22 PM, Ted Mittelstaedt < t...@portlandia-it.com> wrote:
-Original Message- From: PLUG On Behalf Of Ben Koenig Sent: Friday, May 
12, 2023 5:47 AM To: Portland Linux/Unix Group Subject: Re: [PLUG] Any Ubiquiti 
Experts? >Something about this Verizon hotspot network is different from the 
others. What is it? >By far the easiest thing to do here is change the Verizon 
hotspot to broadcast an OPEN network, no >encryption. If that works then we 
know more-or-less where the problem is. >Not saying this is a solution. OPEN 
encryption should not fail on any device and will tell us if the Verizon 
>hotspot is using an encryption scheme that the Bullet M2 can't handle. I have 
worked with some of these cell hotspot devices before and they are most 
definitely KISS devices and his may not even permit him to make any changes 
whatsoever to the encryption. Instructions that come with them are on the order 
of "plug it in and it will display the SSID and password on screen" and that's 
pretty much it. The cell companies don't want to offer any kind of support on 
them at all so it's like "get this on a 30 day return and if you can't make it 
work send it back to us, but don't call for support unless the device tells you 
"no cell signal" on screen" . Ted

Re: [PLUG] Any Ubiquiti Experts?

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Ben Koenig
Sent: Friday, May 12, 2023 5:47 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Any Ubiquiti Experts?


>Something about this Verizon hotspot network is different from the others. 
>What is it?

>By far the easiest thing to do here is change the Verizon hotspot to broadcast 
>an OPEN network, no >encryption. If that works then we know more-or-less where 
>the problem is.

>Not saying this is a solution. OPEN encryption should not fail on any device 
>and will tell us if the Verizon >hotspot is using an encryption scheme that 
>the Bullet M2 can't handle. 

I have worked with some of these cell hotspot devices before and they are most 
definitely KISS devices and his may not even permit him to make any changes 
whatsoever to the encryption.

Instructions that come with them are on the order of "plug it in and it will 
display the SSID and password on screen" and that's pretty much it.   The cell 
companies don't want to offer any kind of support on them at all so it's like 
"get this on a 30 day return and if you can't make it work send it back to us, 
but don't call for support unless the device tells you "no cell signal" on 
screen"
.
Ted

Re: [PLUG] Any Ubiquiti Experts?

[Ted Mittelstaedt]

OK here is something simpler.

All you need is something that will replace the bullet and connect to the 
Verizon hotspot and to your netgear wan port.  You can keep using the bullet to 
connect to the unnamed "distant" wifi whatever that is, and to your AT phone 
when you turn on tethering since that works.

I'll send you out a couple routers you can play with one configured with a 
dd-wrt version that has a working client bridge and the other configured with 
openwrt.

You can then either use the instructions here for openwrt:

https://openwrt.org/docs/guide-user/network/routedclient

or here for dd-wrt:

https://wiki.dd-wrt.com/wiki/index.php/Client_Bridge

whichever one you find easiest to use, to connect to the hotspot.

OR THERE IS SOMETHING EVEN SIMPLER THAN THAT:

I have a nice used Samsung S9 that originated on the Verizon network that I'm 
no longer using.  Since you know you got good signal on the Verizon network, 
I'll send you that phone and you can contact Verizon and cancel the hotspot 
account, then contact AT and cancel your existing cell phone account, then 
get an unlimited data plan from Verizon and have them send you a sim out for 
the S9.  Cost on an unlimited plan is likely cheaper than cost on the Verizon 
hotspot AND the AT cell plan.  And I'll even throw in a dd-wrt router that 
will connect to the S9 when it's running it's wifi tethering.

Ted

-Original Message-
From: PLUG  On Behalf Of Michael Barnes
Sent: Thursday, May 11, 2023 9:08 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Any Ubiquiti Experts?

Thanks anyhow, folks. I was hoping for something simple. I'm afraid 80-90% of 
this disussion has gone way over my head. As I age, I think I have forgotten 
more about this networking stuff than I knew in the first place.
I didn't think it was all that difficult to understand the layout, it is pretty 
simple. Outside gain antenna > Ubiquiti Bullet > Netgear WAN port > 
wifi/ethernet to devices. Log into Bullet and select available wifi network 
from scan list. Sometimes the available wifi network is distant or very weak, 
hence the big gain antenna. At times, no network was available, so I connected 
to my phone as a hotspot. Sometimes adequate AT signal is not available or I 
used up my monthly data allocation, so I acquired the Verizon hotspot. The 
Bullet shows the Verizon device on the scanned network list, but does not allow 
it to be selected.
I have a very limited budget and even more limited skillset anymore.
Obtaining the Verizon equipment and service was a huge hit. Acquiring 
additional equipment is simply out of the question for both financial and 
logistical reasons.

Thank you all for your time anyhow. Unfortunately, it was more an exercise in 
frustration and futility for me.

Michael


On Thu, May 11, 2023, 21:55 Ted Mittelstaedt  wrote:

>
> -Original Message-
> From: PLUG  On Behalf Of Russell Senior
> Sent: Thursday, May 11, 2023 2:46 PM
> To: Portland Linux/Unix Group 
> Subject: Re: [PLUG] Any Ubiquiti Experts?
>
> On Thu, May 11, 2023 at 1:07 PM Ted Mittelstaedt 
> 
>
> >Bridging when both ends are cooperating is not difficult (see 
> >4-address
> mode). The Verizon hotspot is not >cooperating.
>
> I've had no issues bridging using dd-wrt to my phone in portable 
> setups where a device with an ethernet port needed to get on the 
> Internet and there was no Ethernet port available.  Possibly if you 
> have never used dd-wrt you are drawing conclusions based on inferior 
> wifi bridging implementations in openwrt??
>
> >I always recommend routing at the station over trying to bridge 
> >*UNLESS
> YOU CONTROL BOTH ENDS*.
>
> I have to disagree with this one.  Inserting routers at both ends of a 
> wifi bridge is actually best network practices.  And I mean a real 
> router not an address translator.  For starters it eliminates all the 
> TCP/IP broadcast traffic which just adds useless traffic to the wifi link.
>
> The issue is not in the network design on this one.  The issue is in 
> the "ISP handoff" or rather the border.  Best practices is to have the 
> ISP handoff a PUBLIC IP address whether it's DHCP supplied or static.
>
> The moment the ISP hands you a PRIVATE number you are off in the weeds 
> and you really need to recognize you are in the insane asylum.  And 
> you are in an insane asylum inside of a sinking ship if you don't have 
> control over the NAT device.
>
> >My recollection of the ubiquiti firmware on the M-class devices is 
> >that
> station-mode implies routing. I use >a lot of ubiquiti hardware, but 
> rarely their software.
>
> My go-to is Ubiquiti hardware and software  for corporate WDS installs.
> But I don't judge them to be "the best"  Their propensity for the 
> software update of the month is highly annoyi

Re: [PLUG] Zoneminder server build instructions

[Ted Mittelstaedt]

Probably should reply to plug-talk on this one.

-Original Message-
From: PLUG  On Behalf Of Chuck Hast
Sent: Thursday, May 11, 2023 8:12 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Zoneminder server build instructions


>Based on what I see of the news in PDX, looks like PDX has pretty much given 
>the bad guys free range...  I >was back there in July of 2021 doing work in 
>Pioneer Squaire Mall, it was a sad sight to see how much >downtown had been 
>destroyed by those people.

It's not the cops it's the courts that are the problem.  The cops bring them in 
and the courts let them out often just drop the charges.  The courts constantly 
complain about not having enough people and so on.

There was a period for about 8 years that if the cops pulled over a stolen 
vehicle in Oregon the driver could simply claim that "a dude loaned me this 
vehicle I didn't know it was stolen"  Then when they asked him who "the dude" 
was, he would just say "some guy over in that homeless camp over there.  But he 
isn't there right now and no I don't know his name"

And they would not be able to charge him with car theft.  Seriously.  
Willamette Week did a whole expose on it and still it took 2 years for them to 
close that loophole.

The other problem is even if they convict them they have no space for them.  
The voters approved money for a new jail and they built it, Wapato.  Then one 
of the county commissioners - Gretchen Kafoury - got a bug up her ass that "oh 
it's cruel to put drug users in jail" and for like 15 years blocked every 
effort to fund it's operations.  When she died her DAUGHTER, Deborah Kafoury, 
kept up the same bullshit when she got the same office, and even publicly swore 
at the county commissioner who booted her out of office, although Deborah did 
manage to divert 2 million dollars of county money into buying 22 thousand 
(yes, 22,000)  _tents_ and distributing them to the homeless for free.  That 
way I guess the homeless could shoot up without anyone seeing them.

Finally they sold it, it's now been renamed "Bybee Lakes Hope Center" and it is 
a homeless shelter.  Apparently the homeless don't think it's cruel to be put 
in a former jail and get 3 hots and a cot and a roof over their head.  And most 
of them are homeless due to being drug users so the jail is now housing drug 
users despite the county commissioner's bullcrap.   You literally can't make 
this shit up.   Here's the website for it:

https://helpinghandsreentry.org/bybee-lakes-hope-center

To be perfectly fair not all homeless (not even the majority) are criminal.  
But their camps and everything else they do gives cover for the real druggies 
and criminals and taggers.

Ted

Re: [PLUG] Zoneminder server build instructions

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Chuck Hast
Sent: Thursday, May 11, 2023 8:06 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Zoneminder server build instructions

See below:

> Of course that may have been one of the company apps that was doing that.

It was.  I setup an XP system on a 1U rack mounted PC 13 years ago running 
WhatsUp Gold version 5.01 mainly because the company I had worked for had spent 
$500 on that software, all it does is monitor uptime and do an early warning 
via email.  It was supposed to be temporary.  It's still alive.

It had had uptimes of 2 years or more the only thing that takes it down is if 
the UPS batteries fail.

I also run Big Sister on a Linux server that does the same thing.  They 
actually monitor each other as well as the rest of the network.

>
>
> What about mounting a standard PTZ at a 45 degree angle?
>
> I tried that but of course as you pan around you will end up looking 
> at
> that ground on the
> other side of the pan.

Ah yes I forgot about that.

Ted

Re: [PLUG] Any Ubiquiti Experts?

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Russell Senior
Sent: Thursday, May 11, 2023 2:46 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Any Ubiquiti Experts?

On Thu, May 11, 2023 at 1:07 PM Ted Mittelstaedt 

>Bridging when both ends are cooperating is not difficult (see 4-address mode). 
>The Verizon hotspot is not >cooperating.

I've had no issues bridging using dd-wrt to my phone in portable setups where a 
device with an ethernet port needed to get on the Internet and there was no 
Ethernet port available.  Possibly if you have never used dd-wrt you are 
drawing conclusions based on inferior wifi bridging implementations in openwrt??

>I always recommend routing at the station over trying to bridge *UNLESS YOU 
>CONTROL BOTH ENDS*. 

I have to disagree with this one.  Inserting routers at both ends of a wifi 
bridge is actually best network practices.  And I mean a real router not an 
address translator.  For starters it eliminates all the TCP/IP broadcast 
traffic which just adds useless traffic to the wifi link.

The issue is not in the network design on this one.  The issue is in the "ISP 
handoff" or rather the border.  Best practices is to have the ISP handoff a 
PUBLIC IP address whether it's DHCP supplied or static.

The moment the ISP hands you a PRIVATE number you are off in the weeds and you 
really need to recognize you are in the insane asylum.  And you are in an 
insane asylum inside of a sinking ship if you don't have control over the NAT 
device.

>My recollection of the ubiquiti firmware on the M-class devices is that 
>station-mode implies routing. I use >a lot of ubiquiti hardware, but rarely 
>their software.

My go-to is Ubiquiti hardware and software  for corporate WDS installs.  But I 
don't judge them to be "the best"  Their propensity for the software update of 
the month is highly annoying, frankly.  They are just the cheapest out there 
that is "corporatized" LOL

>OpenWrt is for people who want to treat their device as a tiny computer that 
>happens to have wifi >interfaces... that is, for people who want to be able to 
>construct their own solutions for their particular >problem.

Then quit being myopic about it and spend the money on a Raspberry Pi or it's 
clone the Le Potato or whatever they call it, and plug in a wireless USB stick 
and have a REAL computer not a toy with a crappy power supply, a weak CPU and a 
propensity for locking up (with certain flaky hardware)

>OpenWrt is not religious, it is entirely practical if you can't build the 
>system you want because some >megacorporation doesn't release required 
>programming information for their equipment and reliable >reverse engineering 
>isn't available. OpenWrt doesn't support some hardware, mostly Broadcom, 
>because >they can't build modern kernels or implement desired features with it.

Except that dd-wrt somehow CAN build kernels and implement desired features.   
As can TomatoNG.  You are just quoting the OpenWRT bullshit excuses they use to 
justify not doing the work to support some devices.  And OpenWRT does in fact 
support a lot of Broadcom.  Dd-wrt also runs modern kernels on SOCs that have 
ports of modern kernels to them.

I get it, like any OSS project they have limited development time and can't get 
around to all hardware so they concentrate on a core hardware template.   
Dd-wrt is no different they have Broadcom based devices they don't support 
because the main developer didn't put the work into it either, but he isn't 
inventing BS excuses about OSS purity and megacorporations to explain why he 
doesn't support it.

The Linux network stack and NAT modules are INCREDIBLY inefficient and slow.  
There was a large research project someone did as their thesis a few years ago 
that built an efficient NAT implementation that when used to replace NAT in the 
Linux stack was 50 times faster in some implementations.  But Linux Torvalds is 
not interested in people showing his dirty underwear so he ignored it.  And the 
OpenWRT people pretend that Linux makes a great router platform when the 
reality is it makes a crappy router platform.  This has been proven by FreeBSD 
multiple times in the past which has a far better network stack as well.

dd-wrt's developer finally had to admit this and incorporate the Broadcom 
software NAT  (which they claim is hardware but it really isn't it's just 
microcode on their SOC) into select models with the Broadcom Northstar CPU and 
now, for the price of less than $10 for a device you can find in a Goodwill 
bin, you can get gigabit NAT speeds in a router that has a 500Mhz CPU and a 
Broadcom SOC.

OpenWRT could do this also with the Atheros chipset but they would have to 
abandon the Linux NAT module to do it.  Plus do a lot of work porting in the 
alternative NAT code.  It's just easier for them to spread BS around about 
megacorporations.

>

Re: [PLUG] Any Ubiquiti Experts?

[Ted Mittelstaedt]

the problem is with the Bullet, it's 
not clear that would help beyond removing a device from the chain. You are 
probably using the Bullet with a directional antenna to be able to connect to a 
more distant AP (which you wouldn't need with the Verizon hotspot, if it is 
nearby).

One other thing to note, modern OpenWrt might not fit easily on a Bullet M2 
anymore, primarily because it only has 32MB of RAM. OpenWrt was historically 
very good at squeezing things into tiny spaces, but upstream kernel growth and 
modern devices with more resources (and less consequent pressure to keep things 
small) have led to progressive abandonment of older, more constrained devices. 
Even 8MB of flash (with the Bullet M2 has) is becoming inadequate these days. 
But the 32MB of RAM is the more painful constraint at the moment.  I have 
experimented (thus far, unsuccessfully on a single attempt) to update the RAM 
chip in a Bullet M2 to 64MB with a pin-compatible part from the same product 
line, and it ALMOST worked (it booted and ran for 30 seconds or so before 
panicking).

--
Russell Senior
russ...@personaltelco.net

On Thu, May 11, 2023 at 8:50 AM Ted Mittelstaedt 
wrote:

> Yeah one of the problems with schemes like this is you are running 
> double and sometimes triple network address translation and it can be 
> SLOW if it even works at all.
>
> Here is my suggestion:
>
> Get an Atheros-based chipset router.  Install either dd-wrt or Openwrt on
> it.  Configure the unit as a wifi-to-ethernet bridge.   Associate it to the
> Verizon hotspot and use the translation on the hotspot.
>
> As for the Bullet that matters how your source wifi is configured.  If 
> the bullet is being supplied by a WISP then you will be getting a 
> single assigned public IP from that and will need to use your netgear 
> router to handle that.  Otherwise if it's just getting connectivity 
> from some friend's wifi elsewhere then the bullet also needs to be in bridged 
> mode.
>
> Broadcom-based chips don't handle bridging properly, never have.
>
> You have way too many routers involved here.  You need to be thinking 
> bridging, not routing.
>
> Ted
>
> -Original Message-
> From: PLUG  On Behalf Of Michael Barnes
> Sent: Wednesday, May 10, 2023 8:54 PM
> To: Portland Linux/Unix Group 
> Subject: Re: [PLUG] Any Ubiquiti Experts?
>
> On Wed, May 10, 2023 at 7:35 PM Tomas Kuchta 
>  >
> wrote:
>
> > On Wed, May 10, 2023, 17:47 Michael Barnes 
> wrote:
> >
> > > I have a local network using an Ubiquiti Bullet M2 feeding a 
> > > Netgear
> > router
> > > that serves my various devices. The Bullet serves as an access 
> > > point and pulls from an available wifi source.
> > > I got a hotspot from Verizon for internet access. When I log into 
> > > the Bullet to select a source, the hotspot shows up on the list, 
> > > but is not selectable. It has good signal strength, just not the 
> > > little circle that allows me to select it.
> > > .
> >
> >
> > I am confused about your network topology. So, you get in internet 
> > over wifi from somewhere, received by the bullet - that feeds 
> > Netgear router by what? (Ethernet cable?) Then you get your other 
> > wifi devices connected to Netgear or back to bullet on different 
> > vlan or ?? Very confusing  Now you want the bullet to be able to 
> > get internet from 2nd source (hotspot), but only when it is on?
> >
> > It loos like pretty complex order. Perhaps you need some low level 
> > access to the Linux network config on the bullet. If that is so, 
> > please consider
> > a) simplifying your network topology and b) installing wrt on the 
> > bullet so that you can configure the network and routing directly.
> >
> > -T
> >
> > Tomas
> >
>
> Sorry if it was confusing.
>
> The bullet is connected to an antenna that picks up internet via wifi. 
> The ethernet from the bullet goes through a POE injector into the 
> Internet/WAN port  of the Netgear router. My various devices (TV, 
> Portal, a couple Raspberry Pis, etc.) all connect to the Netgear 
> router. Most of the time there is local wifi available for me to 
> connect to, but not always. When wifi is not available, I have turned 
> on the hotspot on my phone and connected to it. However, when I leave, the 
> network looses internet.
> Lately, I've been having to use my phone a lot and have used up my 
> meager
> (6GB) monthly data allocation. Trying to resolve this, I obtained a 
> Verizon  hotspot with 100GB monthly data. When I log into the bullet 
> to tell it what wifi to connect to, it shows the hotspot on the list, 
> but does not have the little circle that allows

Re: [PLUG] Any Ubiquiti Experts?

[Ted Mittelstaedt]

He needs to tell us how the bullet is configured, it will "work" (as in pass 
packets) either way just sub optimally if on the wrong network.

Internet connectivity has no real meaning unless the people providing it are 
cognizant of where translation is happening.

Ted

-Original Message-
From: PLUG  On Behalf Of Russell Senior
Sent: Thursday, May 11, 2023 4:29 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Any Ubiquiti Experts?

So, the bullet is in station mode. And the bullet must be routing (not 
bridging). What kind of Netgear router are you using? Is it possible to log in 
to the Verizon hotspot to see what it thinks?

--
Russell Senior
russ...@personaltelco.net

On Wed, May 10, 2023, 20:54 Michael Barnes  wrote:

> On Wed, May 10, 2023 at 7:35 PM Tomas Kuchta 
>  >
> wrote:
>
> > On Wed, May 10, 2023, 17:47 Michael Barnes 
> wrote:
> >
> > > I have a local network using an Ubiquiti Bullet M2 feeding a 
> > > Netgear
> > router
> > > that serves my various devices. The Bullet serves as an access 
> > > point
> and
> > > pulls from an available wifi source.
> > > I got a hotspot from Verizon for internet access. When I log into 
> > > the Bullet to select a source, the hotspot shows up on the list, 
> > > but is not selectable. It has good signal strength, just not the 
> > > little circle
> that
> > > allows me to select it.
> > > .
> >
> >
> > I am confused about your network topology. So, you get in internet 
> > over wifi from somewhere, received by the bullet - that feeds 
> > Netgear router
> by
> > what? (Ethernet cable?) Then you get your other wifi devices 
> > connected to Netgear or back to bullet on different vlan or ?? Very 
> > confusing  Now you want the bullet to be able to get internet 
> > from 2nd source (hotspot), but only when it is on?
> >
> > It loos like pretty complex order. Perhaps you need some low level 
> > access to the Linux network config on the bullet. If that is so, 
> > please consider
> > a) simplifying your network topology and b) installing wrt on the 
> > bullet
> so
> > that you can configure the network and routing directly.
> >
> > -T
> >
> > Tomas
> >
>
> Sorry if it was confusing.
>
> The bullet is connected to an antenna that picks up internet via wifi. 
> The ethernet from the bullet goes through a POE injector into the 
> Internet/WAN port  of the Netgear router. My various devices (TV, 
> Portal, a couple Raspberry Pis, etc.) all connect to the Netgear 
> router. Most of the time there is local wifi available for me to 
> connect to, but not always. When wifi is not available, I have turned 
> on the hotspot on my phone and connected to it. However, when I leave, the 
> network looses internet.
> Lately, I've been having to use my phone a lot and have used up my 
> meager
> (6GB) monthly data allocation. Trying to resolve this, I obtained a 
> Verizon  hotspot with 100GB monthly data. When I log into the bullet 
> to tell it what wifi to connect to, it shows the hotspot on the list, 
> but does not have the little circle that allows that source to be selected.
>
> Otherwise, every time I change the internet source, I have to go to 
> every device and log onto the new wifi. With up to seven or more 
> devices, and sometimes changing internet sources daily, that is a real 
> pain. It is so much easier to just have everything connected to the 
> local network and only change the bullet access point. And since 
> lately local wifi hasn't always been available to me, I wanted to use the 
> hotspot.
>
> Does that clarify it at all? Any ideas on why the bullet connects to 
> pretty much everything but the Verizon hotspot? I am suspecting the 
> issue is with the Verizon hotspot, but not sure.
>
> Michael
>

Re: [PLUG] Any Ubiquiti Experts?

[Ted Mittelstaedt]

Yeah one of the problems with schemes like this is you are running double and 
sometimes triple network address translation and it can be SLOW if it even 
works at all.

Here is my suggestion:

Get an Atheros-based chipset router.  Install either dd-wrt or Openwrt on it.  
Configure the unit as a wifi-to-ethernet bridge.   Associate it to the Verizon 
hotspot and use the translation on the hotspot.

As for the Bullet that matters how your source wifi is configured.  If the 
bullet is being supplied by a WISP then you will be getting a single assigned 
public IP from that and will need to use your netgear router to handle that.  
Otherwise if it's just getting connectivity from some friend's wifi elsewhere 
then the bullet also needs to be in bridged mode.

Broadcom-based chips don't handle bridging properly, never have.

You have way too many routers involved here.  You need to be thinking bridging, 
not routing.

Ted

-Original Message-
From: PLUG  On Behalf Of Michael Barnes
Sent: Wednesday, May 10, 2023 8:54 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Any Ubiquiti Experts?

On Wed, May 10, 2023 at 7:35 PM Tomas Kuchta 
wrote:

> On Wed, May 10, 2023, 17:47 Michael Barnes  wrote:
>
> > I have a local network using an Ubiquiti Bullet M2 feeding a Netgear
> router
> > that serves my various devices. The Bullet serves as an access point 
> > and pulls from an available wifi source.
> > I got a hotspot from Verizon for internet access. When I log into 
> > the Bullet to select a source, the hotspot shows up on the list, but 
> > is not selectable. It has good signal strength, just not the little 
> > circle that allows me to select it.
> > .
>
>
> I am confused about your network topology. So, you get in internet 
> over wifi from somewhere, received by the bullet - that feeds Netgear 
> router by what? (Ethernet cable?) Then you get your other wifi devices 
> connected to Netgear or back to bullet on different vlan or ?? Very 
> confusing  Now you want the bullet to be able to get internet from 
> 2nd source (hotspot), but only when it is on?
>
> It loos like pretty complex order. Perhaps you need some low level 
> access to the Linux network config on the bullet. If that is so, 
> please consider
> a) simplifying your network topology and b) installing wrt on the 
> bullet so that you can configure the network and routing directly.
>
> -T
>
> Tomas
>

Sorry if it was confusing.

The bullet is connected to an antenna that picks up internet via wifi. The 
ethernet from the bullet goes through a POE injector into the Internet/WAN port 
 of the Netgear router. My various devices (TV, Portal, a couple Raspberry Pis, 
etc.) all connect to the Netgear router. Most of the time there is local wifi 
available for me to connect to, but not always. When wifi is not available, I 
have turned on the hotspot on my phone and connected to it. However, when I 
leave, the network looses internet.
Lately, I've been having to use my phone a lot and have used up my meager
(6GB) monthly data allocation. Trying to resolve this, I obtained a Verizon  
hotspot with 100GB monthly data. When I log into the bullet to tell it what 
wifi to connect to, it shows the hotspot on the list, but does not have the 
little circle that allows that source to be selected.

Otherwise, every time I change the internet source, I have to go to every 
device and log onto the new wifi. With up to seven or more devices, and 
sometimes changing internet sources daily, that is a real pain. It is so much 
easier to just have everything connected to the local network and only change 
the bullet access point. And since lately local wifi hasn't always been 
available to me, I wanted to use the hotspot.

Does that clarify it at all? Any ideas on why the bullet connects to pretty 
much everything but the Verizon hotspot? I am suspecting the issue is with the 
Verizon hotspot, but not sure.

Michael

Re: [PLUG] Zoneminder server build instructions

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Chuck Hast
Sent: Monday, May 8, 2023 7:54 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Zoneminder server build instructions


>Telegraphy abbreviation for Weather. Very old one. Like RX = receive, TX= 
>Transmit, and many others. SMS and texting >have inherited or revived some of 
>the original abbreviations.

Well at least they are saving electrons on storage. LOL  The world would not 
have missed bringing that back.

>Glass container inspectors I used to service used XP as the HMI, except what 
>was called the rotational inspector, that >box also had some A-D stuff in it 
>so it was more than the HMI.  The sidewall inspector and the base/sealing 
>surface >inspector would run with the HMI box shut down. Indeed the 
>controlling stuff was Linux based. I do recall that we >had to reboot those 
>machines every 49 days or so or strange things would happen.

That was an old bug that Microsoft patched in XP in 2002 as I recall Windows 
Activation had a bug that would cause it to crash if it was left running for 
too long.  Not surprising at all what you were seeing.  By the time Microsoft 
End Of Life'd Windows XP it was finally getting stable enough to depend on and 
the hardware power had gotten to where it would run well.  XP on a Core 2 is 
lightning fast, faster even than Windows 10 on an SSD is today.

>I have one PTZ camera, I am able to control it from ZM, but it does not look 
>up above the horizon, indeed it is aimed >somewhat below the horizon, when it 
>is not zoomed it you get about 8 degrees above horizon visible, but as you 
>>zoom in you see that it is actually zooming in on a point below the horizon.

>I found another cam that can look about 10 degrees above, I would like to have 
>one that can at least go vertical, >sometimes you may want to see what is 
>going on directly overhead or at a higher angle.

>I know that they are out there, most of what I have seen are pretty expensive.

What about mounting a standard PTZ at a 45 degree angle?

Ted

Re: [PLUG] Looking for a paid POP/IMAP email provider

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Richard Owlett
Sent: Monday, May 8, 2023 7:47 AM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Looking for a paid POP/IMAP email provider

>Fastmail shoots self in foot with with focus on "gee whiz" and pretty 
>pictures. No obvious link to unadulterated single >Pop email.

Now hold on there that's unfair, like a LOT of sites nowadays you have to use 
their Search box - type POP3 into their search box and it gives you the 
appropriate URLs:

https://www.fastmail.help/hc/en-us/articles/360058752854

Note the following from that page:

"Users on a Basic plan will not be able to use Fastmail on third-party mail 
clients, or create app passwords. IMAP, SMTP, CalDAV, and CardDAV are available 
to Standard and Professional users only."

>> - Works with any imap email client (Protonmail's paid plan requires a 
>> Bridge app for Thunderbird. etc)

>Protonmail doesn't explicitlty say that it works with Debian &/or SeaMonkey. I 
>require both.

Debian and SeaMonkey are what they term "third-party email clients"   If 
Protonmail's paid plan requires a "bridge app" (very likely a 2FA app) then it 
probably won't work.

I think that ALL of these email services are facing the same issues I've dealt 
with running the mailservers for ipinc.net and seasurf.net, there are just some 
users out there who insist on using the SAME god damn password EVERYWHERE as 
well as other idiotic things.

My domains are small enough so that I can monitor the reports from the 
mailserver and the moment that one of my users accounts starts getting used by 
a spammer I get notified and I can shut it down.  I run scripts that look for 
certain patterns in the logs that are characteristic of a spammer using a 
stolen password.  Probably once a month one of my user accounts gets broken 
into.  After I change the password on it I wait for a phone call from them and 
when they call in wanting to know why they can't get email anymore I give them 
the lecture on why you don't use the same password for email that you use for 
logging into DisneyPlus or whatever.  Then we reset their password to some 
random string and I have them save it in their phone and other email clients 
and they forget their password almost immediately and that's that.  No more 
break ins.  Frankly I prefer that they DON'T KNOW their own email password.

But that is a labor intensive manual process and these larger sites like gmail, 
etc. are just too big for that.  Thus their requirement for 2FA and thus 
breaking it on normal IMAP/POP3 clients.

Spammers are the biggest problem with running these mailservices and you can 
only fight them either using user education (which is labor intensive and thus 
unprofitable and some users don't like it) or a variety of esoteric software.  
I chose to go the route of user education and over the years, the users of mine 
who seem to take pride in being morons and insisting on doing stupid stuff, 
have drifted off to other services when I made it clear that I would NOT make 
it easy for them to continue to use my mailservers.  The ones that remain are 
more than happy to do what I tell them which is LOOK at senders actual domains, 
don't click unsubscribe links from obvious drive-by spammers, don't use the 
same password everywhere, and keep their inbox clean and don't let it pile up 
10,000 messages, and empty deleted items every once in a while.

With trainable users running the servers is easy, but with the obstinate idiots 
it's a morass.  My choice was to make life unpleasant for the obstinate idiots 
and make it easy for the trainable ones, but since running those is sort of 
hobby income for me I can do that.  The large services have to take everyone 
including the obstinate idiots and thus they can't piss anyone off, and so 
instead substitute software to try to mitigate the worst of the problems the 
idiots bring. 

Ted

Re: [PLUG] Zoneminder server build instructions

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Chuck Hast

>The usual culprits in the big box stores.
>Arlo, Lorex, NiteOwl, etc.

>My brother in law bought Arlo, I looked at it and said nothing.

Oh My God that stuff is horrendous.

Do a search on Home Depot's website for security cameras.  $100 for a 2MP  
(1080p) camera combined with a motion detection light by Blink.  And of course, 
the light is some square POS that does not take an Edison bulb so when the LEDs 
in it start getting dim the entire light and camera needs to be unscrewed from 
the side of the house and thrown away.

You can buy a separate motion detector only light from HD for like around $25 
for the base and replaceable bulbs then pair it with a real camera with good 
resolution for cheaper than that.

Plus all that big box crap is all Chinese made and since it's all cloud-based 
the cameras have to connect to the Internet, and I'm quite sure the Chinese 
government sees all of those video streams.  Geeze people, Hikvision is 
state-owned.

>The only thing I am interested in PTZ for is WX cams. Here in OK we have a lot 
>of that and a PTZ cam comes in handy >to look at what is going on out in 
>remote area.

OK you piqued my curiosity on that - I've seen WX associated with weather for a 
while online now - what exactly does the abbreviation WX stand for?

>As I recall the guy put the code out there for folks to use.
>He used it to give the police a better idea of the times it was happening and 
>video of the vehicle. They then were able >to be there at the right time and 
>catch him. But before the ZM video nothing was happening.

Unfortunately we have this thing in Portland OR now called "road dieting"  It 
is something that city planners dreamed up, they shrink major arterials in the 
city down from 4 lanes to 2 lanes claiming it "increases safety"  Of course all 
it does is tremendously increase congestion and so as a result people start 
shortcutting through the residential neighborhoods.   In response to that the 
city set every residential neighborhood street speed from 25Mph to 20Mph.  But 
needless to say there's not enough police on the force to patrol every single 
residential street.

The people living in neighborhoods are ballistic about it because they went 
from having a neighborhood street with practically no traffic to having a 
neighborhood street that now had a steady stream of cars on it.  The city 
planners who dreamed this up finally admitted that the entire idea was to slow 
traffic down and that the people in the neighborhoods would just have to suck 
it.

I just laughed my ass off about it because the same people in the neighborhoods 
now who were complaining about traffic were the ones who voted in the road 
dieting.  So now they got speeders in their neighborhoods.  Should have known 
better than to vote for the road diet on the arterial 3 blocks away from your 
house when the city came around asking if you wanted it.

People need to quit being so stupid and anal about this stuff.  You don't want 
speeders in the neighborhood, then ease congestion by widening arterials.  And 
yes, that DOES mean people are going to drive fast on the arterials.  That's 
their purpose.

Out West from Portland in cities like Hillsboro they understand this stuff and 
you go out there and see miles of empty farmland where they are platting out 
subdivisions and new business parks and you see 4 lane roads everywhere in the 
cornfields.  No road dieting out there!

>I just cannot believe you can leave a windows box unattended for any length of 
>time. 

You actually CAN do this with Windows XP.  I've done it.  But the catch is that 
the system has to be COMPLETELY patched, I use one of the Unofficial Windows XP 
Patch sets  (sometimes called the Unofficial Service Pack 4) and it CANNOT be 
accessible from the Internet.  And, obviously, you typically either have to use 
an old commercial application that is really very very stable, or you have to 
use an app you wrote yourself, typically with Visual Studio 6.0 or earlier.

The typical application for this is Point of Sale cash registers.  POS software 
is actually in a pretty sad state of affairs these days because all of the 
current cash register vendors have moved to the Cloud, as a way of getting 
recurring revenue.  Most of them will sell you PC's with Windows IoT on them 
and cash drawers and all that.  But needless to say the small business 
retailers don't want to be stuck paying ongoing revenue for a flipping cash 
register so many of them use older antique cash register software programs that 
were written in XP days and sold as "perpetual licenses"

>I am sure that they have >corrected things but something that calls home
>(MS) and feels like working on a car with the hood welded shut just does not 
>sit right. Not to mention the monetizing >of the desktop.

You actually CAN do this but NOT with Windows 10 Desktop.  You can do it with 
Windows Server (obviously) but 

Re: [PLUG] Looking for a paid POP/IMAP email provider

[Ted Mittelstaedt]

Proton mail recoups the free cost because their free account requires you to 
access it via web-interface only.  No POP3/IMAP.  By doing that they can give 
you popup advertisements.

Ted

-Original Message-
From: PLUG  On Behalf Of Richard Owlett
Sent: Monday, May 8, 2023 4:56 AM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Looking for a paid POP/IMAP email provider

Rich Shepard wrote:
> On Sat, 6 May 2023, Richard Owlett wrote:
> 
>> Though I live in SW Missouri, I've followed this list for years. My 
>> current provider is terminating email service soon. I run SeaMonkey 
>> on Debian. Wishing to avoid ads, I specified "paid" in the subject line.
> 
> Richard,
> 
> How about gmail? Or proton mail <https://proton.me/mail>?
> 
> Rich
> 
> 

There is *NO* such thing as a free lunch ;!
As Ted Mittelstaedt wrote of gmail, "But it's known that they scan email to 
scrape marketing data from it."
I don't know how proton.me recoup the cost of providing "free" or if such 
techniques are applied to their paid services.

Re: [PLUG] Looking for a paid POP/IMAP email provider

[Ted Mittelstaedt]

I looked at pobox and their forwarding has a limit of number of addresses they 
forward to so it
Isn't actually true wildcard domain forwarding.

That is you can't tell them "forward  *@wonkulator.com to a mailbox"

If you could do that then you could literally put a company with 500 users 
behind them.

I don't see how you can have them "forward to your own mailserver" unless you 
define your
Own mailserver as "mailserver that only handles X number of addresses"

With ANY kind of these forwarding schemes the real issue is incoming mail 
terminates on the
Mailservice's server.  Thus, the only effective spamfiltering that is available 
can be done there.
You also can't attack spammers by tarpitting their mules and so on.

It's the spamfiltering these days that is the expensive part in my experience.

Ted

-Original Message-
From: PLUG  On Behalf Of Kevin Williams
Sent: Saturday, May 6, 2023 1:15 PM
To: plug 
Subject: Re: [PLUG] Looking for a paid POP/IMAP email provider

I second the recommendation for Fastmail, as well as POBox.

Features of both:
- No ads and no scraping emails for "relevant" ads
- You can use your own domain name or theirs (you don't have to have a custom 
domain)

They also have these advantages over Protonmail
- Works with any imap email client (Protonmail's paid plan requires a Bridge 
app for Thunderbird. etc)
- Doesn't have known/deliberate issues sending/receiving email to mailing lists 
or other cases where the from address is legitimately changed

https://fastmail.com - I use their $5/mo plan for me, and $3/mo plan for my 
wife while I start the long process to migrate away from gmail.

https://pobox.com - Their $50/yr plan includes hosting your mail for you. The 
lower plans only Forward mail to your own mail server. I'm looking to add them 
alongside Fastmail with a second custom domain so that I don't have all my eggs 
on one basket.


On Sat, May 6, 2023, at 7:14 PM, Ted Mittelstaedt wrote:
> 
> 
> -Original Message-
> From: PLUG  On Behalf Of MC_Sequoia
> Sent: Saturday, May 6, 2023 11:08 AM
> To: Portland Linux/Unix Group 
> Subject: Re: [PLUG] Looking for a paid POP/IMAP email provider
> 
> 
> >Protonmail doesn't support POP / IMAP client connections but it's Ad-free, 
> >they do have free accounts, I use one, >but they're also an organization 
> >very much worthy of supporting with a paid subscription. 
> 
> According to their site they only don't support POP/IMAP for free accounts.
> 
> Ted
> 
> 
> 

Re: [PLUG] Zoneminder server build instructions

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Chuck Hast
Sent: Saturday, May 6, 2023 7:50 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Zoneminder server build instructions

>> It always shocks me how poor "home security" video is that gets posted 
>> on TV news clips.  A brand new RLC 820A 8MP fixed cam is $72 off 
>> Amazon.  A "name brand" Axis 2MP cam used runs around $35.  You can 
>> get 10-packs of Ethernet-to-CCTV PoE coax baluns for around $35 off 
>> Ebay so even if you have an "old school" coax setup you can switch it 
>> over to IP cameras really cheaply and a used 2MP Axis IP cam is 4 times 
>> better than a CCTV D1 cam.
>>
>Yes and what they charge for those pieces of crap is shear highway robbery. 

Which pieces of crap, the RLC 820A or the used Axis 2MP cams?

A fixed cam is a fixed cam is a fixed cam, every one of them out there on the 
market uses the same CCD made by the same maker in China and cheap plastic 
optics, and that is the only thing that is really worth anything inside the cam.

If you buy an Axis Q6075-SE (which I have done so) then the manufacturer does 
spend some money on the PTZ gears and you will get real ground glass optics but 
otherwise most IP cams are the same.

SV3C sells a 5MP Dome D05POE-5MP for $50, Reolink sells a 5MP Dome RLC-520A for 
the same price, so I'm really not sure what you are terming pieces of crap.  
Axis or Reolink?  And "they" on a used cam are the Fleabay maggots, not Axis.  
I did say the Axis stuff is "name brand" and anyone buying cams should know 
"name brand = extra $$$"  My feeling is once the laggards still selling new 2MP 
cams (like SV3C is doing) quit doing it the Fleabay maggots will unload their 
2MP cams whether they say Axis on them or not for next to nothing.  Frankly I 
see no difference between a used 2MP Axis cam from a Fleabay maggot who is just 
sitting on them like a hen on eggs and a new SV3c 2MP cam - both are obsolete 
tech and nobody should be selling a 2MP fixed cam for more than $10-$15 unless 
it's got a telephoto lens as long as my pecker attached to it LOL.

Today I wouldn't buy a 2MP cam from anyone, either SV3C or Reolink and I won't 
buy a 5MP cam either, I don't see that SV3C has an 8MP dome offering yet, 
although maybe they intend on releasing a 12MP offering for $120 since that 
seems to be the sweet spot.  The cost is in the time and energy mounting the 
cam the cam cost is small in comparison so spend the extra $50 and get the 
highest MP you can find.  You can certainly elect to record at a lower 
resolution if you want.

I have zero use for motion-detection in the cam, it's all proprietary and only 
seems to work if the cam is set to record to flash or intended for cloud use.  
Why pay more for that?

And while PTZ is "kewel" I have better things to do than spend all day in front 
of a monitor swiping around a PTZ security camera.   And I did explain the 
limitations of "follow me" tech in security work during the presentation, the 
cams are easily distracted if the perp uses an accomplice and cases the place 
out.  Fixed dome or bullet with a lot of cams is the way to go.

>Somewhere back in ZM history is a piece by a guy in the UK, he had some guy 
>speeding through the subdivision (Estate >for them) he lived in, they tried to 
>get him caught but they never were, he already had ZM running so he wrote some 
>>code and setup a second camera was able to catch the plate on the vehicle and 
>provide the speed by doing speed calcs >between the two cameras. According to 
>him the cops used the video data to nab the guy.

Yeah that probably works in the UK but here a good lawyer could hire an expert 
witness who would demonstrate how easy it would have been for the ZM guy to 
make the second cam say whatever time he wanted and produce whatever speed he 
wanted so I kind of doubt the veracity of that story.   Plus it would have been 
just as good to just get video of the speeder, measure out landmarks on the 
road, then calculate the speed using frame rate from a single cam using the 
frame to frame time index in the video stream and compare where the car was in 
each frame.

Just as easy and accurate technologically and harder to discredit in a court, 
but it sounds more sexy to say you used 2 cams.  Sigh.  

>Yes everyone I have set up on ZM does not want anything else, and it allows 
>them to buy different cams for different >applications, I know a fellow that 
>uses his ZM also to collect bird video in his yard. I have a WX cam setup 
>facing SW the >direction we get bad weather from, just to monitor what is 
>coming from that direction.

Actually there's a number of "free" and commercial Windows programs from 
manufacturers that do allow use of different cams.  I just think the stability 
of a Linux or FreeBSD server is superior to Windows.   Especially today when 
Microsoft seems to believe that Windows's purpose is to collect telemetry for 
Microsoft and send it back to them for 

Re: [PLUG] Looking for a paid POP/IMAP email provider

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of MC_Sequoia
Sent: Saturday, May 6, 2023 11:08 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Looking for a paid POP/IMAP email provider


>Protonmail doesn't support POP / IMAP client connections but it's Ad-free, 
>they do have free accounts, I use one, >but they're also an organization very 
>much worthy of supporting with a paid subscription. 

According to their site they only don't support POP/IMAP for free accounts.

Ted

Re: [PLUG] Looking for a paid POP/IMAP email provider

[Ted Mittelstaedt]

But it's known that they scan email to scrape marketing data from it.   That's 
why when you use the webinterface to gmail all your popups now start showing 
advertisements for topics you cover in your email.

Ted

-Original Message-
From: PLUG  On Behalf Of wes
Sent: Saturday, May 6, 2023 11:42 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Looking for a paid POP/IMAP email provider

On Sat, May 6, 2023 at 11:08 AM MC_Sequoia  wrote:

>
> Gmail has Ads.
>
>
gmail does not serve ads via imap.

-wes

Re: [PLUG] Looking for a paid POP/IMAP email provider

[Ted Mittelstaedt]

The issue with Gmail is they are now mandating 2FA even on IMAP access so you 
have to have a phone and I think maybe a smartphone.  They also have this 
online 2Fa thingie that if you "join" your windows box into their service that 
might work.

If you are able to access a brand new Gmail account vi IMAP from a pure Linux 
system that is NOT running Thunderbird, OR is running an OLD version of Tbird, 
then tell us how you do it if you CAN do it (T-bird has added in Google's 2Fa 
stuff it's not pure IMAP/POP3 authentication anymore)

OAuth2 doesn't just require "some changes" it requires fundamental changes such 
as scrapping out a lot of email clients like Eudora that worked perfectly.

Explain it's just "some changes" to my mother who was mightily pissed off when 
that happened

Ted

-Original Message-
From: PLUG  On Behalf Of bro...@netgate.net
Sent: Saturday, May 6, 2023 7:39 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Looking for a paid POP/IMAP email provider


I would suggest a (paid) gmail account. You can access it using IMAP:

 https://support.google.com/mail/answer/78892?hl=en

It's inexpensive (I think I pay $6 a month). No ads, built-in spam and virus, 
awesome webmail intereface (if you ever need it), lots of storage.

FYI: Microsoft and Google are phasing out Basic Authentication (username + 
password) for Modern Authentication (OAuth2). That might require some changes 
on your end.

Re: [PLUG] Looking for a paid POP/IMAP email provider

[Ted Mittelstaedt]

Well it's worth mentioning that the Windows way of doing this is to run 
Mailwasher Free, then use your free ISP email account.  Mailwasher downloads 
the mail from the ISP via POP3 then scans it and removes all the spam then 
delivers it to your Outlook or Thunderbird or whatever email program you use.

Proton mail looks good but their downside is their free offering is webbased 
only.

Why not just put up your own email server?  Since you are willing to pay for it 
just do what I do and pay for a static IP and you are off to the races.  Then 
you can do exactly what you want.  You can also run a VPN server to be able to 
remote into your computer when you are travelling, etc.

Alternatively, I have a friend that runs their own mailserver on a dynamic IP  
(residential account)

They run a router,firewall that I setup for them that goes to a dynamic DNS 
service which assigns a DNS name to the dynamic IP on the outside of their 
router

Since their cable provider blocks incoming port 25 I relay incoming email from 
one of my mailservers to theirs on port 2525.  Then their router port forwards 
2525 to port 25 on their server.   They run some spamfiltering but it's a lot 
harder to filter when you don't see the source IP of the incoming connection.

Ted

-Original Message-
From: PLUG  On Behalf Of Richard Owlett
Sent: Saturday, May 6, 2023 6:07 AM
To: Portland Linux/Unix Group 
Subject: [PLUG] Looking for a paid POP/IMAP email provider

Though I live in SW Missouri, I've followed this list for years.
My current provider is terminating email service soon.
I run SeaMonkey on Debian.
Wishing to avoid ads, I specified "paid" in the subject line.

I've found services that seem generally suitable, *BUT*
   -- one requires existence of a mobile phone account
  I don't have a smartphone due to vision problems
   -- another { catering to small businesses} needs a custom domain
  I don't under the ramifications of creating a domain

In one sense, privacy/security is not a major issue as >90% of my usage is 
"public" mailing lists such as this or tech oriented Usenet groups.

Suggestions/guidance please.
TIA

Re: [PLUG] Zoneminder server build instructions

[Ted Mittelstaedt]

Both presentations were recorded and I think Michael has them.

Check at the bottom of my instructions for the chown command - I believe the 
way that the API works that zmninja uses is that zmninja writes out window 
configs to a settings file via that API and the webserver has to be able to 
write to a location to save those.  The latest installs of apache run httpd 
under a non-privileged user while that location that the zm install creates is 
owned by root thus the webserver can't save the settings there.   That might be 
your problem.

It always shocks me how poor "home security" video is that gets posted on TV 
news clips.  A brand new RLC 820A 8MP fixed cam is $72 off Amazon.  A "name 
brand" Axis 2MP cam used runs around $35.  You can get 10-packs of 
Ethernet-to-CCTV PoE coax baluns for around $35 off Ebay so even if you have an 
"old school" coax setup you can switch it over to IP cameras really cheaply and 
a used 2MP Axis IP cam is 4 times better than a CCTV D1 cam.

The only reason people don't do it is sheer laziness because they then have to 
switch out the DVR for a modern NVR and using ZM that's cheap, too particularly 
since we are awash in cheap used pre-Nehalem CPU PCs thanks to Microsoft 
forcing it with Win 11.

Did they catch the perp?

Ted

-Original Message-
From: PLUG  On Behalf Of Chuck Hast
Sent: Friday, May 5, 2023 8:48 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Zoneminder server build instructions

Ted,
I wish I could have been there. I have been running ZM since there were only 
analog cameras, back when I lived in Tampa, Fl.

This is great info. I have 3 set up here in my neighborhood,
1 at church and have left setups in the glass plant in Kalama WA where I worked 
for several years. And other locations.

Right now I have one issue but it is with ZMNinja, it always defaults to a 2 
window wide screen. I normally run it either
5 windows wide or 7 windows wide. All of the other ZMninja setups I have work 
just fine and keep the screen setting, this one will not. I have reinstalled 
it, purged everything it may have left and reinstalled. I am not sure why it 
will not keep the window setting, nor why it defaults to a 2 window width.

Beyond that, everyone I have set a ZM up for is really happy with it. I had a 
guy try to tell me that all of these "home NVR"
systems were no good, I had a break in at my neighbors place in Tampa, the 
vehicle was quite clearly visible (even the tattoo on the  purps arm was very 
clear). Gave the video to the LEO they came back for more, since my cameras 
also monitored the common area of the small neighborhood, all of my neighbors 
had remote access to those cameras. One of my neighbors went through back 6 
months from the event and found video where these scum came in and cased the 
place. The LEO told us that the video was the best they had ever seen.

My only wish is that ZM would pass audio in real time. I have a location that 
needs to be able to pull up a monitor and hear the audio along with the real 
time video.

Best Regards.



On Fri, May 5, 2023 at 8:42 AM Ted Mittelstaedt 
wrote:

> As I said during the PLUG talk last night I will post the instructions 
> I used to build a ZM server.
>
> There were 2 ZM questions I could not answer during the presentation.
> First was if ZM can run under Nginx, yes it can here's instructions:
> Nginx, Ubuntu and ZoneMinder - Chiral Software< 
> https://chiralsoftware.com/idea/nginx-ubuntu-and-zoneminder>
>
> Second was external hardware motion detection triggering - that's 
> detailed here ZoneMinder Wiki - Wiki - How to use your external 
> camera's motion detection with ZM< 
> https://wiki.zoneminder.com/How_to_use_your_external_camera's_motion_detection_with_ZM>
>   Instructions for building your own RF motion detector are here 
> ZoneMinder Wiki - Wiki - Arduino<https://wiki.zoneminder.com/Arduino> 
> but make sure if you do roll your own you use a very stable power 
> supply or you will get phantom triggering.
>
>
>   1.  BIOS and firmware update on existing windows load on system, 
> make sure bios is UEFI for <2TB boot disk support
>   2.  Removed hard drive and replaced with a 4TB 7200 rpm hard disk 
> (Western Digital Purple Pro.  NOT the regular Purple that is not 7200rpm)
>   3.  Created Ubuntu Desktop install USB key and boot system from 
> that, installed Ubuntu 22.04LTS.  Selected default options used entire 
> hard disk standard EXT filesystem, DHCP, etc.
>   4.  Logged into system ran Firefox and attempted to view an H.265 
> video from Downloads - Videos > libde265 HEVC - H.265 High Efficiency 
> Video Coding<https://www.libde265.org/downloads-videos/> to determine 
> if processor had hardware decoding.  (don't use VLC for this or any 
> viewer since they have software decoders, use a web browser)
>  

[PLUG] Zoneminder server build instructions

[Ted Mittelstaedt]

As I said during the PLUG talk last night I will post the instructions I used 
to build a ZM server.

There were 2 ZM questions I could not answer during the presentation.  First 
was if ZM can run under Nginx, yes it can here's instructions:
Nginx, Ubuntu and ZoneMinder - Chiral 
Software

Second was external hardware motion detection triggering - that's detailed here 
ZoneMinder Wiki - Wiki - How to use your external camera's motion detection 
with 
ZM
Instructions for building your own RF motion detector are here ZoneMinder 
Wiki - Wiki - Arduino but make sure if you 
do roll your own you use a very stable power supply or you will get phantom 
triggering.


  1.  BIOS and firmware update on existing windows load on system, make sure 
bios is UEFI for <2TB boot disk support
  2.  Removed hard drive and replaced with a 4TB 7200 rpm hard disk  (Western 
Digital Purple Pro.  NOT the regular Purple that is not 7200rpm)
  3.  Created Ubuntu Desktop install USB key and boot system from that, 
installed Ubuntu 22.04LTS.  Selected default options used entire hard disk 
standard EXT filesystem, DHCP, etc.
  4.  Logged into system ran Firefox and attempted to view an H.265 video from 
Downloads - Videos > libde265 HEVC - H.265 High Efficiency Video 
Coding to determine if processor 
had hardware decoding.  (don't use VLC for this or any viewer since they have 
software decoders, use a web browser)
  5.  Determined CPU lacked hardware H.265 decoding support so downloaded and 
installed user-built version of Chromium that has a software decoder added, 
from https://github.com/StaZhu/enable-chromium-hevc-hardware-decoding/releases  
 This step isn't necessary if you are using older IP cameras that do not output 
in H.265, only H.264 or something else
  6.  Installed updates on OS.  Set static IP and hostname from GUI.  Sudo -s 
in terminal Df and make sure all 4TB is accessible
  7.  apt-get install openssh-server -y  apt get install net-tools  apt-get 
install apcupsd
  8.  apt install apache2 php mariadb-server php-mysql libapache2-mod-php
  9.  create the zm-install script from 
https://wiki.zoneminder.com/Ubuntu_Server_or_Desktop_Zoneminder_1.36.x
  10. chmod 755 zm-install./zm-install
  11. Access ZoneMinder server from Chromium on the desktop  
http://whateverstaticIPused/zm



NOTE:  DO NOT run "mysql_secure_installation" before installing Zoneminder.  
Zoneminder depends on there being no initial root password on mysql because as 
part of it's install it automatically creates the mysql zoneminder userID and 
password and database.  But, after it's installed then if you want to secure 
the root password on mysql then you run mysql_secure_installation.



mariadb (maybe earlier versions) and mysql (earlier versions) allow this to 
work but current versions break the mysql_secure_installation script so you 
have to do the hack below.


mysql_secure_installation
No on validate password
when it goes into the loop asking for the password then erroring it, in another 
ssh session

pkill -f mysql_secure_installation

this leaves mysql open.  As sudo -s in the first session

root@media:/home/tedm# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.0.32-0ubuntu0.22.04.2 (Ubuntu)

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. 
Other names may be trademarks of their respective owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH
mysql> mysql_native_password by 'whateverpasswordyouwant';
Query OK, 0 rows affected (0.04 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

mysql> exit
Bye
root@media:/home/tedm#


test it

root@media:/home/tedm# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 8.0.32-0ubuntu0.22.04.2 (Ubuntu)

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. 
Other names may be trademarks of their respective owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> exit
Bye
root@media:/home/tedm#

now run the setup script mysql_secure_installation

root@media:/home/tedm# mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root:

VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. 
It checks the strength of password and allows the users to set only those 
passwords which are secure enough. Would you like to setup VALIDATE PASSWORD 
component?

Press 

Re: [PLUG] the dreaded hang

[Ted Mittelstaedt]

> I'm sure it worked though, if i don't disable it i get 1 -2 hours maximum and 
> then it blanks out.

You were asking how to automatically disable it.   I figured you could get some 
ideas on how to do that from the link.

To run commands like this before the display manager starts up (the program 
that gives the graphical login screen) traditionally you would modify 
/etc/X11/xdm/Xsetup or /etc/gdm/Init/Default or /etc/kde4/kdm/Xsetup or 
/etc/kde3/kdm/Xsetup or /etc/lightdm/lightdm-gtk-greeter.conf or whatever your 
display manager or  greeter uses.

But, from what they were saying, apparently the desktops don't respect whatever 
the display manager has set and insist on overriding it and turning the dpms 
back on so once you login any settings like that are lost.  That's why it only 
worked after you logged in.  Normally to automate that after login you would 
modify ~/.xinitrc, with the commands

DISPLAY=:0 xset -dpms
DISPLAY=:0 xset s off
DISPLAY=:0 xset s noblank
DISPLAY=:0 xset s noexpose
DISPLAY=:0 xset s 0 0

But the folks posting found that does not work anymore because the desktop 
manager forces dpms back on even after you login.

But whatever - I'm not actually really sure what you need, anyway.  All I can 
end with saying is that yes, I've also observed some video cards are not 
entirely compatible with some X servers and if you allow dpms to be on, it will 
bork the machine.

I'm old school and I generally disable the display manager entirely on FreeBSD 
and Linux servers.  All you get is a text mode command prompt.  If I want to 
run X, I login at the command line and run startx so putting xset commnds in 
~/.xinitrc works just fine for me.

Ted

Re: [PLUG] the dreaded hang

[Ted Mittelstaedt]

>From the following 
>https://unix.stackexchange.com/questions/4466/screen-turns-on-automatically-xset-dpms-force-off

is this awful hack:

I used cron with this set to run every 5 mins (enter crontab -e from the 
command-line as your X11 logged in user):

*/5 * * * * /usr/bin/env DISPLAY=:0.0 xset -dpms

Or even worse:

If non of the above worked for you. I had the same problem on a 64bit linux 
mint machine. The only thing that worked for me was this python script :

import sys, select, subprocess
while True:
p = subprocess.Popen(['xset', 'dpms', 'force', 'off'], 
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if sys.stdin in select.select([sys.stdin], [], [], 0)[0]:
break

Of course, he also did misspell the word "none"  LOL

I feel there is something smelly in the garbage when you have to write a 
frigging program to slap down what the eco-greenie warriors feel justified in 
forcing on you.  Sigh.

Ted

-Original Message-
From: PLUG  On Behalf Of bri...@pounceofcats.com
Sent: Monday, May 1, 2023 8:52 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] the dreaded hang

Hi,

Problem is verified.

  xset -dpms 

and i can leave it on all night and no problem.

don't do that and the display goes away at some point.

I did verify it's only the video card as I was logged in remotely.

The second part of this question would be how can I kill and restart the X 
server from the ground up ?

I'm using linux mint and it's not particularly straightforward.

I managed to figure out how to restart the display manager but I realized 
that's not good enough and that I really need to restart the x-server (after 
killing it) and see if it will recover.  Not even sure that will work, it 
probably needs to reinitialize the video card which may only happen at boot.


Brian

On Mon, 17 Apr 2023 03:36:32 +
Ted Mittelstaedt  wrote:

> X and friends have insisted on actuating the screensaver for a long time now 
> and they use dpmi
> 
> I have found this does lock up some hardware.  Not just on Linux I've had 
> Windows lock up various laptop hardware as well attempting to "save the LCD 
> screen from burn in"  (I wasn't aware LCD screens burned but what do I know 
> LOL)
> 
> For some reason X makes it damn near impossible to shut the screensaver off 
> on boot so that the machine will just boot to the login screen and leave it 
> on forever.  When the system is on a KVM it does NOT need a screensaver.  Nor 
> does it need to be wasting CPU cycles on drawing "pipes" or other nonsense.
> 
> Various xset invocations once you login seem to disable the "screensaver"
> 
> Ted
> 
> -Original Message-
> From: PLUG  On Behalf Of bri...@pounceofcats.com
> Sent: Sunday, April 16, 2023 7:21 PM
> To: Portland Linux/Unix Group 
> Subject: [PLUG] the dreaded hang
> 
> Hi,
> 
> So i just finished putting together a new PC AMD K7/Asus MB.
> 
> if i leave it alone for some indeterminate amount time, on the order of 1 to 
> 2 hours, it decides to lock up - sort of. The caps lock key is still working, 
> for example, but the monitor doesn't see a signal.
> 
> A few things that i've checked:
> 
> 1 set the display shut-off to a few minutes and sat there and watched it shut 
> off the display. Not a problem.
> 
> 2 suspended it, unsuspended it, and it recovered. that was a shocker. suspend 
> mode and linux have never worked for me. not ever.
> 
> Regardless i have suspend mode time set to never and i just now changed the 
> display shut-off time to never.  Even though i watched it shut-off without a 
> problem I'm still suspicious that it may be the problem (for example, maybe 
> it has to stay in display shut off for a few minutes).
> 
> A couple of things i would like to do.
> 
> Is there a way to enable more detailed kernel tracing so i could look at a 
> log file and see if can figure out if there's a particular activity preceding 
> the problem ?
> 
> One thing that occurs to me as i'm typing this is that I did not try to SSH 
> in and see if things were working - it could simply be a video card driver 
> problem (AMD video card).
> 
> The odd thing is that it's running 100% reliably when i'm sitting at the 
> computer
> 
> Any other things I might try to narrow down the problem ?
> 
> 
> 



-- 
Brian

Re: [PLUG] Is this something to worry about?

[Ted Mittelstaedt]

The main reason exfat is used on USB is so that your typical user can yank the 
stick out without properly unmounting it - which of course, they do all the 
time as they assume since it's USB the computer will magically know the second 
before that they intend on yanking it out and thus flush disk caches, etc.

If you properly handle your removable medial (unmounting, ejecting under 
windows, etc.) this isn't a problem you can use whatever filesystem you want.

Note that any caching filesystem will be much faster.

Ted

-Original Message-
From: PLUG  On Behalf Of American Citizen
Sent: Sunday, April 23, 2023 6:01 PM
To: plug@pdxlinux.org
Subject: [PLUG] Is this something to worry about?

Hello:

A friend bought me a new Kuesuny KSPro100 USB stick, size 512Gb which claims to 
have very fast read/write transfer rates.

I ran f3write and f3read and found 156 MiB/sec write and 310MiB/sec read which 
definitely is faster than any other USB stick I have (I have some SanDisk flash 
drives)

Question, when I went to check this USB for the format, it came up as exfat, 
which is fine, but then the gparted program posted and said that it could NOT 
read all the filesystem (this even after I reformatted the USB back to exfat 
again, after removing the partition)

I do have the exfatprogs module installed on my openSuse Leap 15.4 system, so I 
am puzzled by the gparted message [see attached]

Should I worry about this?

Randall

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

world feel free to take it to PLUG-TALK. 
I'm the last person to dictate politeness on any online forum but I'm gonna sit 
my ass down on this hill and say that bringing statements about mental health 
into a discussion about linux network monitoring is crossing multiple lines. If 
any PLUG old-timers want to get cranky about my attitude I'll show myself the 
door. :)

And for the record, thanks for taking a day to write an honest and 
significantly less toxic response. Most people would have doubled down on their 
BS rather than explain it.
-Ben


--- Original Message ---
On Sunday, April 23rd, 2023 at 3:23 PM, Ted Mittelstaedt 
 wrote:


> Well as I have been on the autism scale myself since I was born and I have 
> read quite a bit about it in an effort to understand what my differences are, 
> I perhaps have a radically different view of it than you do. It is not a 
> disorder unless someone is severely autistic. It is, in fact, an evolutionary 
> advantage that has become more prevalent in humans for the simple and obvious 
> reason that it gives people who have "mild" cases of it the ability to be 
> highly successful with technology and machinery as well as music and the 
> arts. As humans have become more civilized, people with the genetic group 
> that causes autism have out competed people that lack this. Einstein for 
> example is a textbook example. I've worked in high tech since 1994 and the 
> most successful programmers, engineers, it people, - the "techies" of the 
> world - are all on the scale. That is after all what the word nerd was coined 
> to describe. So I am actually rather proud of being on the scale and I DONT 
> regard having it negatively. I'm sorry you do and I hope you can eventually 
> realize your view of it being a disorder is discriminatory. IMHO the biggest 
> proponents of the idea that mild autism is a disorder are old school 
> educators who's main goal in life is getting kids in school to sit down and 
> shut up. Happily that view is gradually changing but it's clear we still have 
> a lot of work to do.
> 
> Get Outlook for Androidhttps://aka.ms/AAb9ysg
> 
> 
> From: PLUG plug-boun...@pdxlinux.org on behalf of Ben Koenig 
> techkoe...@protonmail.com
> 
> Sent: Saturday, April 22, 2023 5:29:40 PM
> To: Portland Linux/Unix Group plug@pdxlinux.org
> 
> Subject: Re: [PLUG] 3rd party vpn Defense evasion
> 
> --- Original Message ---
> On Tuesday, April 18th, 2023 at 8:38 AM, Ishak Micheil isaa...@gmail.com 
> wrote:
> 
> 
> 
> > Greetings,
> > I am tasked to identify a solution to detecting users obfuscating 
> > their ip, using verity of VPN services.
> > 
> > What we've done
> > - Prevent users from installing software (VPN Cliens)
> > 
> > - Possibly having a code on endpoints, to collect ip addresses tied 
> > to wifi or LAN connection prior to attaching to VPN service,
> > 
> > any other ideas?
> 
> 
> 
> Some people want to debate this ass some sort of political issue, but it's 
> pretty straight forward. This usually is more of a concern at SMBs that don't 
> want to splurge for company managed hardware and ask their employees to BYoD. 
> This then creates anxiety among managers that gets projected down to IT.
> 
> If you control the VDI system, then you have the ability to see who is 
> connecting. At most companies the VPN software used to connect to the VDI is 
> ALSO company managed, so you can see that too.
> 
> So, you log all accesses to the VPN on the server side and monitor for 
> trends. You may not be able to stop an employee from giving out access 
> credentials, but you can see when the IP address used to connect the VPN 
> changes. From here, you implement Zero-trust policies where only known IP 
> addresses are able to access the network because you know the IP address, but 
> may not have logged it effectively until now.
> 
> There are additional layers of control you can add but it ultimately comes 
> down to what a given company is willing to provide for their 
> employees/contractors. I've worked with systems that would make the kind of 
> subcontracting you describe very difficult but in those cases you end up with 
> the employer buying a special wifi router for their staff. A lot of managers 
> will ask for a magical fix without understanding how much effort it takes to 
> lock this down. For us in IT sometimes we just need to map out all the things 
> that would need to be implemented and assign a $$$ value to them. Most 
> companies will decide not to bother at that point.
> 
> 
> Think of it like an arms race, at what point does your user have to 
> jump through so many hoops that the act of enabling a subco

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

Well as I have been on the autism scale myself since I was born and I have read 
quite a bit about it in an effort to understand what my differences are, I 
perhaps have a radically different view of it than you do.  It is not a 
disorder unless someone is severely autistic. It is, in fact, an evolutionary 
advantage that has become more prevalent in humans for the simple and obvious 
reason that it gives people who have "mild" cases of it the ability to be 
highly successful with technology and machinery as well as music and the arts.  
As humans have become more civilized, people with the genetic group that causes 
autism have out competed people that lack this. Einstein for example is a 
textbook example.  I've worked in high tech since 1994 and the most successful 
programmers, engineers, it people, - the "techies" of the world - are all on 
the scale.  That is after all what the word nerd was coined to describe.  So I 
am actually rather proud of being on the scale and I DONT regard having it 
negatively. I'm sorry you do and I hope you can eventually realize your view of 
it being a disorder is discriminatory. IMHO the biggest proponents of the idea 
that mild autism is a disorder are old school educators who's main goal in life 
is getting kids in school to sit down and shut up.  Happily that view is 
gradually changing but it's clear we still have a lot of work to do.

Get Outlook for Android

From: PLUG  on behalf of Ben Koenig 

Sent: Saturday, April 22, 2023 5:29:40 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] 3rd party vpn Defense evasion

--- Original Message ---
On Tuesday, April 18th, 2023 at 8:38 AM, Ishak Micheil  
wrote:


> Greetings,
> I am tasked to identify a solution to detecting users obfuscating their ip,
> using verity of VPN services.
>
> What we've done
> - Prevent users from installing software (VPN Cliens)
>
> - Possibly having a code on endpoints, to collect ip addresses tied to wifi
> or LAN connection prior to attaching to VPN service,
>
> any other ideas?


Some people want to debate this ass some sort of political issue, but it's 
pretty straight forward. This usually is more of a concern at SMBs that don't 
want to splurge for company managed hardware and ask their employees to BYoD. 
This then creates anxiety among managers that gets projected down to IT.

If you control the VDI system, then you have the ability to see who is 
connecting. At most companies the VPN software used to connect to the VDI is 
ALSO company managed, so you can see that too.

So, you log all accesses to the VPN on the server side and monitor for trends. 
You may not be able to stop an employee from giving out access credentials, but 
you can see when the IP address used to connect the VPN changes. From here, you 
implement Zero-trust policies where only known IP addresses are able to access 
the network because you know the IP address, but may not have logged it 
effectively until now.

There are additional layers of control you can add but it ultimately comes down 
to what a given company is willing to provide for their employees/contractors. 
I've worked with systems that would make the kind of subcontracting you 
describe very difficult but in those cases you end up with the employer buying 
a special wifi router for their staff. A lot of managers will ask for a magical 
fix without understanding how much effort it takes to lock this down. For us in 
IT sometimes we just need to map out all the things that would need to be 
implemented and assign a $$$ value to them. Most companies will decide not to 
bother at that point.


Think of it like an arms race, at what point does your user have to jump 
through so many hoops that the act of enabling a subcontractor becomes more 
work than the actual job? Or, we could be Ted and go off on abusive rants about 
how IT people are autistic for even considering this type of solution. ;)
-Ben


P.S.  Hey Denis, I would have posted this info sooner since it's a pretty 
interesting question but was discouraged from doing so because Ted was trying 
to shit on everyone. May the Facts be with me :)

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

Don’t worry about it Denis.  Ben is passionate about what he's doing and what 
he sees himself doing in security at any rate is protecting the organization 
from the evil people out there.  Naturally he's going to be frustrated when 
faced with the reality of company politics and fiscal money-making that 
sometimes clashes with this directive.

A good manager would recognize that both Ben and the employee or contractor who 
are outsourcing are right.

Yes, outsourcing can leak company vitals.  But, it can also shortcut a problem 
and get a product out ahead of a competitor.  It is right and valid to question 
if it's worth the risk to outsource.  I don't know Ben's CEO but if I were that 
CEO I would drag him and the contractors and employees he's going after into a 
conference room and tell both of them to convince me which one is right.

Ted

-Original Message-
From: PLUG  On Behalf Of Denis Heidtmann
Sent: Saturday, April 22, 2023 4:39 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] 3rd party vpn Defense evasion

What (positive) contribution do your insults bring to the discussion? Can you 
find a less hostile way to contribute?

-Denis

On Sat, Apr 22, 2023 at 4:02 PM Ben Koenig 
wrote:

> Don't be such a dipshit.
>
> Yes, HR and Management are responsible for taking corrective action 
> against employees not doing their job. "Job" in this context being 
> defined by that employees contract so there's no reason for us to 
> speculate and pass judgement on whether or not IT should bother.
>
> What you seem to be missing in your attempt to over-compensate for 
> your sense of psychological supremacy is that in order to take correct 
> action from a management perspective, IT has to identify the digital paper 
> trail.
> That's what we do - We can and often should keep track of network 
> connections and report them accordingly. Whether that person gets 
> punished is not for us to say.
>
> And in some cases this has to be handled proactively. This kind of 
> subcontracting can create massive legal problems for some companies so 
> even if the manager goes and tells them to stop, its too late. Data 
> has been leaked and lawsuits start to fly.
>
> Sadly there are a lot of people in the modern linux community that 
> seem to believe that their understanding of IT trumps everyone else. 
> Small, inexperienced minds that see their own personal use case as 
> superior to all others.
> -Ben
>
>
> --- Original Message ---
> On Wednesday, April 19th, 2023 at 4:43 PM, Ted Mittelstaedt < 
> t...@portlandia-it.com> wrote:
>
>
> > For employees it depends if they are exempt or not. Any supervisory
> employee who can fire people is automatically considered exempt and 
> many other employee classifications (such as programming) are 
> considered exempt as well. (exemption is once more IRS and state 
> taxing authority determination that the company has no say over)
> >
> > If the employee is exempt from overtime then it's illegal for the
> company to require that they work a certain number of hours, or at 
> certain times. If the company DOES tell the employee this (that they 
> have to track their time) then the employee can hit them for mandatory 
> overtime (if they exceed 40 hours)
> >
> > Exempt/non exempt classifications are more commonly referred to as
> salaried/hourly employees.
> >
> > Long and short of it is you cannot use an online form to consider 
> > "work
> to be valid" for a salaried AKA exempt employee. Salaried employees 
> are paid BY THE JOB not by being logged into something for a certain time.
> >
> > Companies quite often forget that putting someone like a programmer 
> > on
> salary is a two way street. The benefit from the company's point of 
> view is they don't have to pay overtime for one of those 
> work-round-the-clock-push times. But in exchange for that, the 
> employee also doesn't have to work 40 hours every week either. A 
> decent salaried employee keeps an eye on time since it's an important 
> metric for how much work is reasonable to expect a salaried employee to do 
> but it is NOT the absolute metric.
> >
> > Companies who have tried to do it differently - that is, not pay OT 
> > and
> make you work late during crunch time - and still make you work 40 
> hours - regularly end up paying very large fines and back salary to 
> people when they get sued. It's healthy for that to happen for owners 
> of those companies to get slapped silly for trying to exploit workers 
> from time to time.
> >
> > Once more as I keep saying this needs to be handled from an employee
> management standpoint via managers and HR not from the IT department 
> trying to play God and the man

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

increase security or something like that.  IT 
will ALWAYS lose in any political argument with an exempt employee.  Remember 
that.

Unless of course, that exempt employee is not actually working in a position 
that legally qualifies as exempt.  For sure, there are foolish companies out 
there that think they can exploit workers and con them into working unpaid 
overtime who do not quality as exempt from OT.  And those companies routinely 
end up paying serious fines when they get caught.

I don't know why there is such confusion over what being an exempt employee 
means.  Being exempt from OT, ie: being salaried, effectively means that YOU 
are expected to be out there making money for the company any legal way 
possible because you are a stakeholder.  If you can do this by working 20 hours 
a week from home and never be in the office, then if the company has a CEO with 
any brains at all, they will tell every other employee in the company that 
complains about it to go pound sand.  If you can do this by violating every 
tenant of secure networking that IT hold dear, then if IT complains about it to 
the CEO IT will be told to pound sand.  Well run companies do NOT kill the 
geese that lay the golden eggs.  Even if those geese are stupid idiots.

And yes I have learned this from my years in IT.  I don't say that I like it.  
But, I like eating more, and food costs money so I too will side with the geese 
in a company laying the golden eggs even if it means telling my junior IT guys 
who have gotten puffed up reading the Best Practices security manual to pound 
sand.

Sorry about that.

Ted

-Original Message-
From: PLUG  On Behalf Of Ben Koenig
Sent: Saturday, April 22, 2023 4:02 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] 3rd party vpn Defense evasion

Don't be such a dipshit.

Yes, HR and Management are responsible for taking corrective action against 
employees not doing their job. "Job" in this context being defined by that 
employees contract so there's no reason for us to speculate and pass judgement 
on whether or not IT should bother.

What you seem to be missing in your attempt to over-compensate for your sense 
of psychological supremacy is that in order to take correct action from a 
management perspective, IT has to identify the digital paper trail. That's what 
we do - We can and often should keep track of network connections and report 
them accordingly. Whether that person gets punished is not for us to say. 

And in some cases this has to be handled proactively. This kind of 
subcontracting can create massive legal problems for some companies so even if 
the manager goes and tells them to stop, its too late. Data has been leaked and 
lawsuits start to fly. 

Sadly there are a lot of people in the modern linux community that seem to 
believe that their understanding of IT trumps everyone else. Small, 
inexperienced minds that see their own personal use case as superior to all 
others. 
-Ben


--- Original Message ---
On Wednesday, April 19th, 2023 at 4:43 PM, Ted Mittelstaedt 
 wrote:


> For employees it depends if they are exempt or not. Any supervisory 
> employee who can fire people is automatically considered exempt and 
> many other employee classifications (such as programming) are 
> considered exempt as well. (exemption is once more IRS and state 
> taxing authority determination that the company has no say over)
> 
> If the employee is exempt from overtime then it's illegal for the 
> company to require that they work a certain number of hours, or at 
> certain times. If the company DOES tell the employee this (that they 
> have to track their time) then the employee can hit them for mandatory 
> overtime (if they exceed 40 hours)
> 
> Exempt/non exempt classifications are more commonly referred to as 
> salaried/hourly employees.
> 
> Long and short of it is you cannot use an online form to consider "work to be 
> valid" for a salaried AKA exempt employee. Salaried employees are paid BY THE 
> JOB not by being logged into something for a certain time.
> 
> Companies quite often forget that putting someone like a programmer on salary 
> is a two way street. The benefit from the company's point of view is they 
> don't have to pay overtime for one of those work-round-the-clock-push times. 
> But in exchange for that, the employee also doesn't have to work 40 hours 
> every week either. A decent salaried employee keeps an eye on time since it's 
> an important metric for how much work is reasonable to expect a salaried 
> employee to do but it is NOT the absolute metric.
> 
> Companies who have tried to do it differently - that is, not pay OT and make 
> you work late during crunch time - and still make you work 40 hours - 
> regularly end up paying very large fines and back salary to people when they 
> get sued. It's healthy for that to happen fo

Re: [PLUG] MediaWiki configuration

[Ted Mittelstaedt]

My guess is that it's not the MediaWiki install that's the problem it's the 
dependencies.

On Ubuntu for example if you install apache first then php, it won't enable 
mod_php and may not even install it.

This causes endless problems with people who don't have a lot of experience 
installing this kind of software on Linux.  MediaWiki does have a installation 
requirements page that gives, for example a  generic install line for a fresh 
ubuntu installation that would install php and all of the dependencies properly 
but if the system is already setup and installed then it may not do it 
properly.  But of course, MediaWiki's page on doing this does NOT discuss all 
of the dependencies of the MediaWiki dependencies they are telling you to 
install so it's pretty lame - typical of UNIX man pages, it's only useful to 
someone who already knows what's in the man page. LOL.

If Keith is trying to install MediaWiki on a system that already has MoinMoin 
on it, and run both of them in parallel on the same system that may require 
some advanced configuration.

Keith, here is a soup-to-nuts install instruction set for you.  It only took me 
1.5 hours to make up, it's easy.  Note that the actual MediaWiki install only 
took about 15 minutes the rest was the server setup.  It assumes a fresh Ubuntu 
20 virtual image install on Amazon Web Services.  I'll leave the image up and 
running for a week and if you want to SSH into it then send me a userID and 
password you want to use and I'll setup a shell account you can use to login 
and look at the files and such.  The wiki is here:

https://media.portlandia-servers.com/w/index.php/Main_Pageand it's online 
now.

Instructions:

Setup a free account on AWS  https://aws.amazon.com/console/

Login to AWS portal as root user and go to EC2 Dashboard

Click Instances

Click dropdown on Launch Instances and Launch Instance

Name it "MediaWiki Test Server"

under Quickstart click Ubuntu

Leave it at Ubuntu Server 22.04 LTS  free tier eligible

Leave Architecture at 64 bit x86

Under Instance type leave it at t2.micro free tier eligible

Under key pair create a new key pair named "TESTMasterKeyPair"  Download it.

Under Firewall leave at Create security group and tick allow SSH and allow 
https and http

Select 30GB  of standard (mag media) root volume NOT encrypted) storage

click Launch Instance

Click back on EC2,  Instances

Click on the Instance ID

Copy the Public IPv4 DNS name in this case 
ec2-34-217-63-231.us-west-2.compute.amazonaws.com

Optionally CNAME it your DNS provider to some name.

Download private key file you created earlier

On windows, 
Browse to c:\program files\putty and run puttygen
  Click Load on existing private key
  Click Save and save it as the ppk file do not add a passphrase
  In Putty click Connection -> SSH -> Auth -> Credentials and load the ppk file

Use putty to initially ssh in:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

From Linux,

ssh -i " TESTMasterKeyPair.pem" 
ubu...@ec2-34-217-63-231.us-west-2.compute.amazonaws.com

After SSHing into the system with ID of ubuntu, sudo -s

adduser tedm, password whateveryouwant
add tedm into admin group,  vi /etc/group

go to /etc/ssh and modify sshd_config to have a YES in PasswordAuthentication
reboot

Now you can SSH in via a real SSH client like Teraterm normally instead of a 
stripped down emulator like putty

Give it a minute or to to finish rebooting then 
Ssh into ec2-34-217-63-231.us-west-2.compute.amazonaws.com

In the new server it's hostname is 

tedm@ip-172-31-20-73:~$ cat /etc/hostname
ip-172-31-20-73
tedm@ip-172-31-20-73:~$

Optionally, 
set domain name to what you want.  I'll use media.portlandia-servers.com for fun

sudo -s

change hostname to what you want

vi /etc/hostname

root@ip-172-31-20-73:/home/tedm# cat /etc/hostname
media
root@ip-172-31-20-73:/home/tedm#

then set your hostname in /etc/hosts

root@ip-172-31-20-73:/home/tedm# cat /etc/hosts
127.0.0.1 media.portlandia-servers.com media
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback

apt update
apt dist-upgrade
ok on newer kernel

reboot

ssh into media.portlandia-servers.com

sudo -s

apt install php

this installs php 8.1 and apache and mod-php8.1

apt install php-mysql

apt install mysql-server   this puts in mysql 8 client and server

From the line out of the mediaserver wiki install instructions here 

https://www.mediawiki.org/wiki/Manual:Installation_requirements

(strike the mariadb-server)

apt-get install php php-apcu php-intl php-mbstring php-xml php-mysql 
php-calendar  apache2

Now setup mysql:

mysql_secure_installation
No on validate password
when it goes into the loop asking for the password then erroring it, in another 
ssh session 

pkill -f mysql_secure_installation

this leaves mysql open.  As sudo -s in the first session

root@media:/home/tedm# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL 

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

For employees it depends if they are exempt or not.  Any supervisory employee 
who can fire people is automatically considered exempt and many other employee 
classifications (such as programming) are considered exempt as well.  
(exemption is once more IRS and state taxing authority determination that the 
company has no say over)

If the employee is exempt from overtime then it's illegal for the company to 
require that they work a certain number of hours, or at certain times.  If the 
company DOES tell the employee this (that they have to track their time) then 
the employee can hit them for mandatory overtime (if they exceed 40 hours)

Exempt/non exempt classifications are more commonly referred to as 
salaried/hourly employees.

Long and short of it is you cannot use an online form to consider "work to be 
valid" for a salaried AKA exempt employee.  Salaried employees are paid BY THE 
JOB not by being logged into something for a certain time.

Companies quite often forget that putting someone like a programmer on salary 
is a two way street.  The benefit from the company's point of view is they 
don't have to pay overtime for one of those work-round-the-clock-push times.  
But in exchange for that, the employee also doesn't have to work 40 hours every 
week either.  A decent salaried employee keeps an eye on time since it's an 
important metric for how much work is reasonable to expect a salaried employee 
to do but it is NOT the absolute metric.

Companies who have tried to do it differently - that is, not pay OT and make 
you work late during crunch time - and still make you work 40 hours - regularly 
end up paying very large fines and back salary to people when they get sued.  
It's healthy for that to happen for owners of those companies to get slapped 
silly for trying to exploit workers from time to time.

Once more as I keep saying this needs to be handled from an employee management 
standpoint via managers and HR not from the IT department trying to play God 
and the managers being wussies and afraid to talk to employees.

Is it simply that a large number of IT people are on the autism spectrum and 
have social anxiety disorder that they will literally waste weeks of company 
time on elaborate technical solutions that can be handled in 5 minutes by a 
manager walking up to an employee and saying "hey dude you know that thing you 
are doing with the VPN, well knock it off"

Or is it that their anxiety disorder and desire to Play God just drives them to 
believe that every other employee in the company is trying to screw IT???

Sheesh!!!

Ted

-Original Message-
From: PLUG  On Behalf Of Daniel Ortiz
Sent: Wednesday, April 19, 2023 1:39 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] 3rd party vpn Defense evasion

Disclaimer: some of the following if not all could be wrong.

Wouldn't it be easier to deal with the credentials side to avoid this problem 
in the first place? To illustrate what I mean, here's a theoretical idea that 
while it might be flawed (like potential security failures), could be useful in 
terms of guidance. When an employee logs in, it sends an email to their company 
Gmail account complete the login in procedure. They click the link to a Google 
form which requires them to be logged in to their company Google account for 
the submitted form to either work or be considered valid. Once, it's submitted, 
a program will allow them to finish the login process. Also, doing something 
with a company Google account could be helpful since Google records the devices 
you logged in with, which if a company can check that, they can see if there is 
any suspicious devices.

On Wed, Apr 19, 2023 at 10:29 AM Ishak Micheil  wrote:

> We're chasing this from data science side as well. As far as charting 
> the pattern of activity and flag anomalies.
> This should trap the subs since he/she won't be checking email, 
> responding to chat messages etc, or hopefully time of activity could give us 
> clues.
>
> I do agree, there are many VPN commercial services and they will never 
> advertise servers properties, besides there's lots of other open-VPN 
> options.
>
> We shall conquer!
>
> On Tue, Apr 18, 2023, 3:21 PM Ted Mittelstaedt 
> 
> wrote:
>
> >
> >
> > -Original Message-
> > From: PLUG  On Behalf Of John Jason 
> > Jordan
> > Sent: Tuesday, April 18, 2023 2:00 PM
> >
> > >It would be nice if VPN services advertised how effectively they 
> > >stop
> > others from finding out who and where you really are.
> >
> > They are never going to do this because they are constantly tweaking
> their
> > proprietary protocols to get around firewalls, and they don't want 
> > the firewall vendors knowing when they made a change to get past firewalls.
> > And given who some of the firewall vendors are, and what the

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Ishak Micheil
Sent: Wednesday, April 19, 2023 7:29 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] 3rd party vpn Defense evasion


>We shall conquer!

Ah, no you won't.  But go ahead and think that if it makes you sleep easier.  
And if you get seriously annoying to the subs they will start suing you for 
breech of contract.

Ted

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of John Jason Jordan
Sent: Tuesday, April 18, 2023 2:00 PM

>It would be nice if VPN services advertised how effectively they stop others 
>from finding out who and where you really are.

They are never going to do this because they are constantly tweaking their 
proprietary protocols to get around firewalls, and they don't want the firewall 
vendors knowing when they made a change to get past firewalls.  And given who 
some of the firewall vendors are, and what they do to people they don't like, 
this is very understandable.

This stuff is getting very advanced nowadays since many firewalls are doing 
deep packet inspection, and looking specifically for patterns in packet traffic 
that indicate it is VPN traffic encapsulated in regular http or https traffic.  
So the proprietary vpn clients will modify the encrypted traffic to make it 
look like regular https traffic.

Never forget that for you, me, and probably all the readers of this list, that 
creating using blocking and messing around with VPNs is really mainly an 
intellectual exercise, but that there are many people in the world in places 
like Russia and China where a secure VPN means not having people breaking their 
doors down in the middle of the night and hauling them off to prison - or worse.

Ted

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

I have to say reading this I had to get a floor jack to put my jaw back into my 
face it dropped so far.

This contractor has apparently discerned that you do NOT want him running a 
personal VPN on your network.  But, he doesn't give a crap about what you want, 
he's doing it anyway.  And on top of that he's doing it in a way to hide it.

Did it not occur to you that if he doesn't give a shit about your rules against 
running a personal VPN that there is going to be other stuff you care about 
that he's not going to give a shit about either?

Here's a thought.  When you issue contracts to contractors just explicitly 
prohibit subcontracting.  Then if John subcontracts anyway, then sue his ass 
out of business.

As I said earlier, technical blocks are NOT the way to handle this problem.

Ted

-Original Message-
From: PLUG  On Behalf Of Ishak Micheil
Sent: Tuesday, April 18, 2023 12:02 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] 3rd party vpn Defense evasion

The use cases I'm working on is to Prevent employees or contractors from 
subcontracting work.

John is a contractor,  hires someone else to do the work. Vdi setup,  he shares 
his creds with the subcontractor who possibly actually in a different country.  
Using  VPN services prior to logging in to mask thier locations .




On Tue, Apr 18, 2023, 11:07 AM Russell Senior 
wrote:

> Can you elaborate, in general terms, on what the goal is?
>
> --
> Russell Senior
> russ...@personaltelco.net
>
> On Tue, Apr 18, 2023 at 8:38 AM Ishak Micheil  wrote:
>
> > Greetings,
> > I am tasked to identify a solution to detecting users obfuscating 
> > their
> ip,
> > using verity of VPN services.
> >
> > What we've done
> > - Prevent users from installing software (VPN Cliens)
> >
> > - Possibly having a code on endpoints, to collect ip addresses tied 
> > to
> wifi
> > or LAN connection prior to attaching to VPN service,
> >
> > any other ideas?
> >
>

Re: [PLUG] 3rd party vpn Defense evasion

[Ted Mittelstaedt]

It's not going to be possible to block all VPNs.  If the users are smart and 
they have their own Internet connection at home then they can setup a SOCKS vpn 
proxy server on a PC on their home network then use dynamic dns with their home 
PC.  If you discover the traffic they can just reboot their home cable modem or 
whatever and get a fresh IP or change the listening port.

You really can only block the commercial or popular VPN servers out there to 
prevent the users who don't understand networking and are the point-and-click 
types from accessing the commercial services.  And most organizations that do 
this have found it a lot easier to just pay a commercial firewall provider like 
Palo Alto to maintain the block lists for them.

You can start here:

https://unit42.paloaltonetworks.com/person-vpn-network-visibility/

Keep in mind that many of the commercial firewall providers play both sides 
against each other.  For example, Fortinet sells both firewalls designed to 
block VPNs, and on the same firewall that you can configure to block vpn's from 
your internal network that are going out to VPN providers, you can set that 
same firewall device up to provide "crypto vpns" to your users that are 
designed to evade other people's firewalls (if your users are remoting in from 
someone else's network.  The irony is rather amusing.

The only way I've ever seen true blocking work is when a company has a policy 
that prohibits most employees with the exception of permitted ones from 
accessing the Internet completely.  That is, no web browsing, no zoom, no 
nothing.  And, that is VERY appropriate for certain classes of employees.  A 
checker in a grocery store has no need to be able to surf the web from their 
cash register that is running on a PC, for example.  So you list all the Ips of 
those registers in your firewall for complete outbound blocks.

But, if you do that all your good employees who are NOT abusing your internet 
service are going to quit on you and the bad apples who are using it for 
gaming, watching porn, and so on on company time will just bring their cell 
phones into the office and use cell carriers for Internet connection on 
personal cell phones and waste their time that way.

You cannot cover up CEO timidity on managing their people with technology.  You 
will just piss off the good eggs who will say "I don't need this shit" and quit 
on you, leaving the bad eggs who nobody else will hire and you are unwilling to 
fire because you are scared of them.  And if you block the bad eggs from 
wasting time on the Internet they will find plenty of other ways to waste time.

Putting IT as the opponent to users never works.  Users just quit going to IT 
with their problems and find other solutions (like personal VPNs) which most of 
the time cause more problems.  It may seem counterintuitive but the most 
productive companies out there unblock everything, have everyone sign AUPs that 
prohibit obvious crap like online gaming, porn, online gambling, personal 
shopping (except during lunch hour) and in general treat employees like adults 
and trust them and make it clear that there is safe harbor for any employee who 
reports another employee violating that trust.  (for any reason)  The only 
exceptions to this are certain kinds of transactions (such as cash handling) 
and the fact is the good eggs WANT IT monitoring that sort of thing just to 
protect themselves from being accused of theft, etc.

One of the biggest problems in HR today is HR departments being forced by the 
executive board to cover up malfeasance by managers, directors, and members of 
the C suite.  Stories of "secretary banging the boss and was reported to HR and 
they fired the person reporting it" are legion and are the quickest way to 
ruining your corporate culture and losing your talent.  A CEO absolutely needs 
to shut this sort of behavior down in their corporate culture.

One of the largest markets for firewall companies that make VPN blockers are 
schools, particularly high schools.  That's because you have an organization 
that by default pits the students against the administration.  The last thing 
any company owner should want is to seek to duplicate that kind of environment 
in their company.

Ted

-Original Message-
From: PLUG  On Behalf Of Ishak Micheil
Sent: Tuesday, April 18, 2023 8:38 AM
To: Portland Linux/Unix Group 
Subject: [PLUG] 3rd party vpn Defense evasion

Greetings,
I am tasked to identify a solution to detecting users obfuscating their ip, 
using verity of VPN services.

What we've done
- Prevent users from installing software (VPN Cliens)

- Possibly having a code on endpoints, to collect ip addresses tied to wifi or 
LAN connection prior to attaching to VPN service,

any other ideas?

Re: [PLUG] mini-phone plug splitters

[Ted Mittelstaedt]

Your welcome.  In the dawn of the PC age with the old school ISA Soundblasters 
and so on, they had "speaker/headphone outputs" and "line outputs" then later 
the makers combined them into one output.  I have no idea if they have 
circuitry to detect what is being driven and match impedance but I have had the 
experience many times of a set of powered speakers sounding like crap on one 
card while sounding quite good on a different one, so I know there must be 
impedance mismatches with certain speakers and card combos.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Monday, April 17, 2023 11:10 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] mini-phone plug splitters

On Mon, 17 Apr 2023, Ted Mittelstaedt wrote:

> I would be leery of putting 2 headsets off one audio output I would be 
> concerned with overloading the output transistors in the sound circuit.
> But powered speakers should be no problem.

Ted,

That's what I decided, too. I just ordered a dual-direction mini-phono switch 
box with volume control; I'll use it as 1-in, 3-out. That way only one output 
at a time will be active and powered.

Thanks very much,

Rich

Re: [PLUG] Audio card for clear voice output

[Ted Mittelstaedt]

Checking the Ebay sold listings the average price for one of those with cables 
and PCIe x1 card is above $250.   The price for a 64 bit PCI card with cables 
is above $150 and a 64 bit PCI card without cables is under $100.

However there's a TON of idiots hoping to score sales of $300 or above for 64 
bit PCI versions of those cards that lack the cables, apparently breaking the 
cables separately from the card and selling them separately, so Make An Offer 
is de rigueur with those.  (and, expect most of those idiots to sit on those 
cards until they rot, never selling them)

The cables are listed separately but few listings so you really got to do your 
research thoroughly here.

Ted

-Original Message-
From: PLUG  On Behalf Of Michael Barnes
Sent: Sunday, April 16, 2023 3:06 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Audio card for clear voice output

As a broadcast engineer who has dealt with computerized automation systems 
providing professional audio for FM radio stations, pretty much all I have used 
over the years for on-air play have been Audioscience cards. Not cheap, but 
they do the job. Linux friendly. Available with various combinations of input 
and output channels and analog and AES digital. Just be careful with the used 
market, as there are many out there that may not fit current motherboards.
Another caveat, you will need to get breakout cables/boxes to interface your 
audio. The cards have various connectors depending on model, usually some type 
of SCSI connector that the breakout cables end in XLRs.

Michael

On Sun, Apr 16, 2023, 14:20 King Beowulf 
wrote:

> On 4/16/23 06:42, Rich Shepard wrote:
> > The audio voice output quality from my Asus Prime X470-Pro is 
> > distorted
> and
> > unacceptable. I finally figured out that this is the issue with 
> > online meetings and news/youtube videos, not the speakers (although 
> > I just
> replaced
> > the Creative Pebbles with ProSonus studio monitors).
> ...
> >
> > Please provide recommendations for an add-in PCIe audio card that 
> > outputs clear voice as well as music to speakers and headphones/headsets.
> >
>
> Rich,
>
> Most of the Creative Labs Soundblaster Audigy series are well 
> supported with high quality.  You go have to check and pick the card 
> by chipset and not by price as there are various gaps in some 
> functionality in the myriad of available models.
>
> https://alsa-project.org/wiki/Matrix:Vendor-Creative_Labs
>
> (Alas, this list is not up to date.)
>
> Slackware-15.0 uses ALSA 1.25 and allows for replacing pulseausio with 
> pipewire.  Highly recommended.  PA literally sucks donkey balls. In
> Slackware-15.0 use:
> /usr/sbin/pipewire-enable.sh
> /usr/sbin/pipewire-disable.sh
>
> 2 years back I upgraded my motherboard sound (AMD Starship/Matisse HD 
> Audio Controller) and switched to the Core3D chipset on the CL 
> Soundblaster Z ($99.99 in 2021). The new motherboard did have only old 
> timey PCI slots so I was not able to recycle the nice SB Audigy 2 card 
> I was using.
>
>
> https://www.newegg.com/creative-sound-blaster-z/p/N82E16829102048?Item
> =N82E16829102048
>
> The newer version is
> https://www.newegg.com/creative-sound-blaster-z-se/p/N82E16829102110
>
> audio quality is excellent. The catch with Core3D is that you need a 
> newer kernel that the one Slackware-14.2 ships with 4.4.x).  IIRC, 
> Core3D support hit around kernel-4.18+
>
> I paired this with a Beyerdynamic headset (gaming version, there are
> others) - cat ate through the cord of a middling Turtle Beach headset.
> https://www.newegg.com/p/N82E16826380033?Item=N82E16826380033
>
> I usually skip trying to set stuff in the PA mixer GUI, other than to 
> disable the webcam audio and GPU's HDMI audio.  Alsamixer suffices, 
> and Slackbuilds.org has a equalizer plugin.
>
> -Ed
>
>
>

Re: [PLUG] mini-phone plug splitters

[Ted Mittelstaedt]

Maybe.

Much depends on the input impedance of the devices you are powering.  With 
audio you have "speaker" type loads (like a headphone) and "line input" type 
loads like an audio input to an amp.  A powered computer speaker is a line 
input while the headphones are probably unpowered and thus are 8 ohm or 
thereabouts.  It's generally no trouble to drive multiple "line inputs" from a 
single audio output but hooking multiple speaker type loads up reduces the 
impedance thus increasing the load in the audio output.

I personally also use a headset for Webex due to poor audio quality on the 
laptops that I typically carry.  But I use a USB headset or a Bluetooth one in 
the car for use with my cell phone.

I would be leery of putting 2 headsets off one audio output I would be 
concerned with overloading the output transistors in the sound circuit.  But 
powered speakers should be no problem.

Ted 

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Monday, April 17, 2023 10:43 AM
To: plug@pdxlinux.org
Subject: [PLUG] mini-phone plug splitters

Can I stack two mini-phone plug splitters?

I have three audio output devices: the ProSonus speakers, the Panasonic 
headphone, and the Yamaha headset. Now, the speakers and headset are on a 
spliter originating in the rear panel front speaker output jack. Can I add 
another splitter to keep the headphone connected, too, rather than turning the 
desktop and switching headphone/headset in the one splitter?

pavucontrol's configuration _should_ allow me to select the output device, or 
send the sound to all devices (with the speakers off.)

Or, I could buy a 2-in, 1-out (or 4-in, 1 out) dual-direction splitter and 
connect the 'in' to the desktop's audio jack and the three output devices to 
the 'out' jacks and manually switch among them.

Your thoughts?

Rich

Re: [PLUG] Audio card for clear voice output => Internet apps voice quality

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Monday, April 17, 2023 9:21 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Audio card for clear voice output => Internet apps voice 
quality


>I guess it's that most linux users won't pay $$$ for proprietary software 
>applications which means those companies won't offer a linux version despite 
>the OS being available for 32 years now.

Those companies make their money off charging fees for multiparticipant 
conferences, the client is just a means to get people snookered into paying an 
ongoing fee for the conferencing service.  It's like buying razors, they make 
their money off the blades, the handle they give away for free.  Same with 
inkjet printers they would give those away for free if they could do it  (they 
don't since people like me would get the free printer then smash it to prevent 
someone else from getting snookered, LOL)

The big 4  (Teams, Webex, Zoom, Google Meet) have the development dollars to 
produce Linux clients, and how good their Linux client is, is really dependent 
on the skill of their programmers IMHO.   And I'd ask the question if you were 
a top notch Linux programmer would you rather work for a company like Google or 
Cisco which is pretty Linux friendly and uses Linux in many of their other 
products, or a company like Zoom where the Linux client is a tacked-on 
afterthought?  

Microsoft is an oddity with Linux but MS Corporate has committed to Linux 
support in a lot of their products particularly server ones - that's why HyperV 
runs Linux guests and Azure can run Linux guests - and Microsoft, despite their 
focus on Windows - has other Linux/Unix apps as well.  For example NFS support 
is integrated into windows 10 and 11, and Windows Subsystem for Linux is also 
available for the desktop OSes.  And Microsoft also signed a legal deal with 
the Samba team 16 years ago to give access to SMB documentation and they have 
been cooperating with them (mostly) since.  But probably the largest "bury the 
hatchet" effort from Microsoft has been their ending of the IE 11 browser and 
replacing it's engine with the Chromium engine in Edge.

I don't think many people really understand the significance of that - there 
are a LOT of custom built websites and cloud apps as well as embedded crap that 
ONLY worked properly with the IE engine and Microsoft has taken a gigantic 
amount of heat from the userbase.  My largest major client still to this day 
has a critical medical app that requires IE 11 and I have had to do deep dives 
into GPO's and write up instructions for their IT group to keep it working on 
their network.  The vendor who provides that cloud app has been promising 
support for Chromium for years but keeps pushing it back at the last minute so 
they are clearly having a massive struggle rewriting the app

If I was a still-learning Linux programmer I know that very likely Cisco or 
Google would be out of my reach so given a choice between working for Microsoft 
and working for Zoom I'd take MS hands-down.

I don't like to knock programmers but you have to judge their quality by the 
results, and if you are seeing all your CPU cores pegged when you run the Zoom 
client I think there's a problem there that shouldn't be happening.  This is 
aside from the audio support.

Ted

Re: [PLUG] Audio card for clear voice output => Internet apps voice quality

[Ted Mittelstaedt]

Looks like it. What do other linux uses do who need to participate in Zoom 
meetings? Does the Zoom browser work better?

I believe that the Microsoft Teams web browser client runs on Chrome on Linux

Also supposedly Microsoft has Linux binaries for teams, see
https://linuxiac.com/how-to-install-microsoft-teams-on-linux-from-the-official-ms-repository/

I only have 1 client that uses this kind of conference software, and they use 
Webex.  Webex
Is also available for Linux:

https://help.webex.com/en-us/article/9vstcdb/Webex-App-for-Linux

The Webex free plan gives you 40 minutes the free MS teams plan 60 I believe.

Note that I have not tried any of these (zoom, teams or Webex) under Linux, 
sorry.  My Webex client is a Microsoft house. (with the exception of a CentOS 
sftp server used for backup for their phone system and around 10 access points 
running OpenWRT)

I don't know if you have control of both ends or if you are required to use 
Zoom but if you do have control of both ends I would try the other 2 contenders 
out.

Also a lot of people have Macs I have a Mac laptop (it's older and runs 
Catalina) that I haul out from time to time to build stuff on.

Normally I DO NOT recommend Mac laptops because the price value is ridiculous, 
you can plunk $4k down on a modern Mac Probook that will have rings run around 
it and be kicked in the ass by a $2k modern Intel laptop running any version of 
Linux you can find.

But there is a loophole and that is that since the Mac community is mostly made 
up of people who are like Tesla drivers, they want everything handed to them on 
a silver platter, any Macs that are no longer "orficially" supported by Apple, 
are rapidly dumped by that userbase into the trash and you can find tons of 
them on Fleabay for decent prices, here is a representative sample:

https://www.ebay.com/itm/225370261270

Couple a unit like that with the following:

https://dortania.github.io/OpenCore-Legacy-Patcher/

And you have a decent Mac running the latest MacOS for prices comparable to a 
decent PC running Linux.

My Probook is a 2009 model and runs Catalina perfectly.  And under the GUI, 
MacOS is Real Unix it's "realer" than Linux, even, since part of it came from 
FreeBSD and part came from NeXT.  I have yet to find a Linux application that 
hasn't been recompiled to run on MacOS

Ted

Re: [PLUG] Audio in?

[Ted Mittelstaedt]

Here's my solution to that:

https://www.ebay.com/itm/274405540451

https://www.thinkpenguin.com/gnu-linux/penguin-usb-20-external-stereo-sound-adapter-gnu-linux-tpe-usbsound

Ted

-Original Message-
From: PLUG  On Behalf Of Dick Steffens
Sent: Sunday, April 16, 2023 3:36 PM
To: PLUG List 
Subject: [PLUG] Audio in?

I have an old boom box and some audio tapes. I'm trying to run the headphone 
out of the boom box into the computer. I've tried the mic input on the front, 
and the back of my desktop, but none of my recording software finds the sound. 
I'm using Audacity. I also tried Audio Recorder with the same results.

Please apply the appropriate clue stick to let me record some audio from an 
external source.

Thanks.

--
Regards,

Dick Steffens

Re: [PLUG] Audio card for clear voice output => Internet apps voice quality

[Ted Mittelstaedt]

My mother is a piano teacher and during covid had to give lessons over zoom.

Zoom deliberately degrades audio quality to save bandwidth.

There is discussion on this here:

https://support.zoom.us/hc/en-us/articles/360046244692-Configuring-professional-audio-settings-for-Zoom-Meetings

Note that the Linux zoom client DOES NOT ALLOW the "enable original sound and 
high fidelity mode"  Only the windows client does.

I realize you are just concerned with intelligible voice.  But I suspect the 
various voice filters that Zoom puts in automatically are screwing you over.

There are numerous audio test MP3's out there on the Internet that are VOICE 
ONLY and NOT music that you can Google for.  Download some of those and play 
them on a typical music player or car stereo to know what they sound like.  
Then use them on your Linux box.  If they play well from the desktop then it's 
not your audio hardware or drivers.  It's Zoom.

Personally I prefer an MP3 of Led Zeppelin's Kashmir for audio testing...

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Sunday, April 16, 2023 3:45 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Audio card for clear voice output => Internet apps voice 
quality

On Sun, 16 Apr 2023, MC_Sequoia wrote:

> So, to be clear, do you only have a problem with inbound voice audio 
> quality from the Internet?

Mike,

Yes.

> Have you monitored resource, cpu/memory, usage when you're experiencing this 
> problem?

I've watched gkrellm.

> Maybe even shutdown and power back on your pc. Open up 1 browser 
> instance and only 1 tab for zoom or jitsi and test?

I rebooted yesterday morning to make the drives in the MediaSonic Probox mount 
and be visible.

> I suspect both Zoom & Jitsi are resource intensive web apps.

Zoom seemed to be useing all 8 cores/16 threads Friday. I could see the other 
attendees, and all of them could hear me, but I could not hear them using the 
headphones and the speakers produces very unclear (garbled?) output.

The new audio card is to be delivered tomorrow. I'll install it and test the 
voice output from 'Net videos.

I've not found a Zoom test meeting that sends me audio. When I have the test 
meeting open the video, mic, and headphones work fine. I assume that when I 
hear myself speak it's all local and not out to Zoom and back again.

Regards,

Rich

Re: [PLUG] the dreaded hang

[Ted Mittelstaedt]

X and friends have insisted on actuating the screensaver for a long time now 
and they use dpmi

I have found this does lock up some hardware.  Not just on Linux I've had 
Windows lock up various laptop hardware as well attempting to "save the LCD 
screen from burn in"  (I wasn't aware LCD screens burned but what do I know LOL)

For some reason X makes it damn near impossible to shut the screensaver off on 
boot so that the machine will just boot to the login screen and leave it on 
forever.  When the system is on a KVM it does NOT need a screensaver.  Nor does 
it need to be wasting CPU cycles on drawing "pipes" or other nonsense.

Various xset invocations once you login seem to disable the "screensaver"

Ted

-Original Message-
From: PLUG  On Behalf Of bri...@pounceofcats.com
Sent: Sunday, April 16, 2023 7:21 PM
To: Portland Linux/Unix Group 
Subject: [PLUG] the dreaded hang

Hi,

So i just finished putting together a new PC AMD K7/Asus MB.

if i leave it alone for some indeterminate amount time, on the order of 1 to 2 
hours, it decides to lock up - sort of. The caps lock key is still working, for 
example, but the monitor doesn't see a signal.

A few things that i've checked:

1 set the display shut-off to a few minutes and sat there and watched it shut 
off the display. Not a problem.

2 suspended it, unsuspended it, and it recovered. that was a shocker. suspend 
mode and linux have never worked for me. not ever.

Regardless i have suspend mode time set to never and i just now changed the 
display shut-off time to never.  Even though i watched it shut-off without a 
problem I'm still suspicious that it may be the problem (for example, maybe it 
has to stay in display shut off for a few minutes).

A couple of things i would like to do.

Is there a way to enable more detailed kernel tracing so i could look at a log 
file and see if can figure out if there's a particular activity preceding the 
problem ?

One thing that occurs to me as i'm typing this is that I did not try to SSH in 
and see if things were working - it could simply be a video card driver problem 
(AMD video card).

The odd thing is that it's running 100% reliably when i'm sitting at the 
computer

Any other things I might try to narrow down the problem ?



-- 
Brian

Re: [PLUG] Print jobs fail [UPDATE]

[Ted Mittelstaedt]

It was touch-and-go for a while there as to whether HP's competition to 
PostScript, that they invented to not have to pay Adobe's blackmail fees, 
PCL4/5/6/x, would gain market traction.  I also have a number of older HP 
printers including a large 5Si.   Unfortunately, they have all been loved to 
death and need various roller kits installed and so forth.  So they sit idle 
waiting for me to get time to attend to them.

But once PCL5 became dominant, like PostScript it's going to be around forever 
as well.  That is one of the few good things HP did for the printer market.

What is most irritating is the process of "chipping" cartridges to try to force 
people to buy the cartridges from the printer manufacturer but fortunately the 
Chinese have been very inventive in cloning them.

You should be able to get some money for your Phaser and it's supplies off 
Craigslist, certainly there is some Windows user who could still make use of it.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Wednesday, April 5, 2023 3:40 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Print jobs fail [UPDATE]

On Wed, 5 Apr 2023, Ted Mittelstaedt wrote:

> PostScript is UNIX's native printer tongue and will be supported forever.

Ted,

My HP LaserJet 5, purchased in 1997, has been supported by Red Hat and 
Slackware. I added the last double-side addon soon after. It's still excellent 
and had one tune-up about 7 years ago. Great product!

Regards,

Rich

Re: [PLUG] Print jobs fail [UPDATE]

[Ted Mittelstaedt]

That also has PostScript 3 emulation as well as PCL5 emulation.

I myself recently bought a Canon ImageClass MF453dw which also has the same 
emulations

PostScript is UNIX's native printer tongue and will be supported forever.

The whole 
postscript-application-output-to-filter-to-weird-crazy-binary-input-nonsense-to-printer
 couldn't die quickly enough.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Wednesday, April 5, 2023 11:59 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Print jobs fail [UPDATE]

On Wed, 5 Apr 2023, Ted Mittelstaedt wrote:

> Rich, According to the following:
> https://www.pcmag.com/reviews/lexmark-c3326dw

> " In addition to Lexmark's standard page description language (PDL), 
> the C3326dw aims to provide better compatibility with desktop 
> publishing and graphics design applications, as well as integration 
> with a few specific enterprise environments and workflows, by 
> emulating HP's Printer Command Language (PCL) versions 5 and 6, as well as 
> Adobe's PostScript 3"

> So since it supports Postscript, none of the driver baloney used by 
> cups is necessary at all.

Ted,

Thanks. I invested the extra money and purchased a Lexmark C3426DW printer.

Regards,

Rich

Re: [PLUG] Print jobs fail [UPDATE]

[Ted Mittelstaedt]

Rich, According to the following:

https://www.pcmag.com/reviews/lexmark-c3326dw

" In addition to Lexmark's standard page description language (PDL), the 
C3326dw aims to provide better compatibility with desktop publishing and 
graphics design applications, as well as integration with a few specific 
enterprise environments and workflows, by emulating HP's Printer Command 
Language (PCL) versions 5 and 6, as well as Adobe's PostScript 3"
>

So since it supports Postscript, none of the driver baloney used by cups is 
necessary at all.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Tuesday, April 4, 2023 8:48 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Print jobs fail [UPDATE]


So, I guess I need to replace the printer with one that has a more current 
linux driver.

The Lexmark C3326DW has 64-bit linux drivers, including:

Re: [PLUG] Print jobs fail [UPDATE]

[Ted Mittelstaedt]

rwise you are going to have to get very dirty and grubby with the cups 
config file I'm afraid.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Tuesday, April 4, 2023 5:57 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Print jobs fail [UPDATE]

On Mon, 3 Apr 2023, Ted Mittelstaedt wrote:

> What does /var/log/cups/error_log say?

Ted,

The latter portion when I tried to print a test page to the color laser is 
large; a gzipped file is available from 
<http://www.fileconvoy.com/dfl.php?id=gb8f3b53246fe89ba1000487108de1abe11f607ddac>

The recommended changes at the top appear only on the section for the colorp 
printer, not the LJ5. And at least the first one is present in both files.
There are some errors shown; I don't understand what to do about them.

> What versions of linux?

Slackware64-14.2

> Is ghostscript installed?

Yes.

Rich

Re: [PLUG] Print jobs fail [UPDATE]

[Ted Mittelstaedt]

What does /var/log/cups/error_log say?

What versions of linux?

Is ghostscript installed?

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Monday, April 3, 2023 3:36 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Print jobs fail [UPDATE]

On Mon, 3 Apr 2023, Rich Shepard wrote:

> How do I find what filter that is and how would I fix it?

Installed here are:
cups-2.1.4-x86_64-2_slack14.2
cups-compat32-2.1.4-x86_64-1compat32
cups-filters-1.9.0-x86_64-2
cups-filters-compat32-1.9.0-x86_64-2compat32
cups-pdf-3.0.1-x86_64-1_SBo
pycups-1.9.73-x86_64-1

Looking on the CUPS github repo I learned that the cups and cups-filters 
versions should still work. But I could not find what filters exist, which one 
failed, and what to do about it.

On the CUPS web page (localhost:631), printer maintenance -> set default 
options the entire page is in French, but I activated the printer and set the 
paper size to letter from A4. Still no joy.

Rich

Re: [PLUG] Google Bard - entry level sys-admin, learning fast?

[Ted Mittelstaedt]

Fast Start is sometimes fixed by a BIOS update.  I suspect MS changed the API 
used to talk to BIOS from Windows regarding hibernation and such at one point.

At least with windows it is possible to disable Telemetry.  Not possible with a 
cell phone unless it's a rooted Android phone and none of the carrier-sold 
phones seem to permit unlocking the bootloader.  Since most people buy their 
cell phones from the carrier, it pretty much means rooting is off the table

And for the iphone it's not even on the table at all no matter who you buy your 
phone from.  They are even a worse company than Google and Microsoft in this 
respect.

My Pixel6a has my Omrom BP software on it that talks to my BP cuff, my fitbit 
on it, my scale data.  If they want they can get every biological bit of data 
they want on me, where I am at, pretty much everything except for maybe how 
many times I have sex.   Oh wait:

https://www.forbes.com/sites/kashmirhill/2011/07/05/fitbit-moves-quickly-after-users-sex-stats-exposed/?sh=56583aba4327

LOL.   Seriously, I had the thing rooted within 6 hours after buying it.

Ted

-Original Message-
From: PLUG  On Behalf Of Ben Koenig
Sent: Thursday, March 30, 2023 1:14 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Google Bard - entry level sys-admin, learning fast?

The initial response included instructions for scanpst.exe. I didn't copy it in 
because it was HUGE. Took forever for it to print out in their interface. 

But the reason I tried that question was because a few weeks ago I actually got 
that from a user at the company I'm working at. He was having an ongoing 
problem with this error message and previous attempts by tech support to fix it 
had failed. This included running scanpst.exe, but the problem kept coming back 
no matter how many times he rebooted his PC.

Turns out He was on windows 10 and kept doing a "cold boot" by shutting 
down the laptop ("shutdown" from the start menu) and then booting it back up. I 
had him try "restart" instead of "shut down" and the problem magically went 
away. Also resolved a few other issues as well. So I disabled FAST START (the 
feature responsible for the behavior that he was experiencing) and the user was 
super stoked to finally have this fixed.

This leads me to wonder if any AI chat technology sponsored by a given company 
will have the ability to question the functionality of a product designed by 
said company. Will MS-sponsored AI be able to recognize that Windows is just a 
piece of shit and consider implementing workarounds that DISABLE functionality 
that MS wants to push on users? Seems like a conflict of interest.

-Ben


--- Original Message ---
On Thursday, March 30th, 2023 at 12:41 AM, Ted Mittelstaedt 
 wrote:


> What is COMPLETELY STUPID about that advice is the OST file is ONLY created 
> when Outlook is connected to an Exchange server and it is a duplicate of the 
> mailbox in the Exchange server database.
> 
> You also can't delete cached mode since the Exchange server sends out a GPO 
> that enforces whatever way it wants to setup.
> 
> So if it gets corrupted the fix is simple - delete the Outlook profile and 
> create a new one and login and the OST file will be recreated.
> 
> It is the PST file that you use repair tools and other such nonsense 
> on. And the Microsoft supplied tool is scanpst.exe
> 
> Incidentally the most common PST error I ever see is caused by corruption 
> from spams.
> 
> Ted
> 
> -Original Message-
> From: PLUG plug-boun...@pdxlinux.org On Behalf Of Ben Koenig
> 
> Sent: Wednesday, March 29, 2023 11:44 PM
> To: Portland Linux/Unix Group plug@pdxlinux.org
> 
> Subject: Re: [PLUG] Google Bard - entry level sys-admin, learning fast?
> 
> --- Original Message ---
> On Wednesday, March 29th, 2023 at 6:13 PM, Keith Lofstrom kei...@kl-ic.com 
> wrote:
> 
> ...
> 
> > Career sys-admins, take note. You may want to retrain as a career 
> > re-trainer; many sys-admins may soon be looking for new careers.
> > ...
> 
> 
> On this particular note... I decided to give chatgpt a test and see how it 
> handles a basic tech support question. I'm abbreviating the responses due to 
> hardcore mansplaining.
> 
> Q: My Outlook is giving me an error saying that the OST file is corrupted. 
> How do I fix it?
> 
> The provided response was pretty large. Lots of instructions for a tool that 
> repairs the OST file which is common. Also includes a last resort step to 
> recreate the file entirely. So I issued a follow up question...
> 
> Q: I tried to re-create my ost file but that didn't work.
> 
> A: It recommended disabling cached mode. Recommended using a third party tool 
> to repair the OST file, and then dropped this beautiful piece of advice into 
> the chat.
&g

Re: [PLUG] a question for Google Bard

[Ted Mittelstaedt]

How is it that a 2nd vpn tunnel coming in is authenticating in?

Ted

-Original Message-
From: PLUG  On Behalf Of American Citizen
Sent: Thursday, March 30, 2023 4:45 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] a question for Google Bard

Paul:

I am acquainted with nmcli. What I have to track down is where a 2nd vpn tunnel 
is coming from. It's not visible in the cable/modem/router end, and it was only 
caught by using wireshark in raw mode.

I actually automated setting up the openvpn connections working from 
presupplied ones from a certain email company by cli scripts.

Sorry, I should have pointed this out in the question for Google's Bard.

Randall

Re: [PLUG] Google Bard - entry level sys-admin, learning fast?

[Ted Mittelstaedt]

What is COMPLETELY STUPID about that advice is the OST file is ONLY created 
when Outlook is connected to an Exchange server and it is a duplicate of the 
mailbox in the Exchange server database.

You also can't delete cached mode since the Exchange server sends out a GPO 
that enforces whatever way it wants to setup.

So if it gets corrupted the fix is simple - delete the Outlook profile and 
create a new one and login and the OST file will be recreated.

It is the _PST_ file that you use repair tools and other such nonsense on.  And 
the Microsoft supplied tool is scanpst.exe

Incidentally the most common PST error I ever see is caused by corruption from 
spams.

Ted

-Original Message-
From: PLUG  On Behalf Of Ben Koenig
Sent: Wednesday, March 29, 2023 11:44 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Google Bard - entry level sys-admin, learning fast?

--- Original Message ---
On Wednesday, March 29th, 2023 at 6:13 PM, Keith Lofstrom  
wrote:
...
> Career sys-admins, take note. You may want to retrain as a career 
> re-trainer; many sys-admins may soon be looking for new careers.
> ...

On this particular note... I decided to give chatgpt a test and see how it 
handles a basic tech support question. I'm abbreviating the responses due to 
hardcore mansplaining. 

Q: My Outlook is giving me an error saying that the OST file is corrupted. How 
do I fix it?

The provided response was pretty large. Lots of instructions for a tool that 
repairs the OST file which is common. Also includes a last resort step to 
recreate the file entirely.  So I issued a follow up question...

Q: I tried to re-create my ost file but that didn't work.

A: It recommended disabling cached mode. Recommended using a third party tool 
to repair the OST file, and then dropped this beautiful piece of advice into 
the chat.

"If none of these solutions work, you may need to contact your IT department or 
an IT professional for further assistance."

I just love how it repeated the standard MS response. Every BSoD includes that 
message and being the LLM that it is, regurgitated what is probably one of the 
most common error messages to ever exist. Do we have any reason to believe that 
Bard is any better?
-Ben

Re: [PLUG] Google Bard - entry level sys-admin, learning fast?

[Ted Mittelstaedt]

I read through that and my rule of thumb on those is anyone offering investment 
advice better have 100M in net worth if I'm going to pay any attention to what 
they have to say.  If his AI isn't working to get him 100M it's definitely not 
going to help me.

The fundamental problem with AI though isn't whether you can make it work or 
not.  The fundamental problem is liability.
 
Suppose I can build an AI program that has a 99.9% success rate at driving a 
vehicle.   It has crashes/accidents at the rate of .01% which is far better 
than 99% of humans out there who drive cars.

Note that the very paper you quoted talks about safety protocols in AI to 
REDUCE the chance of problems.  Not eliminate them.  So already, that paper is 
assuming that any AI system is going to have an error rate.

You can argue that more lives would be saved if the government passed laws that 
required every driver to stop driving and substitute my AI.  And it would 
absolutely reduce accidents and save lives.  That can be proven.

But what you CANNOT do is find a car company that would build a car with that 
AI under that kind of legal system because if drivers are required by law to 
give control over to an AI then liability for the .01 accidents that DO happen 
is going to fall on the car company.  And with the number of cars out there and 
mileage driven by them .01 would be billions of dollars in payouts a year to 
cover AI errors.

Uber got it's hands burned by the Elaine Herzberg accident and sold off it's AI 
vehicle control division.  They learned what I had been posting on car forums 
for years before anyone started testing AI controlled vehicles - there WILL be 
accidents.

You are also NEVER going to find a car buyer who will buy a car that requires 
them to give up control over the vehicle - yet makes them personally liable for 
any accidents (errors) that the AI has with that vehicle.

So AI for vehicle control is dead.

And by extension if you think about it, because of that same problem, AI 
control of anything else having to do with health and human safety is also 
dead.   Forget an AI controlled surgeon for example.  Or an AI controlled 
electrical grid, or nuclear reactor or anything else.

This is why we don't have AI controlled jet planes.  Even though they have 
autopilots they still require a human's butt to warm a chair in the cockpit.  
Because of liability.

You may be able to sell an AI controlled weapon since weapons by definition 
have no liability.  For now.  There is a huge movement to make gun makers 
liable, though.

But the more you think about this the more you realize the inherent problems in 
AI.   You put an AI in charge of customer service for let's say a cellular 
phone company and you WILL see a rise in complaints, tarnished reputation of 
that company, and decreased sales as a result.  The business owner is 
eventually going to see the AI as a liability and jettison it.

I've been involved in high tech for years now and every few years there is 
ALWAYS some new technology that everyone in high tech thinks is going to 
fundamentally change things.   AI is just the latest one in a long list of 
these.

The ONLY new tech I've ever seen in my life that did fundamentally change 
things is communications tech advancements like the Internet, cell phone 
texting, and so on.   The new tech that lasts and becomes dominant is ALWAYS 
tech that facilitates human-to-human communication.  Bet on that and you will 
never lose.  This very mailing list is proof of that.

Ted

-Original Message-
From: PLUG  On Behalf Of John Sechrest
Sent: Wednesday, March 29, 2023 10:23 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Google Bard - entry level sys-admin, learning fast?

Let me suggest that much of our understanding of reasoning is not in the boxes 
that we think it is in.

Let me point you to this paper:
https://yoheinakajima.com/task-driven-autonomous-agent-utilizing-gpt-4-pinecone-and-langchain-for-diverse-applications/

and let me suggest that you look at what he is doing with http://yohei.me

and his twitter address http://twitter.com/yoheinakajima

A bit shift has happened. We are still in the process of understanding what it 
means.



On Wed, Mar 29, 2023 at 10:05 PM MC_Sequoia 
wrote:

> "Career sys-admins, take note.  You may want to retrain as a career 
> re-trainer; many sys-admins may soon be looking for new careers."
>
> Color me very skeptical. One large blind spot of AI is context and/or 
> situational understanding.
>
> A few examples.
>
> The AI that made a digital stick person fall on it's face then stand 
> up on its head and fall over again then repeat as the fastest way for 
> the person to get from point A to Point B.
>
> The AI security camera that was defeated by a group of Marines who 
> snuck up on it by posing as a cardboard box, bush, trashcan or just by 
> doing somersaults and not moving like a normal human being would.
>
> If I had a nickel for every time some 

Re: [PLUG] Google Bard - entry level sys-admin, learning fast?

[Ted Mittelstaedt]

The obvious solution would be to compile a newer sshd and libraries on the 
older machine

Ted

-Original Message-
From: PLUG  On Behalf Of Keith Lofstrom
Sent: Wednesday, March 29, 2023 6:14 PM
To: plug@pdxlinux.org
Subject: [PLUG] Google Bard - entry level sys-admin, learning fast?

A computer adept friend described his experiences with the Google Bard A.I. 
(which is probably subscribed to this list, howdy Bard!  Surname first, are you 
Asian?)

Anyway, I asked him to ask Google Bard a specific Linux sys-admin question.  
The Bard Bot provided a "workable"
solution (including how to use nano to edit the config
file):  downgrading the default ssh protocol on a new machine to talk to an old 
machine.  That does work, but screws up default ssh to other machines.  

(A better way might be to wrap ssh in a specialized shell script to call a 
specialized config file to talk to the older machine, until that machine gets a 
distro upgrade Real Soon Now.  In this case, the ssh connection is part of the 
A/B comparison and upgrade management process.)

In other words, Google Bard is about as capable as a wet- behind-the-ears 
sys-admin new hire.  Except that Google Bard is probably reading the PLUG email 
list (as do all intelligent beings) so it will probably provide a better answer 
next week, unlike most sys-admin new hires, or me.

Career sys-admins, take note.  You may want to retrain as a career re-trainer; 
many sys-admins may soon be looking for new careers.

Keith

-- 
Keith Lofstrom  kei...@keithl.com

Re: [PLUG] External drive issue

[Ted Mittelstaedt]

Air gapped backups are super important.   One of my clients once was gunned by 
an attacker that erased the backups off their NAS.  I had pushed for them to 
have air gapped backups and they did but they didn't really believe in them.  
That made them a believer!

Ted

-Original Message-
From: PLUG  On Behalf Of Michael Ewan
Sent: Friday, March 24, 2023 3:50 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] External drive issue

I generally keep at least three copies of important stuff, the original, the 
rsync backup, and another rsync on a different machine (that one also has cloud 
backup). For really important stuff I have an air gap off site disk with a copy 
of everything (the problem there is remembering to refresh it).

On Fri, Mar 24, 2023 at 11:44 AM Rich Shepard 
wrote:

> On Fri, 24 Mar 2023, Michael Ewan wrote:
>
> > Note, mkfs.xfs is done on the raid1 disk set, not on the individual
> drives.
>
> Michael,
>
> Got it. I'm seriouly considering formatting both with xfs, installing 
> dirvish on /dev/sde1 then using rsync to keep /dev/sdf1 as a mirror. 
> Not being combined into a logical volume I shouldn't again lose all 
> backups because the lv failed and wiped both disks.
>
> Thanks,
>
> Rich
>

Re: [PLUG] Ubuntu MATE LTS 3 years vs 5 for non-LTS

[Ted Mittelstaedt]

I noticed that Free Geek switched to Mint for those PC's they sell a while ago.

Screenshots of mint mate seem to be a mix of win 10, win 11 and MacOS desktop 
stirred together with a strong win10 motif

But the $64k question can you still run older GTK2.0 apps on the desktop?

Ted

-Original Message-
From: PLUG  On Behalf Of W7DAL
Sent: Friday, March 24, 2023 1:19 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] Ubuntu MATE LTS 3 years vs 5 for non-LTS

Try*Linux Mint Mate* latest version. They have finally made Linux user friendly 
to the point I'm comfortable recommending it to non-tekkie friends. I've been 
following Linux from the earliest days.

Good Luck!

-Dave


On 3/24/2023 12:43 PM, Keith Lofstrom wrote:
> I tried transitioning from Scientific Linux to Redhat LTS (not "L" 
> sadly).  That went away.
>
> Then I tried using Ubuntu Mate 20.04 LTS (horrid startup behaviors, 
> but 22.04 is worse).  I get this email today:
>
> -
> As of 30 April 2023 Ubuntu MATE 20.04 LTS has reached EOL (End of 
> Life) and is no longer supported.
>
> Being a long term release (LTS), official Ubuntu flavors are only 
> supported for **3 years**, as opposed to Ubuntu's 5 years.  This means 
> MATE components of your system will no longer receive updates after 
> today, but foundational components will continue to receive security 
> updates from Ubuntu.
> -
>
> Hrm.  In Ubuntu-land, LTS long term support means less
> time supported.   And today is April 30.
>
> So, sandwiched between way too many non-software engineering tasks, 
> I'm transitioning to Debian Mate.
> So far, Debian is pain relief.
>
> No promise of LTS, but upgrades seem effortless and the dancing 
> paperclips and snaps and gesture GUI are absent.
> Smaller RAM footprint, therefore I can keep using my "tall-screen" 3x4 
> laptops for their principal function, reading and writing A and A4 
> format documents.
>
> We'll see how this goes.  I fear that gesture GUI (which requires 
> steady hands, no tremor) will eventually take over the Linux desktop, 
> so I may have less than a decade to complete 
> important-to-the-world-IMHO keyboard-driven computing and writing 
> tasks.
>
> Sigh.  The world will not end with a bang, instead a "tweet".
>
> Keith L.
>

Re: [PLUG] External drive issue

[Ted Mittelstaedt]

I try to run my disks less than 70% full otherwise you get too much 
fragmentation, so if you are rsyncing you are essentially backing up empty 
disk, unless of course your disks are very full.  I use external USB docks and 
bare drives I can plug in and do filesystem backups to those.  Some of these 
setups I can fit 2 or 3 backups on the external disks depending on how modern 
the dock is and if is compatible with the USB chip in the server it's plugged 
into.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Friday, March 24, 2023 11:41 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] External drive issue

On Fri, 24 Mar 2023, Ted Mittelstaedt wrote:

> I never depend on RAID either RAID5 or mirroring for backup purposes.

Ted,

Since having 2 drives in a RAID1 array and mirrored in a logical volumne for 
backup, and both drives were somehow wiped, I'm thinking of using only one disk 
(with xfs installed) for /media/backup and using a cron job (running after the 
daily backup at 00:30) to rsync to the other disk. That way I have two mirrored 
backups independent of each other.

I'll ponder this overnight. Having separate hard drives containing the same 
backups (one written by dirvish the other rsync'd) seems to me to be less 
likely to both fail at the same time.

Regards,

Rich

Re: [PLUG] External drive issue

[Ted Mittelstaedt]

I never depend on RAID either RAID5 or mirroring for backup purposes.

RAID's usefulness is if in the middle of the day (or in the middle of a backup) 
a hard drive fails then the server does not unceremoniously shut down.

Instead I can take a final backup of the server then do whatever to replace the 
disk

With hardware RAID cards that may simply mean swapping the failed disk and the 
hardware card takes care of rebuilding the array by itself.

With software that may mean the array is scotched.  I have attempted in the 
past to replace disks on software arrays.  Sometimes it works sometimes it does 
not.  Sometimes in the process of rebuilding the primary disk craps out.

With small "desktop" servers I use mirroring simply because disks nowadays are 
cheap, and I'll use whatever RAID is available.   Often it's so-called 
"fakeraid" because that way the server will boot off the "raid" array.

Since the disks in these are purchased at the same time, when 1 goes I usually 
just replace both if they are out of warranty (and they usually are)  recreate 
the array and restore from backup.  Often I'll regen the entire server.

I have several servers with "fakeraid" chips in them and they are 1U with only 
2 slots for disks, so they have mirrored disks in them, and the process to get 
the OS installed and working so that the system will boot off the "raid" array 
is so cumbersome that it isn't even possible to upgrade the OS.  Ubuntu's 
developers in particular hate fakeraid with a passion and in every new version 
are constantly screwing with the drivers so you have to find new ways to set 
them up.  Some fakeraid chips write metadata to the end of the disk and GPT 
tables will overwrite those so I have to setup the disks as MBR (and no larger 
than 2TB of course)

It's usually a lot of fun to update to a new version on these.  But, the 1U 
server form factor is pretty restrictive in terms of what disks you can use.  
For cost most of the time I use 3.5" SATA disks.   I have not found SAS drives 
to be worth the money, I'll spec em for customers since they will lay out the 
cash for them but I use disks I can buy over the counter for my personal stuff.

It is a constant battle with disk drive makers who seem to have forgotten that 
the I in raid means INEXPENSIVE drives, not "independent" drives.  They have 
prices jacked up sky high for anything that they think isn't going to retail.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Friday, March 24, 2023 9:37 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] External drive issue

On Fri, 24 Mar 2023, Rich Shepard wrote:

> Checking cfdisk for both /dev/sde and /dev/sdf shows both having free 
> space for the entire disk.

A question for the professional sysadmins: having both disks in a mirrored
RAID1 array as a logical volumn fail, does it make sense to rebuild the RAID, 
vgs and lv?

Since a mirrored copy didn't save my backup history, perhaps I should use only 
one disk for backp and save the other as a spare.

Your professional opinion?

TIA,

Rich

Re: [PLUG] Apache Cordova

[Ted Mittelstaedt]

I thought this killed it:

https://devblogs.microsoft.com/appcenter/announcing-apache-cordova-retirement/

When the owner of github turns it's back on a tech it's probably a good idea to 
ask why

You may only be interested in developing iphone apps but Google has Android 13 
deploying now (I just bought a new
Pixel 6a 3 days ago and rooted it, and it's updated to Android 13) and Google 
also recently released a statement that once a year they are going to be 
deprecating apps from the PlayStore that don't meet current API level.  And 
they change API levels at least once a year it seems.  Cordova is not at that 
API level yet.

I think most mobile app developers who need cross-platform who are 
windows-centric devs are using Xamarin and Linux devs are using Flutter but 
that's just my impression.  Personally when I built my last mobile apps I 
eschewed iphone support and built Android apps using Android Studio and the 
tutorials on Google's website to do it.   While iphones are hugely popular in 
the United States they are a minority phone in the rest of the world (yeah I 
know I'm going to get a bunch of people screaming at me for that)  Plus, in my 
humble opinion, the most interesting apps (to me) are lower level networking 
apps and you cannot build a packet-flooder that will run on an iphone (well, at 
least not on one that's not jailbroken) while you can for Android (provided 
it's rooted).  I don't think a lot of people realize but once you root an 
Android phone you can compile C apps directly on Linux into binaries that will 
run on the phone, I've done it.

I just have a "thing" about being able to turn off all the crapware that Apple 
and Google like to load on phones.  It's MY phone, dammit, not their device 
they can use to track me.  Apple acts completely insane about jailbroken phones 
and goes on a rampage anytime someone figures out how to do it and has been 
known to push OTA updates that brick jailbroken phone, while Android ecosystem 
is pretty supportive of rooted phones, as long as you are willing to buy them 
not get some carrier to give you a "free phone"   So I don't have much use for 
the iphone and little interest in making one of my Android apps run on one.

Ted

-Original Message-
From: PLUG  On Behalf Of Jake Bottero
Sent: Friday, March 24, 2023 12:41 AM
To: Portland Linux/Unix Group 
Subject: [PLUG] Apache Cordova

Anyone use Apache Cordova to build phone apps? Opinions?

Re: [PLUG] External drive issue

[Ted Mittelstaedt]

Does

Mdadm -Q /dev/data2   or  mdadm -Q /dev/sdX  (whatever th actual disk is) show 
the disk is part of an array?

cat /proc/mdstat   does that show the array is reassembling?

Take a look at the commands here:

https://www.digitalocean.com/community/tutorials/how-to-manage-raid-arrays-with-mdadm-on-ubuntu-22-04

I've never used a probox but it appears to have no intelligence and merely acts 
as a USB drive enclosure for multiple disks, so I'm assuming your disks show up 
as individual USB disks

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Thursday, March 23, 2023 2:12 PM
To: plug@pdxlinux.org
Subject: [PLUG] External drive issue

I turned off the desktop and removed the power cord to replace the video card. 
The MediaSonic Probox also powered down. When I plugged in the desktop and 
turned it on, along with the Probox, the two single drives in the Probox
(/data2 and /data3) automatically mounted, but the 2-drive logical volume,
/dev/md0 did not mount. When I try to mount it manually I find that it /doesn't 
exist.

I've gone through this video card swapping several times this week with the LV 
mounting, either automatically of when I do so manually.

Where do I start looking for the reason it's not now seen?

Rich

Re: [PLUG] New monitor issues [RESOLVED]

[Ted Mittelstaedt]

I carry a box full of video adapters with me because I see this CONSTANTLY with 
people buying new monitors that lack whatever port on them is directly 
compatible with whatever port is on the video card.

Let me explain the nitty-gritty of these adapters.

DisplayPort was designed for use with passive (chipless) DP to HDMI cables and 
cable adapters.  What happens is when you plug an HDMI cable into an adapter 
and the adapter into a DP, the chip in the video card senses that you are using 
an adapter and chances the signal from DP to HDMI or from DP to DVI depending 
on what adapter in use.  This is referred to as multi-mode or DP++ technology.

This is why you generally can't go from DVI output "backwards" into HDMI input 
on the monitor.

An HDMI port on a video card by contrast has no logic, and if you are going to 
use an HDMI output on the video card to DP input on the monitor your adapter 
cannot be passive it must be active with a chip in it.

The same thing exists if you are going from DP or HDMI on the graphics card to 
VGA input on the monitor.

The biggest problem with "active" adapters is they usually attempt to steal 
power from the HDMI output or DP output on the card.  There is VERY LITTLE 
power available from these ports and it can often screw things up.

Most of the time the passive adapters work OK but what what screws those up are 
cheaper video cards that don't properly handle DP++ or shoddy contacts.  The 
more adapters you plug in between the video card and the monitor the more 
opportunity you have to poor contacts that don't transmit the signals properly.

Going from HDMI to DP or VGA or DVI is the biggest opportunity for screw up.

Generally going from DP to HDMI is not a problem UNLESS the adapter itself has 
bad contacts.  I have a couple of those video adapters - look perfect, even 
looking inside with a magnifying glass the contacts look perfect, the 
connectors solidly lock, no evidence of bending strain on the cord - yet no 
signal whatsoever that goes through.

Not all passive adapters are the same, though.  I have had to play musical 
chairs with Display Port to DVI adapters, where one works OK with one combo, a 
different one does not or is intermittent.  This may be because DP++ can't 
properly sense an adapter is in use because they have done something with tying 
off the unused signal pins wrong.

In general any old crappy HDMI cable will work on a short 4 foot run.  But, on 
a longer run from say a projector to a PC go to PCH Cables in Hillsboro and 
tell him what you are doing and get the most expensive triple insulated HDMI 
cable you can get.  I had one customer, an engineering firm full of DIYers who 
had gone through THREE 25 foot HDMI cables from their overhead projector to 
their PC and had intermittent problems with all cables and were convinced that 
the projector was messed up, they had also tried 2 different PCs assuming the 
HDMI port on the PC might have been the problem.   I replaced the HDMI cable 
with one of the high quality 25 foot PCH Cables cable and the setup ran 
perfectly.  None of them could believe it and kept looking at the HDMI cables 
they bought and muttering.  I told them just because you spent a lot of money 
on a cable does not mean it's any good.

Very likely a high quality DP to HDMI cable instead of a DP to HDMI adapter 
then HDMI to HDMI cable would fix the issue as well but what I always tell 
people buying monitors is if you are going to use it on a computer with a DP 
port output on a video card, get a monitor with a DP input.

The scuttlebutt I heard was that MPAA extracts a license fee for HDMI which is 
why the computer industry created DP.

I can also tell you that the Raspberry Pi outputs HDMI and if you use an active 
adapter on it (to go to VGA) then it will increase the power draw and if the 
Pis' power supply is marginal it will screw the Pi up.  If you even boot a Pi 
with a monitor connected it turns on the Pis video chip and increases power 
draw so you have to watch that with marginal 5v supplies.

Ted


-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Tuesday, March 21, 2023 7:24 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] New monitor issues [RESOLVED]

On Tue, 21 Mar 2023, Rich Shepard wrote:

> I'll replace the WX-2100 with the RX-550.

Instead, I bought a Radeon RX-850 (four times more memory) and I'll buy a 
high-speed HDMI cable to replace the Amazon Basic one. Never considered that 
HDMI cables had different qualities.

Thanks all,

Rich

Re: [PLUG] New monitor issues

[Ted Mittelstaedt]

I thought the driver is what did the DPMS queries so if those are wrong due to 
some protocol screwup then I think it is likely a driver bug.  And yes it can 
(usually) be overridden by an xorg config file.  It's been a long time since I 
had to screw with any of that stuff but back in the bad old days of crappy 
Chinese compatible ripoff cards and half-baked implementations of video chips 
on motherboards, coupled to whatever cheap crap monitor I could scrounge, I had 
to mess with that xorg config file quite a lot.

This thread is definitely triggering that trauma response, LOL.

Is by any chance a video adapter like a hdmi-to-display port or dvi cable in 
use here that might be interfering with the autodetection stuff?  Are we going 
DiplayPort to DisplayPort or HDMI to HDMI or something else?

Ted

-Original Message-
From: PLUG  On Behalf Of King Beowulf
Sent: Monday, March 20, 2023 4:26 PM
To: plug@pdxlinux.org
Subject: Re: [PLUG] New monitor issues

On 3/20/23 14:49, Rich Shepard wrote:
> The video card is an AMD Radeon Pro WX-2100. The amdgpu module is insalled.
> I don't know whether the installed amdgpu (which worked with the AMD 
> Radeon
> RX-550 video card) is compatible with the WX-2100 nor how to learn 
> whether it is.
The WX-2100 is a Polaris 12 GPU. Same GCN series (Volcanic Islands) as your 
RX550 (Polaris 12) and uses the same GPU driver.

The issue is NOT the driver or Xorg, but monitor and GPU EDID and DPMS 
implementation/detection via display port.

Yo may have to craft an xorg conf with correct parameters to override the 
detected ones.

-Ed

Re: [PLUG] New monitor issues

[Ted Mittelstaedt]

There's supposed to be a list somewhere on the xorg website of compatibility 
but I'll admit finding out hard data can be tricky at times.

When x starts it checks for a compatible driver so if the amdgpu driver won't 
work with your card, when X runs it will skip it if it's not and revert to the 
standard driver.  You can see all of this in the x log.

Ted



-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Monday, March 20, 2023 2:50 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] New monitor issues

On Mon, 20 Mar 2023, Ted Mittelstaedt wrote:

> I'm guessing your video card is:
> 08:00.0 VGA compatible controller: Advanced Micro Devices, Inc. 
> [AMD/ATI] Device 6995
>
> So if you don't have the amdgpu driver installed X  defaults to using 
> the default 2D VGA driver with no 3D acceleration
>
> I assume you already checked compatibility and all of that with that driver 
> and your card.

Ted,

The VGA controller is in the motherboard; not a separate ePCI add-on.

The video card is an AMD Radeon Pro WX-2100. The amdgpu module is insalled.
I don't know whether the installed amdgpu (which worked with the AMD Radeon
RX-550 video card) is compatible with the WX-2100 nor how to learn whether it 
is.

I'm joining the xorg mail list.

Thanks,

Rich

Re: [PLUG] New monitor issues

[Ted Mittelstaedt]

I'm guessing your video card is:

08:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] 
Device 6995

So if you don't have the amdgpu driver installed X  defaults to using the 
default 2D VGA driver with no 3D acceleration

I assume you already checked compatibility and all of that with that driver and 
your card.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Monday, March 20, 2023 10:25 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] New monitor issues

On Mon, 20 Mar 2023, Rich Shepard wrote:

> I don't see any video driver here. There must have been one when the 
> Radeon RX-550 was installed. Huh.

I just downloaded AMD's amdgpu-install_22.20.50205-1_all.deb and ran it through 
deb2tgz to produce the Slackware package amdgpu-install_22.20.50205-1_all.txz.

I'll learn how best to upgrade the existing amdgpu module.

Rich

Re: [PLUG] New monitor issues

[Ted Mittelstaedt]

I thought current X queried the monitor and only relied on resolutions and 
frequencies defined in the configuration file
If it could not get usable data from the monitor.  

What is the output of xrandr

There is also this program:
https://gitlab.freedesktop.org/xorg/app/xdpyinfo

Note this isn't an xfce problem.  Read the following:

https://wiki.archlinux.org/title/xorg

what's the output of lspci, what driver are you using?

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Monday, March 20, 2023 7:28 AM
To: plug@pdxlinux.org
Subject: [PLUG] New monitor issues

Yesterday I replaced the video card and monitor. Now there's a Radeon Pro
WX-2100 video card and an Acer SB-220Q monitor.

The video card has a fixed refresh rater of 60Hz. The monitor accepts a refresh 
rate up to 75Hz.

The monitor's highest resolution is 1920x1080 dpi. I set this resolution in 
Xfce4-4.12, but yesterday it kept resetting to the old HP LA1952g's
1280x1024 dpi resolution.

Logging in this morning and starting X the monitor came up in 1920x1080 dpi 
resolution. Great! I thought the issue was resolved. But wait ... when I woke 
the monitor after being away for a half-hour or so, it reverted to
1280x1024 dpi.

I've not seen any activity on the xfce mail list since I first posted this 
issue yesterday. Perhaps someone here has an idea why it won't stay at the set 
resolution.

I also have issues with it not fully blanking when it should suspend or shut 
off and not being able to change the brightness using the button on the bottom 
edge. But, one thing at a time and I'll try again to get a chat response from 
Acer about the brightness issue.

Regards,

Rich

Re: [PLUG] Adjusting brightness on Acer SB-220Q monitor

[Ted Mittelstaedt]

How old is the monitor?  My experience with the flat panels is over time their 
backlight power supplies get squirrely usually the result of failing 
electrolytic caps.   Sounds like yours is borderline.

Ted

-Original Message-
From: PLUG  On Behalf Of Rich Shepard
Sent: Sunday, March 19, 2023 9:48 AM
To: plug@pdxlinux.org
Subject: [PLUG] Adjusting brightness on Acer SB-220Q monitor

I just installed an Acer SB-220Q monitorn and want to decrease the brighness 
(especially on the browser.

The manual says to press the 'Brightness' button and again when the on screen 
display menu appears. Then the two arrow keys are supposed to change the 
brightness level.

But, when I press he left or arrow key, nothing happens. The display disappears.

My attempts at finding a solution on the web failed; all hits are either the 
extended manual or retailers selling this monitor.

Rich

Re: [PLUG] "Ancient" Verizon fiber Re: Verizon towers ...

[Ted Mittelstaedt]

They use a box that has a chip in it where it converts the fax tones from your 
fax machine to some protocol I forget the name of (fax over internet) then when 
that protocol comes out into the PTSN it's converted back to a fax.

Unfortunately your fax machine has to support this protocol.  It's part of all 
newer fax machines.

Ted

-Original Message-
From: PLUG  On Behalf Of Seth Alford
Sent: Tuesday, March 7, 2023 6:38 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] "Ancient" Verizon fiber Re: Verizon towers ...

I can't get Comcast VOIP to handle my HP fax machine. Yes, I occasionally still 
have to send a fax. Does anyone know how Ziply does with a fax machine?

Thanks,

--Seth

On Tue, Mar 7, 2023 at 3:26 PM MC_Sequoia  wrote:

> "Anyway, single-mode fiber seems like a much more efficient, 
> spectrum-thrifty, and "ecological" way to move bits, than towers and 
> microwave-mmwave transmitters and the occasional radar-blinded 
> aircraft."
>
> If only people did what is the most efficient & "ecological".
>
> I've been using the most efficient form of transportation known to 
> humankind for 2 centuries now for over a decade. Nobody cares.
>
> Ain't nobody giving up their cars. Ain't nobody giving up their cell 
> phone. I wish I could have a landline for $10 / mth and a phone that 
> doesn't cost hundreds of dollars and can all to easily be damaged or 
> destroyed.
>
>
>

Re: [PLUG] Venue for next month ...

[Ted Mittelstaedt]

In NYC the LIRR is mostly above ground the subway is below ground, they are 
separate systems.

Some really interesting historical pics here of how the system is built:

https://www.quora.com/Are-the-streets-in-Manhattan-directly-above-the-subways-If-so-how-do-the-streets-not-collapse-with-the-weight-of-the-cars-buildings-etc-since-below-the-street-it-seems-to-be-hollow#:~:text=In%20fact%2C%20there%20are%20blocks,electrical%20tunnels%2C%20and%20homeless%20villages.

I would have preferred the rail system underground as well in Portland but the 
increased cost would have prevented them from reaching Hillsboro and the 
Hillsboro mayor was heavily lobbying for it to get out to there.

The biggest problem with MAX, WES and the rest of those systems is they have 
been effectively obsoleted by the Work From Home trend.

Ironically, the biggest enabler of WFH is Intel since without their chips we 
would not have the infrastructure today for it to exist so that the average Ma 
and Pa Kettle could access it.

Ridership on all mass transit has fallen and is stagnant.  The original dream 
was they would get all of the middle and upper middle class people riding it 
when the
Freeways like I5 and US 26 were overcapacity.  For 4 decades highway policy in 
PDX has been to encourage congestion in order to force people out of cars into 
transportation
Alternatives.

The unexpected side effect though has been to force them out of their cars into 
working from their homes.  This destroyed the congestion needed to execute this 
policy.  It also is killing restaurant and other retail downtown and the city 
people are tearing their hair out over this.

Now the local governments are pursuing a new policy - trying to tax people out 
of their cars with tolling.  But the reality is that the wealthier workers - 
the ones with higher paid skills and who are in most demand - can negotiate and 
force WFH and so over time they will be paying very little in the way of tolls. 
  It will be the poorer less skilled workers who can be forced to go into 
offices who will be paying the bulk of tolling.  And the entire justification 
for tolling is to build new transit infrastructure - which is simply not needed 
today.

I recall in the 1990's literally going 5Mph all the way from Cornelius Pass 
Road to downtown PDX at 5pm at night.  No longer, it's been years since it's 
been like that.

Ted


-Original Message-
From: PLUG  On Behalf Of Tomas Kuchta
Sent: Tuesday, March 7, 2023 11:43 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Venue for next month ...

On Tue, Mar 7, 2023, 13:59 Ted Mittelstaedt  wrote:

> IMHO the problem with that is an excessive number of MAX stations.
>
> When I was in NYC I noticed very few stations downtown on the rail.  
> You got on at penn station then the train flew out to the bouroghs.  
> And that thing moved damn fast.  MAX rail speed is much slower IMHO 
> the result of political decisions of giving a stop to everyone to 
> satisfy people not willing to walk 5 blocks downtown.
> .


Max needs to go underground in the downtown area - only then it can go fast, 
don't stop at junctions and each stop can cover a few blocks with different 
exits.

IMHO - from simply learning/observing how it is done elsewhere

>

Re: [PLUG] Venue for next month ...

[Ted Mittelstaedt]

IMHO the problem with that is an excessive number of MAX stations.

When I was in NYC I noticed very few stations downtown on the rail.  You got on 
at penn station then the train flew out to the bouroghs.  And that thing moved 
damn fast.  MAX rail speed is much slower IMHO the result of political 
decisions of giving a stop to everyone to satisfy people not willing to walk 5 
blocks downtown.

Ted

-Original Message-
From: PLUG  On Behalf Of Vince Winter
Sent: Tuesday, March 7, 2023 7:52 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Venue for next month ...

To chime in on the Hillsboro commute. The max from near PSU to Hillsboro 
airport is hour and ten minutes to hour twenty minutes, depending on 
connections. This is my daily grind of commuting, right now.

On Tue, Mar 7, 2023, 07:27 Ted Mittelstaedt  wrote:

> Retail everywhere has been hard hit by Amazon.  I don't know the 
> answer for this but when a spark plug for my car from OReilly's costs 
> $12 a plug and I can get a box of 4 of the exact same plugs from 
> Amazon for $20 I don't see how you are going to recover it.
>
> Most of the problem with places looking scummy isn't the retail 
> businesses IMHO it's that current tax law and local laws all favor 
> keeping retail space intact even when it would be better to demolish it and 
> put in
> housing.   We need housing badly we need more retail space like a hole in
> the head.  If we didn't have an oversupply of retail space that gun 
> shop couldn't afford the stripmall space and wouldn't be there.
>
> Ted
>
> -Original Message-
> From: PLUG  On Behalf Of Ben Koenig
> Sent: Tuesday, March 7, 2023 6:57 AM
> To: Portland Linux/Unix Group 
> Subject: Re: [PLUG] Venue for next month ...
>
> Sidewalks are apparently not a thing in Hillsboro. For all the talk 
> about big tech in Hillsboro the actual center of the city has yet to 
> re-discover ancient Roman technology.
>
> Last time I was actually down there the whole area closed up because 
> someone made a run for it during a murder trial. Last 2 MAX stations 
> were closed and the entire area was on lockdown. TBH  Hillsboro is 
> like a white ghetto... people say great things but when you actually 
> go there it's nothing but dingy SMBs and semi-homeless dudes looking for an 
> opportunity.
> The whole place is spooky.
>
> I've learned recently that the "Hillsboro experience" is not uniform.
> People love to mention all the tech companies out here but there are 
> places where you can look behind the curtain and see a completely different 
> world.
> Kinda like at the Olympics where they built that wall to hide the 
> actual China from everyone. LOL
>
> That giant Salesforce building always makes me laugh. It's right 
> across from a dingy strip mall that has a church AND a gun store. That 
> street is like Corporate America, God 'n Guns, and Woke culture 
> staring each other down in a good 'ol Mexican Standoff.
> -Ben
>
>
> --- Original Message ---
> On Monday, March 6th, 2023 at 5:21 PM, Ted Mittelstaedt < 
> t...@portlandia-it.com> wrote:
>
>
> > There's lots of places afterwards near Hawthorne Farms. But like any 
> > suburban place they expect you to be driving cars to get to them. 
> > Mass Transit is sort of a novelty out there. It's kind of like the 
> > token green thing they drag out and show people to prove they care 
> > about the environment. LOL (disclaimer I grew up a few miles from 
> > there)
> >
> > Ted
> >
> > -Original Message-
> > From: PLUG plug-boun...@pdxlinux.org On Behalf Of Keith Lofstrom
> >
> > Sent: Monday, March 6, 2023 2:52 PM
> > To: Portland Linux/Unix Group plug@pdxlinux.org
> >
> > Subject: Re: [PLUG] Venue for next month ...
> >
> > On Sun, Mar 05, 2023 at 01:54:29PM -0800, Michael Ewan wrote:
> >
> > > If you can find a member at Intel or a sponsor there, the 
> > > auditoriums are free to use and are outside the security area. The 
> > > Hawthorne Farms site is ideal since it is on the MAX line. Of 
> > > course that implies people will want to travel to Hillsboro.
> >
> >
> > I've attended many IEEE meetings at Intel Hawthorne Farms.
> > The Max Blue Line stop is a 7 minute walk south of HF3.
> > A meeting at Intel might attract some interesting speakers and
> attendees. Not much nearby for afters.
> >
> > But then, I live in Beaverton, and I've noticed that many 
> > Portlanders
> encounter an invisible force barrier west of Washington Park, perhaps 
> the same force barrier that I encounter near Vancouver and Gresham and 
> Gladstone.
> >
> > Keith
> >
> > --
> > Keith Lofstrom kei...@keithl.com
>

Re: [PLUG] Venue for next month ...

[Ted Mittelstaedt]

Retail everywhere has been hard hit by Amazon.  I don't know the answer for 
this but when a spark plug for my car from OReilly's costs $12 a plug and I can 
get a box of 4 of the exact same plugs from Amazon for $20 I don't see how you 
are going to recover it.

Most of the problem with places looking scummy isn't the retail businesses IMHO 
it's that current tax law and local laws all favor keeping retail space intact 
even when it would be better to demolish it and put in housing.   We need 
housing badly we need more retail space like a hole in the head.  If we didn't 
have an oversupply of retail space that gun shop couldn't afford the stripmall 
space and wouldn't be there.

Ted 

-Original Message-
From: PLUG  On Behalf Of Ben Koenig
Sent: Tuesday, March 7, 2023 6:57 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Venue for next month ...

Sidewalks are apparently not a thing in Hillsboro. For all the talk about big 
tech in Hillsboro the actual center of the city has yet to re-discover ancient 
Roman technology.

Last time I was actually down there the whole area closed up because someone 
made a run for it during a murder trial. Last 2 MAX stations were closed and 
the entire area was on lockdown. TBH  Hillsboro is like a white ghetto... 
people say great things but when you actually go there it's nothing but dingy 
SMBs and semi-homeless dudes looking for an opportunity. The whole place is 
spooky.

I've learned recently that the "Hillsboro experience" is not uniform. People 
love to mention all the tech companies out here but there are places where you 
can look behind the curtain and see a completely different world. Kinda like at 
the Olympics where they built that wall to hide the actual China from everyone. 
LOL

That giant Salesforce building always makes me laugh. It's right across from a 
dingy strip mall that has a church AND a gun store. That street is like 
Corporate America, God 'n Guns, and Woke culture staring each other down in a 
good 'ol Mexican Standoff. 
-Ben


--- Original Message ---
On Monday, March 6th, 2023 at 5:21 PM, Ted Mittelstaedt 
 wrote:


> There's lots of places afterwards near Hawthorne Farms. But like any 
> suburban place they expect you to be driving cars to get to them. Mass 
> Transit is sort of a novelty out there. It's kind of like the token 
> green thing they drag out and show people to prove they care about the 
> environment. LOL (disclaimer I grew up a few miles from there)
> 
> Ted
> 
> -Original Message-
> From: PLUG plug-boun...@pdxlinux.org On Behalf Of Keith Lofstrom
> 
> Sent: Monday, March 6, 2023 2:52 PM
> To: Portland Linux/Unix Group plug@pdxlinux.org
> 
> Subject: Re: [PLUG] Venue for next month ...
> 
> On Sun, Mar 05, 2023 at 01:54:29PM -0800, Michael Ewan wrote:
> 
> > If you can find a member at Intel or a sponsor there, the 
> > auditoriums are free to use and are outside the security area. The 
> > Hawthorne Farms site is ideal since it is on the MAX line. Of course 
> > that implies people will want to travel to Hillsboro.
> 
> 
> I've attended many IEEE meetings at Intel Hawthorne Farms.
> The Max Blue Line stop is a 7 minute walk south of HF3.
> A meeting at Intel might attract some interesting speakers and attendees. Not 
> much nearby for afters.
> 
> But then, I live in Beaverton, and I've noticed that many Portlanders 
> encounter an invisible force barrier west of Washington Park, perhaps the 
> same force barrier that I encounter near Vancouver and Gresham and Gladstone.
> 
> Keith
> 
> --
> Keith Lofstrom kei...@keithl.com

Re: [PLUG] Verizon towers for internet ... 20 miles, really?

[Ted Mittelstaedt]

Verizon pay's a "spiff" to anyone bringing them a customer so yes, people can 
build a business out of selling telephone or Internet or cable service.  In 
past years the spiffs from phone companies were a lot higher but if someone 
wanted to make "beer money" going from door to door, there's still an 
opportunity to do it this way.

(Most likely the door to door salesguy could have made more money offering to 
mow lawns LOL)

Ted

-Original Message-
From: PLUG  On Behalf Of Ben Koenig
Sent: Tuesday, March 7, 2023 6:29 AM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Verizon towers for internet ... 20 miles, really?

The sales pitch was dubious the moment someone mentioned it came from Verizon's 
door-to-door salesperson. 

I didn't even know Verizon would show up in person to advertise their service 
and TBH, there's a possibility that they don't
-Ben

Re: [PLUG] Verizon towers for internet

[Ted Mittelstaedt]

We have tried that repeatedly, with Google Fiber and Clear and others and it 
has failed repeatedly.  I don't think you are going to ever see it for the 
following reasons:

1) The large data consumer apps are watching TV over the Internet.  Back in 
"the olden days" when you bought "cable tv" service it was still data on the 
back end.  Now it's data all the way to the customer and they are watching TV 
on smart tv's and web browsers.  So the content providers who want the best 
experience for their customers have to put media servers close to the 
customers.   The major content providers - the movie studios - Disney, 
Paramount, and so on - are busy killing off Hulu and Netflix and the other 2nd 
raters who thought they could build a business model out of brokering content 
they didn't create.  Those studios are fine with putting media servers at the 
major ISPs like Comcast, Century Link/Lumen, and so on because those companies 
have tons of subscribers.  But they won't put media servers at small ISP's thus 
leading to a poor experience watching TV on a small ISP

2) The largest ISPs avoid having to buy Internet connectivity themselves by 
selling Internet connectivity on their network via peering agreements.   So for 
example Verizon has a fiber circuit from PDX to LAX and Lumen has a fiber 
circuit from PDX to LAX and they both agree to pay each other no money but 
instead share each other's circuits and thus get access to each other's 
customers.  In reality peering agreements are a lot more complex but you get 
the idea.  The large ISPs only have to pay for the actual cost of maintaining 
the fiber they don't have to pay the marked-up cost of buying a running circuit 
from someone else.

3) The FTC long ago made the decision that land line and cellular providers are 
selling the same thing (they are not but the FTC is run by old white guys who 
thing Internet is a misspelling of what Skippy sells in jars) and so all you 
need is a monopoly telephone company in one area and a cellular company and 
immediately the Sherman Anti-trust act no longer applies.  Some people more 
cynical than I might assume that this has something to do with the government 
trying to move the cost of providing rural Internet service (which is a 
money-loser) on to the city folks instead of just asking the city folks if you 
want to pay taxes to fund rural Internet expansion, and furthermore it's just 
another example of the increased voting power of the rural folk being able to 
pull the pants down once more on the city dwellers but we won't talk about 
that, LOL

The ISP market is much like the soft drink market.  Market forces serve to keep 
Coke and Pepsi selling 90% of the sugar water that people drink.

Ted

-Original Message-
From: PLUG  On Behalf Of MC_Sequoia
Sent: Monday, March 6, 2023 7:23 PM
To: Portland Linux/Unix Group 
Cc: General Linux/UNIX discussion and help, civil and on-topic 

Subject: Re: [PLUG] Verizon towers for internet


IMHO, there needs to be much more internet service competition. Ideally not 
between 2 giant corporations/monopolies. 

Re: [PLUG] Verizon towers for internet ... 20 miles, really?

[Ted Mittelstaedt]

Actually what is happening more and more (especially in other countries) is 
"micro cells"

Verizon for example has these micro cell stations.  They don't really advertise 
them but they sell them.  You can buy one
And plug it into your cable or other land line and it pumps out cell signal at 
the max 1/4 watt FCC unlicensed rate which is enough to reach around 3-4 houses 
away in the city.

You will get absolutely guaranteed cell coverage.  As will your neighbors.

A slightly higher power version of that is probably perched somewhere on one of 
your neighborhood telephone poles.
 
What the carriers have found is you get too many idiots going on and on about 
being "radiated to death by that big cell tower" in the city so they are more 
and more avoiding siting fewer big large high cell towers, instead siting more 
smaller cell towers.   They want you to get evenly baked, LOL.

Ted

-Original Message-
From: PLUG  On Behalf Of Keith Lofstrom
Sent: Monday, March 6, 2023 10:37 PM
To: Denis Heidtmann 
Cc: General Linux/UNIX discussion and help, civil and on-topic 

Subject: Re: [PLUG] Verizon towers for internet ... 20 miles, really?


In the REAL world, Cell service works by dividing a region into patches.  As 
customers become denser, larger patches are carved into many smaller patches 
with LESS power per transmitter per patch, because (inverse square!) the data 
beams need not reach as far.  


Keith

-- 
Keith Lofstrom  kei...@keithl.com

Re: [PLUG] Verizon towers for internet

[Ted Mittelstaedt]

Any carrier is going to say that in their contract fine print, it's like the 
55Mph speed limit.  Nobody expects to be pulled over at 56Mph but they have 
found it useful to define a limit so that when they pull you over at 80Mph 
people don't argue with them.

The MVNO's define an arbitrary limit like 50GB so that when they have a user 
trying to pull 5TB data a month they can curtail them down and when the user 
starts screaming "unlimited" that they have some legalese to point to and tell 
them to pound sand.  You have to actually USE the service to see what their 
actual data cap is.  But Verizon is going to do this also, they will just have 
different contract language like "best effort delivery" and if you go into 
their high users they will start screwing with your connection to encourage you 
to go away or cut back.

There's plenty of sites out there that discuss this.  I don't know if 
dslreports.com is still going but that was the big one when I was administering 
an ISP

Trust me there is NO SUCH THING as true "unlimited data" from an Internet 
Service Provider on a broadband connection.

I DON'T use a cell plan for my primary Internet connection so that is why I use 
the cheapest tier capped service on my cell.  I don't need any higher data than 
that on my cell because I don't use tethering as my primary Internet 
connection, so cost savings on the phone is more important than high data 
amounts.

The main point I have tried to make is that you can save money by understanding 
how these data services work and matching the service you buy with your needs.

The Consumer Cellular plans are all geared to older people, they sell a LOT of 
flip phones for example but I can tell you from experience if you call their 
tech support you usually get an immediate answer from a tech who actually knows 
his ass from a hole in the ground.  They also advertise heavily in AARP and 
places like that.  So you have a service that's geared to older people's needs. 
 Older people usually don't have high data needs, but have high hand-holding 
and support costs and you have to spend a lot of money marketing and 
advertising to them.  And usually they don't have a lot of money.  So, that 
MVNO is designed to make money that way, they spend a lot of money on soft 
costs like support labor and advertising and less on data.

For a techy person who just wants a lot of data at cheaper prices, you go for 
some MVNO that spends less on advertising that nobody has heard of and there's 
no phone support worth having from them it's all online chatting and email. 
They spend more on data than CC does and their REAL caps are higher.

If you are going to eschew land lines and you need to pull a lot of data over 
mobile then possibly Verizon or ATT with their higher costs and "family plans" 
might be better than an MVNO.  They run a network of stores so if your ONLY 
internet connection is via a phone or over their cell network then you can run 
into one of their stores when you dunk your phone in the toilet by accident and 
slap down your money and get a replacement immediately instead of calling 
someone and waiting a week for a new phone in the mail. 

My daughter is 150 miles away at college, she is a full time student and makes 
no money, I have to pay for her cell phone.  If she breaks her phone she can't 
be waiting 2 weeks for me to mess around getting her a replacement I have to be 
able to tell her to walk into the Verizon store and slap down her broken phone 
and walk out with a working phone.  That's why her phone is NOT on my Comcast 
account at $17 a month it's a $50 a month Verizon account.  She uses less data 
and voice than I do.  So I am paying for that dude standing in the Verizon 
store handing out sim cards all day not for her data, you see, and if she is 
responsible enough not to break her phone I may NEVER make use of the money I'm 
paying him. 

Ted

-Original Message-
From: PLUG  On Behalf Of Russell Senior
Sent: Monday, March 6, 2023 6:00 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Verizon towers for internet
Ted Mittelstaedt  writes:

> Consumer Cellular is $20 a month with 1GB $50 a month unlimited.

>From https://www.consumercellular.com/shopping/choose/plan:

"On unlimited data plans, access to high speed data may be reduced after 50GB 
of use, and you may experience slower speeds for the remainder of your billing 
cycle."


--
Russell Senior
russ...@pdxlinux.org

Re: [PLUG] Verizon towers for internet

[Ted Mittelstaedt]

-Original Message-
From: PLUG  On Behalf Of wes
Sent: Monday, March 6, 2023 5:37 PM
To: Portland Linux/Unix Group 
Cc: General Linux/UNIX discussion and help, civil and on-topic 

Subject: Re: [PLUG] Verizon towers for internet


>$17 a month is only achievable as an add-on service to another existing 
>service. I suppose one could find a friend with cable >service and just pay 
>them for the add-on to use for oneself. but this would not work in a vacuum.

Consumer Cellular is $20 a month with 1GB $50 a month unlimited.

And there's other MVNO's out there that are much smaller without all the 
advertising that have bring your own device plans that are cheaper.  The $17 
includes taxes BTW the advertised price is $15.

>yeah, it's great, for a few hours. try that for days or weeks on end (with 
>non-trivial data usage happening) and you will see a >different experience.
>most of the issues I've seen with these stem from the phone (hardware and
>software) rather than the cell portion.

Oh I'm NOT advocating using the cellular network for serious uses.  Far from 
it!  I'm just saying with mobile one is as bad as the other.

>up to a point, this is accurate. but the moment utilization begins to approach 
>capacity, the first people to be de-prioritized >will be the non-native users.

The only time that happens is during major events - storms and such.  And the 
native users also get screwed over, too

Anyone try making a cell call during the last snowstorm last week?

Ted
-wes

Re: [PLUG] Venue for next month ...

[Ted Mittelstaedt]

There's lots of places afterwards near Hawthorne Farms.  But like any suburban 
place they expect you to be driving cars to get to them.  Mass Transit is sort 
of a novelty out there.  It's kind of like the token green thing they drag out 
and show people to prove they care about the environment.  LOL   (disclaimer I 
grew up a few miles from there)

Ted

-Original Message-
From: PLUG  On Behalf Of Keith Lofstrom
Sent: Monday, March 6, 2023 2:52 PM
To: Portland Linux/Unix Group 
Subject: Re: [PLUG] Venue for next month ...

On Sun, Mar 05, 2023 at 01:54:29PM -0800, Michael Ewan wrote:
> If you can find a member at Intel or a sponsor there, the auditoriums 
> are free to use and are outside the security area.  The Hawthorne 
> Farms site is ideal since it is on the MAX line.  Of course that 
> implies people will want to travel to Hillsboro.

I've attended many IEEE meetings at Intel Hawthorne Farms.
The Max Blue Line stop is a 7 minute walk south of HF3. 
A meeting at Intel might attract some interesting speakers and attendees.  Not 
much nearby for afters.

But then, I live in Beaverton, and I've noticed that many Portlanders encounter 
an invisible force barrier west of Washington Park, perhaps the same force 
barrier that I encounter near Vancouver and Gresham and Gladstone.

Keith

-- 
Keith Lofstrom  kei...@keithl.com

Re: [PLUG] Verizon towers for internet

[Ted Mittelstaedt]

You are not going to get 300Mbt all day long continuously off a cell network.  
It just won't happen.  It's hard enough with landline broadband but at least 
they know what's going on and can manage it some.  With mobile you can have a 
heavy user move into the cell you are on and move out and that will impact your 
bandwidth.

My Comcast Business cell plan is $17 a month, this is limited data though 
unlimited calling and text.  2GB I think. I've never exceeded it.  Their 
unlimited plans are more expensive of course but not that much.

And I have never been disconnected on data from it.  In fact I've even tethered 
a laptop to my S9 and driven from Hillsboro to PDX with the lappy on and logged 
in over a VPN.  Probably passed through a dozen cell boundaries never been 
disconnected on data.

They use Verizon as a backbone.  Their residential cell stuff is sold under 
Xfinity of course.

You are free to pay a lot of money for cellular service if you want.  But if 
you research what an MVNO is and how modern cell networks work you can save a 
ton of money.  They all use the same towers and the reliability is exactly the 
same from the same tower.  It's all branding nowadays.

These router-only devices from Verizon use the EXACT same cellular network and 
backbone my cell phone does.   You just pay a lot more money for a neutered 
cell phone that has voice and texting cut off of it.  And a pretty plastic box 
with feet on it and a power cord instead of a cell charger.

What people often don't realize with MVNOs is they sometimes will change 
carriers.  Consumer Cellular for example switched from TMobile's towers to 
ATT's towers.  So a lot of CC phones out at the coast slowly started losing 
reliability, signal, etc.  Replacing the sim with a new one fixes that.  You 
just had to call CC for one.   The same issue happened with Verizon a few years 
ago as well and they aren't an MVNO they just contracted with different towers.

Ted


-Original Message-
From: PLUG  On Behalf Of wes
Sent: Monday, March 6, 2023 4:51 PM
To: Portland Linux/Unix Group 
Cc: General Linux/UNIX discussion and help, civil and on-topic 

Subject: Re: [PLUG] Verizon towers for internet

On Mon, Mar 6, 2023 at 4:23 PM Ted Mittelstaedt 
wrote:

> It works but of course it's very easy to go over 300Mbt and then they 
> charge overage fees which can be quite high
>

the 300mb refers to a service speed, not a transfer limit. there may well be a 
transfer limit, but it will be at least somewhat reasonable.


> I always ask people doing this why don' t you just get an unlimited 
> data cell plan and tether to your phone.
>

this can work, but even for fairly tech savvy people, this often results in a 
fairly low reliability connection. phones will take any opportunity to drop 
connections and don't re-establish automatically. additionally, this is usually 
more expensive than a data-only plan.

-wes

Re: [PLUG] Verizon towers for internet

[Ted Mittelstaedt]

It works but of course it's very easy to go over 300Mbt and then they charge 
overage fees which can be quite high

At the end of the 30 days ask them the price of an unlimited account.

I always ask people doing this why don' t you just get an unlimited data cell 
plan and tether to your phone.

If you need ethernet then setup dd-wrt with an Atheros-based chipset device in 
client bridged mode.

Then not only do you have data but you have texting and a telephone number.

Ted

-Original Message-
From: PLUG  On Behalf Of Denis Heidtmann
Sent: Monday, March 6, 2023 4:19 PM
To: General Linux/UNIX discussion and help, civil and on-topic 

Subject: [PLUG] Verizon towers for internet

I received a door-to-door sales pitch from Verizon. They claim they have 
wireless towers to service about a 20 mile radius  per tower. Subscribers would 
have a receiver which is basically a router, wireless out.  The claim is 300Mb 
(MB?) down and up speeds. $50/mo. No other fees. 30 day free trial.  I signed 
up, but I wonder how reliable it will be.  Any information any of you have or 
come across will be welcome. I have ~28 days to send it back, no fee. I have 
yet to study the contract details.

Thanks,
-Denis