[GTALUG] Linux 4.19-rc4 released, an apology, and a maintainership note

[Dhaval Giani via talk]

https://lwn.net/Articles/764901/

...

To tie this all back to the actual 4.19-rc4 release (no, really, this
> _is_ related!) I actually think that 4.19 is looking fairly good,
> things have gotten to the "calm" period of the release cycle, and I've
> talked to Greg to ask him if he'd mind finishing up 4.19 for me, so
> that I can take a break, and try to at least fix my own behavior.

...

Jono Bacon's comments on it,

https://www.jonobacon.com/2018/09/16/linus-his-apology-and-why-we-should-support-him/



Another interesting article that I read over the past few days was a Python
keynote talk,
https://snarky.ca/setting-expectations-for-open-source-participation/



On a more personal note, I have seen "hostile" behavior on many mailing
lists, which has led me from withdrawing from participating on them.

We tend to attack developers without thinking of the impact on them.

This list is an example of attacks on systemd. While Lennart doesn't read
this list personally, I do know of the impact systemd criticism has had on
him. He has shared recordings of death threats because of systemd. I think,
we can all agree that, systemd, or pulseaudio did not make linux worse, at
least enough to justify death threats.

They haven't even made it bad enough to justify the constant attacks on the
software.

Remember, if you have a better idea, you have the _freedom_ to implement
it. You, however, do not have the freedom to expect them to drop what they
want to do, to fix your problems, and when they don't want to, be subject
to attacks from you.



I do hope, Linus taking some time off will make things better for him, and
by extension Linux.

Dhaval
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] [u-u] Suggestions for stopping occasional spurious use of commercial wi-fi

[UU via talk]

On Sun, 16 Sep 2018, David Collier-Brown wrote:

|I have a Rogers-supplied router and cable modem package, which twice has shown
|significant usage when I was out, once with the original unit and once with
|their replacement Cisco.  That makes me suspicious of the current state of
|authentication for wi-fi schemes (and I use the term "schemes" advisedly: they
|used to horribly leaky (;-))
|
|What's a good approach? I have considered
|
| * MAC address lists,
| * no wi-fi (strictly wired doesn't work with solid concrete walls),
| * a second router with a more secure protocol (/is/ there such a
|   protocol? And will my wife's Mac speak it?))
| * something I haven't thought of


!. yes, allow only designated MAC addresses
2. change SSID & don't broadcast it
2. consider LoRa as a possible adjunct/replacement
   https://en.wikipedia.org/wiki/LoRa


O . Bruce BeckerToronto, Ontario+1 416 410 0879
  o  _///_ //   Email: b...@0123456789-abcdefghijklmnopqrstuvw.xyz
   <`)=  _<

[GTALUG] Attacks on MAC address lists (was: suggestions for stopping occasional spurious use of commercial wi-fi)

[David Collier-Brown via talk]

On 2018-09-16 1:45 p.m., David Collier-Brown via talk wrote:

I have a Rogers-supplied router and cable modem package, which twice 
has shown significant usage when I was out, once with the original 
unit and once with their replacement Cisco.  That makes me suspicious 
of the current state of authentication for wi-fi schemes (and I use 
the term "schemes" advisedly: they used to horribly leaky (;-))


What's a good approach? I have considered

  * MAC address lists,
  * no wi-fi (strictly wired doesn't work with solid concrete walls),
  * a second router with a more secure protocol (/is/ there such a
protocol? And will my wife's Mac speak it?))
  * something I haven't thought of

--dave

I've set up MAC address lists, after a surprising number of reboots to 
unwedge the router  (did I even mention I hate flaky PC-style software?).


How can my hacker avoid them? Wait until my wife's Mac drops off-line 
and steal her MAC?


--dave

--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
dav...@spamcop.net   |  -- Mark Twain

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[James Knott via talk]

On 09/16/2018 02:42 PM, Don Tai wrote:
> I am assuming that on the Rogers router you are already using WPA2 and
> that someone has cracked it using a tool like AirCrack-NG (Kali dist
> or download). Physical barriers to limit signal strength will not
> alone protect you. There are numerous tutorials out there on how to
> use Aircrack-NG.

You can't assume people use a decent password.  That's why I suggested
www.grc.com.

BTW, I am currently rereading "The Cuckoo's Egg", by Clifford Stoll.  I
first read it almost 30 years ago, when I was a computer tech
maintaining VAX 11/780 computers, among others.  It's a good read that
describes attacks on a computer and what was done to track down the
attacker.  IIRC, the VAX's had a default account "admin" and password
"password", which often wasn't changed.  So, even with the big systems,
security wasn't always the greatest.  Back in those days, it wasn't all
that hard to walk in from Front St., past the security desk, hop on the
elevator and walk into the data centre.  My wife did that on occasion,
to meet me.  IIRC, there weren't even locks on the data centre doors
until the first Gulf war.

https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[James Knott via talk]

On 09/16/2018 03:33 PM, Kevin Cozens via talk wrote:
> On 2018-09-16 02:57 PM, James Knott via talk wrote:
>> Will WPA be cracked in the future ?
>>
>> It's extremely unlikely that WPA will be cracked just like WEP was.
>
> A method of cracking WPA systems that use the Temporal Key Integrity
> Protocol (TKIP) algorithm was found in 2009. It was reported that the
> attack does not work on WPA systems using Advanced Encryption Standard
> (AES) algorithm, or WPA2 devices. However, WPA2 was cracked as of last
> October.
>

Still, it's more effective than relying on properly placing foil.  As I
recall, there's WPA3 in the works, which should be more secure.  Then
again, I suppose they could always set up an RADIUS server.  ;-)


https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#WPA3
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[Kevin Cozens via talk]

On 2018-09-16 02:57 PM, James Knott via talk wrote:

Will WPA be cracked in the future ?

It's extremely unlikely that WPA will be cracked just like WEP was.


A method of cracking WPA systems that use the Temporal Key Integrity 
Protocol (TKIP) algorithm was found in 2009. It was reported that the attack 
does not work on WPA systems using Advanced Encryption Standard (AES) 
algorithm, or WPA2 devices. However, WPA2 was cracked as of last October.


--
Cheers!

Kevin.

http://www.ve3syb.ca/   | "Nerds make the shiny things that
https://www.patreon.com/KevinCozens | distract the mouth-breathers, and
| that's why we're powerful"
Owner of Elecraft K2 #2172  |
#include  | --Chris Hardwick
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

[GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[James Knott via talk]

On 09/16/2018 02:42 PM, Don Tai wrote:
> I am assuming that on the Rogers router you are already using WPA2 and
> that someone has cracked it using a tool like AirCrack-NG (Kali dist
> or download). Physical barriers to limit signal strength will not
> alone protect you. There are numerous tutorials out there on how to
> use Aircrack-NG.

From the FAQ:

"How can I crack a WPA-PSK network ?

You must sniff until a handshake takes place between a wireless client
and the access point. To force the client to reauthenticate, you can
start a deauth attack with aireplay-ng. Also, a good dictionary is
required."

By avoiding passwords found in the dictionary, you're much less
vulnerable.  A random 63 character string does that.  Here's a sample:

>GZcfs^7w\D$JKE8XZJ(bw#.&'(||c>tt@;yt[]gQ$https://www.aircrack-ng.org/doku.php?id=faq
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[Don Tai via talk]

I am assuming that on the Rogers router you are already using WPA2 and that
someone has cracked it using a tool like AirCrack-NG (Kali dist or
download). Physical barriers to limit signal strength will not alone
protect you. There are numerous tutorials out there on how to use
Aircrack-NG.

On Sun, 16 Sep 2018 at 14:36, James Knott via talk  wrote:

> On 09/16/2018 02:32 PM, Don Tai wrote:
> > You can also look into using metal mesh/aluminium foil to limit your
> > router's directionality. For example if you are in an apartment and
> > the router is on the west perimiter, put up some chicken wire blocking
> > access further west. If you are in an apartment with a single floor
> > then reorient your antenna to not transmit your signal higher or lower
> > than your floor. That will further limit access.
> >
>
> WPA2 encryption would be more effective.  Start with a new password.  I
> use the "Perfect Passwords" from www.grc.com to generate 63 random
> characters.
>
>
> ---
> Talk Mailing List
> talk@gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[James Knott via talk]

On 09/16/2018 02:32 PM, Don Tai wrote:
> You can also look into using metal mesh/aluminium foil to limit your
> router's directionality. For example if you are in an apartment and
> the router is on the west perimiter, put up some chicken wire blocking
> access further west. If you are in an apartment with a single floor
> then reorient your antenna to not transmit your signal higher or lower
> than your floor. That will further limit access.
>

WPA2 encryption would be more effective.  Start with a new password.  I
use the "Perfect Passwords" from www.grc.com to generate 63 random
characters.


---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[Don Tai via talk]

I daisy chain in my own router, then MAC address filtering. Turn off wifi
on the Rogers router. If you are not home during the day you can possibly
programmatically turn off wifi. The MAC address filtering is a bit of work
to maintain, as you need all device MAC addresses, but I've gotten used to
it.

You can also look into using metal mesh/aluminium foil to limit your
router's directionality. For example if you are in an apartment and the
router is on the west perimiter, put up some chicken wire blocking access
further west. If you are in an apartment with a single floor then reorient
your antenna to not transmit your signal higher or lower than your floor.
That will further limit access.

Don

On Sun, 16 Sep 2018 at 13:50, James Knott via talk  wrote:

> On 09/16/2018 01:45 PM, David Collier-Brown via talk wrote:
> >
> > What's a good approach? I have considered
> >
>
> Many people use separate routers, as they're not happy with the Rogers
> hardware.  I run pfSense on a refurb computer.  All you have to do is
> put the modem in bridge mode and connect your router.  Also, you may
> want to get something other than a Cisco modem.  Rogers doesn't support
> IPv6 on them.  I have a Hitron modem in bridge mode.
>
> BTW, when I switched from Cisco to Hitron, I wound up with a significant
> price decrease for my Internet/TV/Home phone service.
>
> ---
> Talk Mailing List
> talk@gtalug.org
> https://gtalug.org/mailman/listinfo/talk
>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[James Knott via talk]

On 09/16/2018 01:45 PM, David Collier-Brown via talk wrote:
>
> What's a good approach? I have considered
>

Many people use separate routers, as they're not happy with the Rogers
hardware.  I run pfSense on a refurb computer.  All you have to do is
put the modem in bridge mode and connect your router.  Also, you may
want to get something other than a Cisco modem.  Rogers doesn't support
IPv6 on them.  I have a Hitron modem in bridge mode.

BTW, when I switched from Cisco to Hitron, I wound up with a significant
price decrease for my Internet/TV/Home phone service.

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Online Course for Lex/Yacc?

[D. Hugh Redelmeier via talk]

Ater advising against YACC, I thought I should promote it a bit.

YACC uses a formal declarative system for specifying a language
grammar (Backus-Naur Form).  This has a number of nice features:

- BNF is very well described and extensively used in the literature

- it was invented to describe the programming language Algol 60.
  That document is one of the classics of computer science
  and is still a must-read.  Here's a copy:


- many bastardizations of BNF have been used.  The real thing is better
  than most of its successors.

- a BNF grammar is a context-free grammar (Chomsky's term.  Yes, that
  Noam Chomsky)

- if a grammar is ambiguous, YACC will tell you.  Not at runtime but
  at table-building time.  This is really really useful because it is
  very easy to inadvertently create an ambiguous grammar -- generally
  a Bad Thing.  Informal recursive descent parsers never detect such
  problems.

  This feature is especially useful for those still learning about
  language design.

- YACC has features to resolve ambiguities.  They are short-cuts that
  cloud the issues and I think that they are a Bad Thing.

- an LR(k) grammar (invented by Knuth before LALR) means that a
  deterministic Left to Right single-pass parser (i.e. one without any
  backtracking) can "recognize" the language with only a k-symbol
  look-ahead.  LALR(k) is a subset of LR(k) for which it is known how
  to generate an efficient parser.  In practical terms, k should be 1.

- when given a choice between a declarative and a procedural model,
  always at least consider declarative.  Declarative is much easier to
  reason about as the system gets even a little complicated.

One learns a lot about language design by writing a BNF grammar and
debugging it through YACC.

lex is based on some theory (Chomsky Type 0 (Regular) languages) but
is more ad hoc.
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

[GTALUG] Suggestions for stopping occasional spurious use of commercial wi-fi

[David Collier-Brown via talk]

I have a Rogers-supplied router and cable modem package, which twice has 
shown significant usage when I was out, once with the original unit and 
once with their replacement Cisco.  That makes me suspicious of the 
current state of authentication for wi-fi schemes (and I use the term 
"schemes" advisedly: they used to horribly leaky (;-))


What's a good approach? I have considered

 * MAC address lists,
 * no wi-fi (strictly wired doesn't work with solid concrete walls),
 * a second router with a more secure protocol (/is/ there such a
   protocol? And will my wife's Mac speak it?))
 * something I haven't thought of

--dave

[The usage never runs me over my limit: I think someone is using me for 
downloads that might put /them/ over their limit]


--
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
dav...@spamcop.net   |  -- Mark Twain

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Boot setup issues

[o1bigtenor via talk]

On Sun, Sep 16, 2018 at 12:10 AM, D. Hugh Redelmeier via talk
 wrote:
> | From: o1bigtenor via talk 
>
> Note: I am only an amateur sysadmin.

And I am not even that good - - - grin but i'se a learning that too!
>
> | One of my linux mentors, who calls himself a linux dinosaur (started on
> | a System V on a pc)
>
> Picky picky: System V isn't Linux.  It's UNIX.

Ja ja - - - got it. but it were unix before linux, although today one
might wonder
listening to some.
>
> I first used UNIX seriously with 4th or 5th Edition in 1975.  But I
> first became strongly interested in 1974 from reading "The UNIX
> Time-Sharing System" in the Communications of the ACM.
>
> I think that a number of GTALUG folks used Linux before I did.  I
> switched my desktop from Solaris on SPARC to Linux about 1997 (I
> played with Linux before that).
>
> | even advocates for a separate partition for /var/log
> | to forestall any software issues choking off disk usage.
>
> Good point.  What causes disk-full events for you?  If you can isolate
> them to separate filesystems, that's good.

Well - - - its one thing I haven't done yet. Haven't been bit by it yet either.
Likely would do after the first instance - - - grin.
>
> Here are the ones that have hit me:
>
> - too many log messages (/var/log).  That can easily be cured by
>   log system settings.

As I'm finding log message useful (strange for someone with a background
primarily as a 'user') I think I would rather have more here than less although
some of the messages are quite - - - -carefully now - - - useless (when there
are a few thousand lines exactly the same in a row) but none the less I would
rather enhance than truncate this function.
>
> - too much email (/var/spool)

Today I get maybe 30 to 75 emails. I remember a time when I could get over
a thousand. Today I would be quite a bit more into the deleting than I was
then too.
>
> - too many saved update packages (due to a PackageKit / dnf bug)
>   (/var/cache)
>
> - too many packages installed (/)
>
> - too many core dumps (/var/spool/abrt)
>   A firefox dump usually takes 4GiB or so on my system.
>
> HDDs are so big and cheap these days that the simplest solution is to
> wildly over-allocate for each partition.
>
> Unfortunately, SSDs are so much faster that you ought to use them and
> their capacity costs more.  I use both.  I haven't bothered to put any
> problematic directories on the HDD.
>
> |  One of my frustrations with linux has
> | been that it can be very difficult to find clear understandable information
> | on many parts of the system. Much of the documentation seems to be
> | written for someone who is well versed in things and is looking for a clue
> | or a reminder on 'how things work'.
>
> There are other challenges
>
> - Linux is very large.  Mostly things get added and very little gets
>   deleted.
>   (When I first used UNIX, the largest RAM was 256KiB.  It ran
>   off a disk that was 2.5MB.  You can bet is was simpler.)

In comparison to the dominant desktop I don't think that's true but I
do know that the economy of code AND logic that was used in coding
back then is in quite a different universe than the present iterations.
>
> - Documentation gets out of date.

One of the things that I have been finding very often - - - even with this
present search for answers. There is a lot of information out there that is
wildly out of date but there isn't even a date on the document to alert one
to its fossilization. I have taken to dating all of my documents for myself
to try and reduce the issue. Very seldom does information from the major
players get marked with a date. It is only with some experience that this
outdated stuff can be recognized. Finding information for current system
thinking is often almost impossible. (Coders hate documenting!)
Even more challenging is the all to common attitude that the newest is
the best stuff. I want stuff that works - - - not stuff that has not
been thrashed
so its flaws aren't known. For business use something that works is far more
important than stuff that is the newest (with huge bling).
>
> - Linux is very general-purpose.  How you should set it up depends on
>   many things.  Consider the difference between Linux embedded in a
>   home router and Linux running a supercomputer.  (Most routers,
>   smartphones, tablets, supercomputers, websites, cloud systems, etc.
>   run Linux.)
>
> - each distro is a different.  Each installation can be different.

Even more challenging is that Linux appears to be tweaked for those where
the tweaking and working under the hood IS the object of the OS. There
doesn't seem to be that much that is just for the USE. There are mountains
of things that are cool from a developers point of view but for a 'users' - - -
well - - - its all to often not much use. IMO far too often change is done for
change's sake. Another issue is that there is a lot of behind the scenes
activity that is quite antithetical to the visible. It feels  a lot
like 

Re: [GTALUG] Online Course for Lex/Yacc?

[ac via talk]

On Sun, 16 Sep 2018 01:40:23 -0400 (EDT)
"D. Hugh Redelmeier via talk"  wrote:
> | From: William Park via talk 
> | Every now and then, I come across situation where an ideal solution
> | would have been a custom parser/interpreter, either to parse data
> format | or to write my own sets of commands.  In each case, I don't
> know enough | to write it (I'm not Comp Sci) or don't have time.  So,
> I end up | resorting to shell, awk, python, etc.
> | Now, I want to take some course on Lex/Yacc, finally!
> | What online course do you recommend?
>
> I've never used online courses.  Certainly not about this stuff.  So I
> cannot answer your question directly.
> 
ditto/dictus

> What is it that you hope to learn?
> - theory?
> - practical use of these specific tools?
> - for what problems are these tools a good choice?
> What languages are you comfortable using to program?  I ask because
> many languages have provided tools or libraries that might fully or 
> partially address your needs.
> 
imho, this is the crux - define the requirement properly and then
evaluate what tool(s) needs using. personally I have found that it is
sometimes more efficient to learn a new language if the advantage(s)
such as libraries, existing code(base) and multiple other factors
enables efficient and early production ready deliverable(s)
I try to avoid feelings, politics and opinions and focus on the
Joe Friday (Dragnet) of it all - which is how (and why) I ended up
learning Pascal even though C would have been many times better, for
me, to use at the time :)

> TL;DR: from here on is a long discussion of my experiences with tools
> like these.
> 
the below is cool and detailed, if not somewhat jaded in places :)

> I don't have the habit of using lex.  I write my own lexers in C.  Not
> recommended: C is an unforgiving and unhelpful language.  But I've
> done that for 40+ years.  (And mostly in assembly languages for the
> decade before that.)  I can do it in my sleep.
> 
> I think lexing is pretty easy.  But maybe that's because I've already
> thought about most of the choices that need to be made.  Perhaps lex
> provides a less experienced programmers a framework that guides some
> choices.
> 
> I don't have the habit of using yacc.  yacc is a parser generator for
> LALR grammars.  The construction of LALR parsers was first described
> in DeRemer's PhD thesis.  But the first implementation was by Wilf
> LaLonde at U of T.  For some reason that I don't remember, LaLonde
> moved for a bit to Waterloo and I (an undergrad) found his generator
> on the Waterloo computer (but no documentation).  I played with it,
> reverse engineered how the generated tables worked, and started using
> it.  So I was one of the first to use such a gizmo.
> 
> It was intoxicating.  I invented more and more complicated language
> constructs because the complexity cost me almost nothing.  My
> particular project was to design a high-level assembler for the
> PDP-11: think PL/360 (Niclaus Wirth's high-level assembler for the
> IBM System/360).
> 
> I now think that this is a mistake.  Parsing is not the hardest
> problem in writing compilers.  A hand-rolled recursive descent
> parser is fairly easy and allows for clearer diagnostics (diagnostics
> are important!).  But I did learn a lot.
> 
> Complex language syntax is a burden on the user. Languages that
> didn't learn that lesson include C++, Algol 68, PL/I.
> 
> In the Libreswan project, Pluto includes a simple hand-rolled lexer
> and parser for a kind of config file.  I wrote that.  After I left the
> project, someone added a lex + yacc parser for a different kind of
> config file.  When I rejoined the project, the lex + yacc code didn't
> work right and nobody knew how to fix it.  I've kicked the worst
> problems out of it.  But I think I could actually reduce the lines of
> code and bugs by just rewriting them to use the lexer that is already
> in pluto and with minimal recursive descent parser.
> 
> LALR parsing is a very interesting discipline.  I'm glad I understand
> it (although it is a bit foggy after all these years).  I'm not sure
> that it is useful for most programmers.
> 
> Lexing and parsing are things programmers do all the time, informally.
> Even if they don't know that's what they are doing.  Understanding the
> problems formally can only be a help.
> 
> I learned this stuff from books, people, and hacking.  The first book
> to really present this stuff with a practical parser generator at the
> core was
>   McKeeman, Horning, and Wortman: A Compiler Generator.
> (I took courses from the latter two and met McKeeman.)
> LaLonde's LALR parser generator slotted into that framework and was
> much better than the parser generator that they used.
> (Kildall's PL/M was clearly created with and inspired by this work.
> He then used it to create CP/M.  Which was copied to create MSDOS.)
> 
> The field was relatively young and approachable then.  Compiler stuff
> has gotten way more developed