from:"Jamon Camisso via talk"

Re: [GTALUG] Debian Linux as-a-router Guide

2023-09-07 Thread Jamon Camisso via talk


On 2023-09-07 10:20 a.m., Giles Orr via talk wrote:

As per my previous post, I just purchased a mini-PC which I intend to
turn into a router.  Is anyone aware of a guide for turning a Debian
PC into a _home_ router?  I'd like to be running probably DNSmasq,
using a blocklist, stuff like that.  I've found webpages that tell me
how to turn on network forwarding, or maybe configure DNSmasq, but not
the whole process.

Please don't suggest pfsense: I'm well aware of it, and it may well be
better.  But I'm very adept at managing Debian, and initially at least
I intend to try to set this up.  If it turns out to be direly
difficult, pfsense may happen later.


This guide will get you pretty close, though it is a few years old: 
https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/2/


The author uses Ubuntu, but generally, I suspect it is in line with what 
you're envisioning (DNS, DHCP, and routing/firewall) on a Debian box.


If I were building this system out, I might opt to use nftables and 
firewalld instead of iptables or ufw. However, if you're more familiar 
with either of the latter two it might be easier to start with them.


I'd also suggest running pihole in a container to handle DNS. it blocks 
so many junk requests.


Let us know how you get on with things.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Anybody using rclone?

2023-06-05 Thread Jamon Camisso via talk

On 2023-06-05 6:45 PM, Alvin Starr via talk wrote:
I can snapshot the volume and then backup the snapshot but that is a
40TB image.
Veeam tries to take a look at the file systems and zero unused space,
like Borg appears to do, but that feature had to be disabled because it
was causing random system crashes.

I will take a closer look at Borg.

At Canonical we used an in-house tool called Turku to handle sharded
backups for many thousands of systems:
https://canonical.com/blog/introducing-turku-cloud-friendly-backups-for-your-infrastructure

I think in 2018 when I was there, we had 4-5 storage nodes with 12-16TB
backup storage in each. Any VM that wanted a backup just had to run the
agent (python app to invoke rsync), and have a copy of the storage
system's public key.

The original lives here:
https://bazaar.launchpad.net/~turku/turku/turku-storage/files and my
past colleague who wrote it has a fork of all three components:
https://github.com/rfinnie/turku-storage and so on.

For object storage with deduplication and B2 (backblaze) support, I use
restic. I've got ~500k files in about 100GB of deduped space stored for
less than $1USD/month. Restic is fast (standalone Go binary), encrypted
in transit and at rest, supports compression and deduplication, and also
handles many different storage backends.

I can't vouch for it scaling beyond 1-10TB though, but I would be
looking at some kind of incremental+sharding solution for anything
larger than that anyways.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Data archaeology: archive KDE distortion from 2004ish

2022-09-14 Thread Jamon Camisso via talk


On 2022-09-14 6:39 p.m., D. Hugh Redelmeier via talk wrote:

| From: Stewart Russell via talk 

| Any suggestions for which ancient distro and where it might still live 
gratefully received.

Knoppix?  Perhaps 3.5, which had a DVD version?  There must be copies
around.  See this for a list of versions:

Not sure where to find it now.  Perhaps


This would surely require BIOS/MBR for booting.  And new fangled devices
won't be understood.

There are many other possible distros.


Kubuntu 6.06 might ship with DigiKam pre-installed?

https://old-releases.ubuntu.com/releases/kubuntu/6.06/

Otherwise, it should be available in the packages archive.

I'd boot that ISO in a virtual machine, mount the database files into it 
as a shared folder, and then try starting the program.


Good luck!


---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Booting linux from nvme disk?

2021-12-09 Thread Jamon Camisso via talk


On 09/12/2021 22:03, Peter King via talk wrote:

Long overdue follow-up:



Anyway, the old ways are sometimes the best; grub2 does the job and only
adds an annoying few seconds to the boot time.  Since I plan to leave the
computer on 24/7, that will only be a very occasional inconvenience.


I'm late to the party (everyone has already gone home apparently), but 
this is what I used to boot Arch directly with efi stub and an encrypted 
root partition:


efibootmgr --disk /dev/nvme0n1 --part 1 --create --label "Arch linux" 
--loader /vmlinuz-linux --unicode 
'root=cryptdevice=/dev/nvmen1p3:cryptroot root=/dev/mapper/cryptroot 
quiet audit=0 pcie_aspm=off rw initrd=\initramfs-linux.img' --verbose


Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] a solved problem unsolved itself: WordPress, MySQL, UTF-8

2021-12-01 Thread Jamon Camisso via talk

On 01/12/2021 08:05, Stewart C. Russell via talk wrote:

On 2021-11-29 16:25, Jamon Camisso via talk wrote:

Another thing to try is using mysqli_set_charset("UTF8"); somewhere in 
your site's code. Substitute in different character sets until you 
find the correct one ...

Thanks, Jamon, but there isn't a valid encoding for what my database 
seems to be holding. It was UTF-8, and now it's seemingly UTF-8 decoded 
to CP1252 bytes re-encoded to UTF-8 characters again.

If WordPress were using Python (it's not), if my db held the 4 
character, 6 byte UTF-8 string, the equivalent Python code to end up in 
the mess I'm in is:

     >>> bytes(bytes("côté",encoding='utf-8').decode(encoding='cp1252'), 
encoding='utf-8')

     b'c\xc3\x83\xc2\xb4t\xc3\x83\xc2\xa9'

or 6 characters / 10 bytes of gibberish ('cÃ´tÃ©').
Since that encoding is reversible, can you attempt it on some of the 
corrupted posts/pages? e.g.

>>> bytes(bytes('cÃ´tÃ©', encoding='utf-8').decode(), 
encoding='cp1252').decode()

'côté'

Since this happened in the last month or so, it's not really a legacy 
encoding issue. Perfectly good UTF-8 got destroyed with no input/changes 
from me.

I'd been fairly careful with backups for the first decade of running 
this blog, but the process got wearing after a while, especially since 
every update went flawlessly so the manual backup process was a waste of 
time. Wordpress offers automatic updates without forcing a backup 
checkpoint, which I think is wrong.

Is it a managed Wordpress? That's terribly bad sounding if it is. Worse 
I suppose if Wordpress itself just did it.

Do any of the casting suggestions on that link that I sent fix it? Or 
are you going to have to dump each row and run them through that 
double-decoding process?

Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] a solved problem unsolved itself: WordPress, MySQL, UTF-8

2021-11-29 Thread Jamon Camisso via talk

On 27/11/2021 14:41, Stewart C. Russell via talk wrote:
I have been running a WordPress blog hosted on a Linux-based shared host
since WordPress became a thing. It has worked quite well from about 2004
up until a few weeks ago.

So the phonetic character U+0252 has been mangled into U+00C9 + U+2019.
Every UTF-8 character seems to be affected this way.

I wasn't expecting to wake up to a UTF-8 encoding problem this decade.
There are a raft of "how to fix WP encoding issues" pages that show up
in web searches, but the newest of them is from 2008 or so.

I'm pretty much resigned to going through 16+ years of posts fixing
this, but can mangled UTF-8 be recovered without rekeying?

Probably. If you've been running it for 10+ years, there is/was most
certainly some latin1 data hanging around, that's likely been converted
to UTF-8, or UTF-8 that's been double-encoded somewhere along the line.

This page has a section on the possible incorrect casing issue and a
fix:
https://codex.wordpress.org/Converting_Database_Character_Sets#Variant:_3-step_conversion_when_data_and_table_charset_already_don.27t_match

The rest of the page has a lot of useful information as well that might
apply to your situation.

Another thing to try is using mysqli_set_charset("UTF8"); somewhere in
your site's code. Substitute in different character sets until you find
the correct one, and then you'll be able to figure out a way to migrate
your tables to whatever WordPress wants.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] a solved problem unsolved itself: WordPress, MySQL, UTF-8

2021-11-29 Thread Jamon Camisso via talk

So the phonetic character U+0252 has been mangled into U+00C9 + U+2019.
Every UTF-8 character seems to be affected this way.

I'm pretty much resigned to going through 16+ years of posts fixing
this, but can mangled UTF-8 be recovered without rekeying?

The rest of the page has a lot of useful information as well that might
apply to your situation.

Cheers, Jamon

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Docker, NodeJS and complexity

2021-04-22 Thread Jamon Camisso via talk


On 22/04/2021 09:55, William Witteman via talk wrote:
I have some existing projects to contribute to that use NodeJS and 
Docker, and I am finding that getting set up to work on them is 
extremely daunting.


I have never really used Docker.  I have never really used NodeJS/npm/etc.

I do know Javascript, but I don't build projects like this - it reminds 
me of Ruby-on-Rails, which I found to be a huge snarl of complexity.


I know that the initial development was done on Macs, but in theory at 
least, I should be able to set up the Docker container and use that to 
get me into an equivalent development environment, but I don't really 
know how.


Does anyone have a Debian-flavoured tutorial for setting up 
Docker/NodeJS so that I can build and run someone else's code?


A colleague of mine at DigitalOcean wrote this tutorial (as part of a 
larger series on running containerized Node applications on Kubernetes):


https://www.digitalocean.com/community/tutorials/how-to-build-a-node-js-application-with-docker

While it is Ubuntu 18.04 focused, the principles are the same.

To get Node & Docker working on Debian, these ought to help:

https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-debian-10

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-debian-10

Feel free to ask any follow ups here if you follow along with those, or 
email me directly if you run into any issues.


Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Idiomatic programming versus micro-optimizations

2021-04-09 Thread Jamon Camisso via talk


On 09/04/2021 16:09, Lennart Sorensen via talk wrote:

On Fri, Apr 09, 2021 at 02:55:02PM -0400, Aruna Hewapathirane via talk wrote:

This is simply an attempt to inform and educate ( i am not trying to start
any flame wars ). This article I feel describes aptly why C will not go
away.
https://drewdevault.com/2019/03/25/Rust-is-not-a-good-C-replacement.html


I certainly agree there are things C is the best choice for.  But it is
probably a lot less than it is being used for.  No idea what Rust is good
at, having never used it or looked at it.  I have encountered go code,
and it seems OK so far.


Experimental Rust support is in linux-next:

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/Documentation/rust/quick-start.rst

Here's an example driver:

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/drivers/char/rust_example.rs

Work is ongoing to prove the integration can work longer term. I think 
quite a bit has to do with supported architectures when using GCC or Clang.


Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] WSL, threat or boon? [was Re:Surveillance Capitalism [was another thread]]

2021-04-05 Thread Jamon Camisso via talk


On 05/04/2021 09:31, Russell Reiter via talk wrote:

In that case, in the debate between GCC and clang LLVM, as someone who is
unable to write an operating system from scratch; who relies on
documentation
and the help of like minded people; my vote goes to GCC. It preserves
support for what
I see as program necessary artifacts. Plus I see python and other
interpretative hooks
into machine code a risk, which must be well balanced, from a SigInt
perspective.


1. What's the debate about? Links please.

2. What do you mean by interpretative hooks? What is the risk model that 
you are conflating with with LLVM, and how is it any different than GCC?


Do you verify all your binaries and compiler and all the intermediate 
objects when you build software? As Ken Thompson said, "You can't trust 
code that you did not totally create yourself... No amount of 
source-level verification or scrutiny will protect you from using 
untrusted code[1]."


Since the "debate" as presented here is framed in terms of (specious 
until proven otherwise) risk, I suggest that focusing on the compiler is 
a secondary concern to the main trust issues that must be addressed, 
which are formal verification and reproducible builds. Perhaps the 
CompCert compiler would be better for your needs[2].



In such a case of reconstructionism, I believe GCC is the better
philosophical option.
Why do you believe it is better? Is using LLVM restricting developers 
from writing software that can create social change? Does GCC somehow 
better enable developers to engage in critical thinking about the world? 
Is any of the above the reason that you use a compiler or write 
software? I'd like to understand how either compiler helps or hinders 
you, or other developers.


[1] https://dl.acm.org/doi/10.1145/358198.358210
[2] https://github.com/AbsInt/CompCert
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Has the graphics-card world gone mad?

2021-03-30 Thread Jamon Camisso via talk


On 30/03/2021 01:32, Evan Leibovitch via talk wrote:

Yeah, but it won't be about video cards (thankfully).

(FWIW, the issues I am having driving two 4K monitors with an RX 550 
exist in both Windows and Linux, suggesting that it's not capable of 
driving both monitors at full spec. Either I need to dial down the 
frequency as Russell suggests, or I need a new horsepower card...)


Limit your search to cards with 4GB memory and that will exclude the 
overpriced mining cards.


Am running a new nvidia 1650 series card here with no issues, and doing 
h264 encoding of the output at the same time. Under $300 if you look around.


e.g. https://www.pc-canada.com/item/PH%2DGTX1650%2DO4GD6.html - those 
are nice because they are powered solely by the PCIe slot, so no extra 
GPU cable needed.


Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] How do I demonstrate a crappy network?

2021-01-19 Thread Jamon Camisso via talk


On 19/01/2021 07:19, David Collier-Brown via talk wrote:
I'm working on an article about advances in Linux networking (eg, Cake), 
but with a demonstration anyone can do, to convince doubters.


I therefor need a way to show how crappy someone's network is. I tried 
Skype "echo" calls and an couple of similar approaches, then tried 
playing you-tube videos, all while throwing a load on the network.


But it doesn't /visibly/ fail.

What is something that I can make fail, either audibly or visually? 
Showing my grandmother ping statistics isn't going to work (;-))


A couple ideas:

1. Saturate your link using iperf in client mode, connected to a remote 
iperf server with more throughput capacity than your uplink. Then run 
your demonstration application.


2. Mess with MSS/MTU sizes, perhaps in concert with iperf generated load.

3. DDoS yourself with some raw or spoofed packets.

4. Fill up your connection table, either with lots of connections, or by 
lowering the limit.


The problem with all of these is that TCP is designed to deal with 
dropped & timed out packets, and applications that use UDP usually have 
some perceptual encoding algorithm that tolerates missing datagrams up 
to a point.


Let us know how you get on with this project!

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] question on Debian

2020-11-05 Thread Jamon Camisso via talk

On 2020-11-01 11:12, o1bigtenor via talk wrote:
> Greetings
> 
> Debian has been holding back updates on language updates like GCC for
> some 3 or more months at this point. I had been waiting to update my
> system hoping that I could get things all together as it were. Today I
> bit the bullet and upgraded a whole bunch of stuff.
> 
> Anyone know why this, imho important, software is being held with no
> updates for so long?

I think the GCC maintainers have been focused on getting gcc-10 ready in
Bullseye:

https://lists.debian.org/debian-gcc/2020/07/msg1.html

So I suspect unless there were security issues, they've been working on
that in sid and testing.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Scientific Libraries in Python for Drawing Physics Equations

2020-11-02 Thread Jamon Camisso via talk

On 2020-11-02 18:07, Nicholas Krause via talk wrote:
> Greetings,
> I'm wondering if anyone has used this before:
> http://qutip.org/tutorials.html. If someone has a recommendation or has
> used something
> similar for drawing out the graphs for Schrodinger wave functions or
> Quantum Field Theory that would be helpful. I'm drawing to draw them
> out on a computer with a library as drawing them by hand is also
> impossible for large scales of values and will be easier for field theory.
> 
> This is for the future but it would be nice to hear if anyone has any
> experience with drawing out quantum physics equations from a programming
> library,

I have zero experience or knowledge about it, but here's a reasonable
looking project that uses Seaborn (https://seaborn.pydata.org/) to
visualize wave functions:

https://github.com/nnguyen19/helium_project

The code is in here:
https://github.com/nnguyen19/helium_project/blob/master/Tung-Nhan%20Nguyen%20-%20Helium%20by%20wavefunction.py

Seaborn is a very nice wrapper around matplotlib. From a cursory glance,
it looks like qutip is also a wrapper around pandas & matplotlib so the
two might be useful in combination with each other.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Virtual console 1 frozen..

2020-10-29 Thread Jamon Camisso via talk

On 2020-10-29 18:01, Michael Galea via talk wrote:
> Ctrl-Alt-F1 used to reach a login prompt on the console, but my debian
> testing based box simply shows the booting process up to the
> "/dev/sdb1: clean, . " message, and is unresponsive.
> 
> All of the other virtual consoles work as expected, but I would still
> like to solve the problem.
> I have inspected journalctl logging during/after the last boot and
> nothing stands out.
> 
> Can anyone suggest anything?

Sounds like your system expects a graphical window manager on tty1 but
isn't running one?

http://0pointer.de/blog/projects/serial-console.html should explain all
the ins and outs. You'll want to poke at systemd's getty.service and
possibly its logind.conf file as well.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Apache fails after upgrade

2020-10-08 Thread Jamon Camisso via talk

On 2020-10-08 12:46, Lennart Sorensen via talk wrote:
>> Bingo!  I am not sure why, but I'm definitely not getting the latest
>> of the installed images as my default.  It's a remote VM from ovh.ca,
>> so I never see a GRUB screen.
>>
>> The uptime is less than two days, because this issue happened after a reboot.
>>
>> Interesting wrinkle, is that I don't seem to have grub or grub2 installed.
> 
> Hmm, I wonder which bootload it is using then.  I think grub2 depends
> on grub-pc and grub-common.  Could also use grub-efi, although I doubt
> that.
> 
> Could always install grub2 and see what it does.  What do you have in /boot?
> 
> 'find /boot' should give a list that hopefully isn't too long.

It sounds like OVH VMs use extlinux, so this article's instructions
should help:

https://hubesco.com/blog/index.php?article47/update-linux-kernel-on-ovh-vps-ssd

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] New Build Computer?

2020-07-27 Thread Jamon Camisso via talk

On 2020-07-27 21:05, Peter King via talk wrote:
> Well, no joy in Mudville.
> 
> I disabled Secure Boot by deleted the PK key, which did indeed result in
> the motherboard BIOS recognizing that Secure Boot was disabled.  And, it
> recognizes the NVMe drive as the boot device, indeed the only boot device,
> which is good.
> 
> But ... despite all that, it still does not boot.  I tried it with CSM on
> and CSM off, still no boot.  Efibootmgr this time *did* list the NVMe drive
> as an EFI option (after the USB flash drive), but still no boot.  Tried it
> with various options enabled and disabled, still no joy.
> 
> Damned if I can figure it out.  I feel like I'm getting closer ... but no
> way forward seems obvious.  Any ideas?  Any reason to think that another
> motherboard might be less difficult to get up and running?

Try installing rEFInd to a USB stick, then boot from it. It will
(hopefully) autodetect your various EFI partitions and build a list of
target systems that you can boot.

The USB image is available here:
https://sourceforge.net/projects/refind/files/0.12.0/refind-flashdrive-0.12.0.zip/download

Since you managed to boot from a USB stick before, this might be enough
of a bodge to get you going.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] New Build Computer?

2020-07-25 Thread Jamon Camisso via talk

On 2020-07-25 21:06, Peter King via talk wrote:
> So in the end I went with a Ryzen 3700X CPU and the Asus Prime X570-Pro
> motherboard, adding in an NVMe drive as well for my boot/root device. The
> results have been mixed.

Nice choice, been eyeing something similar myself. How much RAM and what
speed did you go with?

> Any, and all, suggestions welcome. I don't have any experience with the
> Secure Boot option, if that might be the culprit.

That the bootable USB works is curious, and makes me wonder if secure
boot is really the issue.

I've had great success using rEFInd to manage booting various OSes on my
desktop. So my suggestions:

---
1. Try installing rEFInd - it will detect quite a few different bootable
drives. http://www.rodsbooks.com/refind/installing.html#installsh

---
2. If you find that after running the install script rEFInd installs to
the USB stick, try the manual steps on that page, from within your chroot.

---
3. Or, combine both. Bind mount /proc, /sys, and /dev from the USB stick
into the chroot and then try the install script that way.

---
4. Otherwise, the more labour intensive option: your USB stick works, so
hit escape while it is in the grub screens and examine all the arguments
for the working installer kernel.

You may be able to do something like run your own grub commands: `set
root=(hdx,1)` (where you tab complete after the 'hd' part and you'll get
a list of partitions to choose from). Once you're pointing at your Linux
boot partition, load the kernel and initrd using the usual arguments for
your previously working Arch+Grub.

One thing to watch out for is that you get the correct root=LABEL=foo,
or root=LABEL=$UUID, or root=/dev/nvmXXX argument right, otherwise
you'll end up in your init recovery shell.

Once you're in that way, you can try installing rEFINd again.

Of course, messing with bootloaders, make a backup of your working
bootable partition(s) if you don't have one already, ideally using dd.

For reference, here's the EFI partition that I use with rEFInd and Grub
as seen by fdisk:

fdisk -l /dev/nvme0n1
Disk /dev/nvme0n1: 465.76 GiB, 500107862016 bytes, 976773168 sectors
Disk model: Samsung SSD 960 EVO 500GB
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: C56F030C-9CDB-2A45-ABDE-A64263DFC0F4

Device Start End Sectors Size Type
/dev/nvme0n1p12048526335524288 256M EFI System
. . .

And by findmnt:

findmnt -u /boot/efi
TARGET SOURCE FSTYPE OPTIONS
/boot/efi
/dev/nvme0n1p1
vfat
rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Free Linux VMs

2020-05-09 Thread Jamon Camisso via talk

On 2020-05-09 14:27, Ansar Mohammed via talk wrote:
> So just an update to my earlier email, you can get 2 free Linux
> instances on Oracle's Cloud platform and 1 free instance on Google's
> Cloud platform.
> These are not time restricted. 

Until they are:
https://www.theregister.co.uk/2020/03/05/google_reintroduces_management_fee_for_kubernetes_clusters/

Yeah that's GKE, but they can change pricing whenever they want. $0 ->
$73/month per cluster just like that.

Just be prepared to migrate or pay at some indeterminate time in the
future if you sign up for either.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] On the subject of backups.

2020-05-04 Thread Jamon Camisso via talk

On 2020-05-04 09:55, Alvin Starr via talk wrote:
> 
> I am hoping someone has seen this kind of problem before and knows of a
> solution.
> I have a client who has file systems filled with lots of small files on
> the orders of hundreds of millions of files.
> Running something like a find on filesystem takes the better part of a
> week so any kind of directory walking backup tool will take even longer
> to run.
> The actual data-size for 100M files is on the order of 15TB so there is
> a lot of data to backup but the data only increases on the order of tens
> to hundreds of MB a day.
> 
> 
> Even things like xfsdump take a long time.
> For example I tried xfsdump on a 50M file set and it took over 2 days to
> complete.
> 
> The only thing that seems to be workable is Veeam.
> It will run an incremental volume snapshot in a few hours a night but I
> dislike adding proprietary kernel modules into the systems.

If you have a list of inodes on the filesystem you can use xfs_db directly:

xfs_db> inode 128
xfs_db> blockget -n
xfs_db> ncheck
131 dir/.
132 dir/test2/foo/.
133 dir/test2/foo/bar
  65664 dir/test1/.
  65665 dir/test1/foo
  65666 dir/test3/foo/.
 142144 dir/test2/.
 142145 dir/test3/foo/bar/.
 142146 dir/test3/foo/bar/baz
 196736 dir/test3/.

I don't know how that will perform relative to something like find though.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] DNS-over-HTTPS - what's the use?

2019-12-23 Thread Jamon Camisso via talk

On 12/23/19 1:37 PM, Giles Orr via talk wrote:
>> Both things tend to be true of encryption technologies.
>>
>> I am not sure I would be running out to implement DoH any time soon
>> because it does not seem like a great value.
> 
> I'm also not enthusiastic about taking DNS out of the hands of the
> operating system: not only does this break "do one thing and do it
> well" (although browsers did that long ago), it also means that if you
> have name resolution problems the solution becomes split on "is this
> in the browser or somewhere else?"  It seems to me that this solution
> - if implemented at all, and it's sounding like a bad idea - should be
> done at the OS level, not the browser.

I've been using DoH since it showed up in Firefox Nightly. DoH can be
set to fallback to an OS resolver in the event that the browser's
resolvers are unavailable.

The value of DoH is in not letting ISPs or employers or parties x, y,
and z track, monetize, and deanonymize DNS requests.

For example: ISPs as resolvers can take DNS requests and sell that data
on to a data broker to target ads and no one is the wiser. Likewise
sharing with law enforcement or government. Our ISPs are total black
boxes when it comes to how they run, share, and monetize our DNS data.

Another example: employers can track browsing habits on networks using a
VPN, DHCP, or  preconfigured resolver. The recent case of Kathryn Spiers
at Google is roughly analogous. She made a browser extension to notify
users about their rights, but I have no doubt that every Google
employee's DNS queries to union busting sites are logged and can be
correlated if someone higher up decides to embark on further union
busting programs.

Then there are the countries with questionable human rights records who
surveil their citizens, activists, journalists etc.

I think that DNS is one of those things that we all take for granted and
trust without realizing how easy it is to monitor, subvert/tamper,
monetize, and identify individuals with.

I'm personally all for making surveillance capitalism incrementally more
costly to the data brokers and ad networks out there. Moreover tools
like DoH that make privacy a default setting go at least some way to
encouraging the idea that privacy online should be a fundamental right
(which is admittedly a matter of personal belief, but I haven't come
across a compelling argument to the contrary).

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

[GTALUG] TekSavvy or Rogers blocking apt user agent

2019-11-04 Thread Jamon Camisso via talk

On 04/11/2019 21:24, D. Hugh Redelmeier via talk wrote:
> Is this happening to you?  I will assume so.
> 
> - my main internet connection is directly through Rogers.
> 
> - I use Ubuntu infrequently.
> 
> - when I do update it, I have had no issue.  Most recently: a couple
>   of days ago.
> 
> The ip address in the wireshark log is 91.189.91.23 (AKA
> economy.canonical.com).  When I point (Fedora) firefox at it, it claims
> that it cannot connect to a web server there.  Of course that's with
> Firefox's User Agent String.  ping does get responses.

Teksavvy have done something on their end:

https://twitter.com/TekSavvyCSR/status/1191486635764068355
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Custom build: Which case?

2019-09-19 Thread Jamon Camisso via talk

On 19/09/2019 07:51, o1bigtenor via talk wrote:
> On Wed, Sep 18, 2019 at 10:51 PM William Park via talk  
> wrote:
>>
>> I built all of my computers, last one being a basic i3-4170.  There is
>> one part that I was never satisfied with, and that is "computer case".
>> Selections at Canada Computers and Newegg are disappointing.  If you
>> were building a full-tower computer, which case would you buy?  And
>> where?
> 
> Hmmm - - - my beef is that case design seems to convey that
> the case is a work of art, absolute male bovine excrement, I waant a 
> functional
> box but I hardly ever look at the thing. That means that I don't want
> blinky lights,
> that pretty glass covers really aren't necessary (unless they help
> cooling - - -
> which is very doubtful) and functional is what I most desire.

c'mon, only 15kg: https://www.newegg.ca/p/N82E16811853056 - you know you
want it..
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Samsung router?

2019-08-28 Thread Jamon Camisso via talk

On 2019-08-28 15:30, o1bigtenor via talk wrote:
> Hopefully this isn't considered a thread hijacking - - - but - - - -
> is there any linux software for running a managed switch?
> 
> You are indicating that Cisco is perhaps not a great choice - - - - do
> you have any recommendations? (Hopefully not ones that are seriously
> 'ouch' in the price department - -  - grin.)

Make your own box and run Cumulus on it:

https://cumulusnetworks.com/products/cumulus-linux/

IIRC it is a Debian derived distribution. We experimented with some
100Gbit Mellanox and Chelsio cards with Cumulus at Canonical and it was
pretty straightforward. Refreshing to not use Cisco's CLI, which I have
never found intuitive.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Samsung router?

2019-08-28 Thread Jamon Camisso via talk

On 2019-08-28 10:26, James Knott via talk wrote:
> On 2019-08-28 09:50 AM, Alvin Starr via talk wrote:
>> There is always Ubiquiti. Their stuff is a little more expensive than
>> what you will pay at CanadaComputers.
>> They tend to have decent long term support becuase they sell to WISPs
>> and there is usually an SSH/telnet capability built into the units so
>> you can poke around inside.
>> They now seem to sell direct in Canada.
> 
> Any business grade unit should have similar, along with management
> software that runs on a computer.  These units also tend to be designed
> for use on networks with multiple APs.  Cisco has some great gear, but
> tends to be a bit pricey.

For the price, with OpenWRT support, hard to go wrong with an EdgeRouter:

https://openwrt.org/toh/ubiquiti/ubiquiti_edgerouter_x_er-x_ka

https://www.deploydepot.ca/ubiquiti-edge-router-x-gigabit-5-port-ethernet-router/

I haven't flashed OpenWRT on mine since it is running my Unifi APs. I
want a second for a lab unit to play with.

Cheers, Jamon
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Calling all networking and SVN gurus

2019-06-08 Thread Jamon Camisso via talk

On 6/8/19 4:50 PM, James Knott via talk wrote:
> 
> Bottom line, fragments are unlikely to be an issue as all modern OSs use
> PMTUD on TCP and Linux uses it on everything.

True enough, but it is also easy to check and determine whether it is an
issue. I get a ticket or two a month with remote employees who are
connecting from strange places, or have issues with VPNs, and quite a
few are MTU related.

I'm curious about PMTUD now: my understanding is that ICMP needs to be
unrestricted between server & client. If something is blocking that
traffic how does it work? Also how does PTMUD handle asymmetric paths?

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Calling all networking and SVN gurus

2019-06-08 Thread Jamon Camisso via talk

On 6/7/19 1:16 PM, Giles Orr via talk wrote:
> To forestall the inevitable suggestion: no, the solution is not to move
> to git.  At least not yet: for various reasons, it can't happen right
> now.  This is the last holdout, all our other repos are already git.

> I've so far failed at getting more logging out of SVN and Apache: what I
> do have doesn't tell me much useful, at least not related to these failures.

You could turn on trace logging for mod_dav, and if you are worried
about spamming logs, put some conditionals around the jenkins host's IP.

e.g. 'LogLevel info dav:trace3' would turn on trace3 level logging for
dav and leave everything else at info.

> This problem is intermittent and infrequent.  I'm thinking the next step
> is network sniffing - although I'm hoping someone can suggest something
> better.  I'm relatively inexperienced with Wireshark and tcpdump (and
> SVN ...), but what experience I do have suggests all I'm going to get is
> to learn that SVN stopped providing data without finding out why or how
> to fix it.

First thing I'd look at is MTU between Jenkins and the remote server. If
there's some route churn you could conceivably end up with different
MTUs which can lead to inconsistent fragmentation or timeouts. With a
large SVN repo and lots of propfind requests, the overhead of a bad MTU
somewhere along the line would be quite noticeable. Try tracepath &
tracepath6 to see what things look like between the hosts.

Also check to see if there's some mixed IPv4/IPv6 business going on. I
doubt it, but I've seen inconsistent behaviour with dual stack
applications that aren't explicitly configured to support one or both.

Otherwise, to eliminate whether it is SVN on Windows that's the issue,
try rsyncing the underlying repository and bypass SVN entirely.

Cygwin has SSH & rsync support, so you can do fast differential rsyncs.
Then in the jenkins job, specify whatever svn operations you need to
unlock and checkout the correct branch & revision.

Let us know what you find!
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Question Fodder: Bcache Filesystem

2019-05-15 Thread Jamon Camisso via talk


On 5/14/19 5:12 PM, Christopher Browne via talk wrote:

Sounds like it may be the wrong moment in time to be adopting
BCache-related stuff ;-)

Has anyone been poking at this sort of stuff?  A *lng* time ago, I used
to follow ReiserFS pretty closely, back when that project was a technical
matter, as opposed to being (rather properly!) overshadowed by a murder
investigation :-(


We use it for every customer's Openstack cloud for almost every 
openstack component. Nova, Ceph, Swift, Keystone, and MySQL are the 
major services, and each has a bcache underlay along with a hardware 
RAID controller.


It has proven to be quite a reliable (and fast) setup, and even in the 
event of a power cut we haven't lost any data.


For nova especially where users are interacting with VMs, it means a 
customer can have large amounts of storage allocated for a VM, and 
writes feel as though the whole system is running on an SSD.


Likewise for Keystone & MySQL, where in busy clouds with clustered 
MySQL, tokens can take a long time to generate, fetch, and authenticate 
without the SSD backing.


All around quite useful, just don't run it on the leading edge of GCC, 
Kernel, and OS releases!

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] of routers and access points

2019-04-26 Thread Jamon Camisso via talk


On 4/25/19 4:00 PM, David Mason via talk wrote:
Is there an openwrt non-wifi, PoE router? Also the WRT1900ACv2 seems to 
have limited availability.


Looks like the ERX you were looking at is compatible, TIL!

https://openwrt.org/toh/ubiquiti/ubiquiti_edgerouter_x_er-x_ka

I might try flashing mine sometime.
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Installing Anaconda with Python 3 on 32 bit linux (Ubuntu ver 16.04 )

2019-04-20 Thread Jamon Camisso via talk


On 4/20/19 7:20 AM, o1bigtenor via talk wrote:

the issue of having directories that I am unable to remove even using rm -r
but there is a very long and definitely not simple technique whereby maybe
I will be able to purge my server of said mess.


Will apt-get remove snapd not do the trick? Also I'm curious what data 
you're trying to remove. Any data for snapped packages that I've needed 
to manipulate lives in /var/snap/ and is just plain old data.


Otherwise are you having issues with snaps themselves in /snap ? 'snap 
remove' is all I've ever needed there.


Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Local source for weird RAM

2019-03-06 Thread Jamon Camisso via talk


On 3/6/19 2:51 PM, Mike Kallies via talk wrote:

Hello GTALUG,

I have an HP ML110 G6 which I'm using for some minor virtualization, but 
it has 12G of RAM in it.   I've been looking how to bring it up to 32G, 
but the options have been risky and expensive.   So much so, that 
replacing it with a different machine seems more worthwhile.


Does anyone know a local source for these 8G "Dual Ranked, ECC, 
Unbuffered/NON-REGISTERED" modules?


https://trainingrevolution.wordpress.com/2014/01/05/hp-proliant-ml110-g6-server-maximum-memory-configuration-32gb/ 


Not local, but there's compatible memory out there, just depends on how 
long you can wait and if you're willing to pay for it:


https://www.newegg.ca/Product/ProductList.aspx?Submit=ENE=1=17951%20600564422%2066161%2066164%20601275453

(Check the pin count, I didn't filter on that).

If you have an account with a channel partner for HP I don't expect 
you'd be asking here, but they can likely find it cheaper for you.


Or eBay may have some that would work.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

2019-02-22 Thread Jamon Camisso via talk

On 22/02/2019 11:25, Val Kulkov via talk wrote:
> Most or all participants to this thread appear to agree that picking the
> right IP neighbourhood is key to success.
> 
> So, how does one pick a good neighbourhood? Are there any tried-and-true
> rules or methods?

Use a reputable cloud provider that gives you a dedicated IP for a VM.
Many will go to great lengths to keep their IP ranges off blocklists,
including terminating VMs that abuse port 25, knowingly or not.

Otherwise, use a 3rd party SaaS mail provider.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Spamhaus block

2019-02-21 Thread Jamon Camisso via talk

On 21/02/2019 17:53, Stewart Russell via talk wrote:
> On Thu, Feb 21, 2019, 15:53 Marc Lijour,  > wrote:
> 
> +1
> 
> turns out that OVH is cheap and not-for-profit organizations are
> looking for cheap (same as spammers I guess), ...
> 
> We're not looking for cheap at all. A site hosted by WPEngine isn't
> cheap. It's the arbitrariness of spam blocking: we did _nothing_ wrong,
> we have no link to any spammer or blacklist, yet the anti-spam crowd
> held our business up. 

Looks like WPEngine allows you to use an external SMTP provider:

https://wpengine.com/support/using-3rd-party-email-provider-send-mail-wordpress/

$5/month for a VM with places like vultur, linode, digital ocean. I run
a few VMs, and all get 10/10 with that mail test site mentioned earlier.

Postfix with SPF, DKIM, and rDNS records are what I use. Ought to be
pretty solid for all but the most demanding users. I haven't needed to
look into DMARC at all, but could add it if needed.

Otherwise with WPEngine, mailgun, sendgrid, looks like there are options
to get your messages onto reliable mail gateways.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] cron scripts BOOM

2019-01-10 Thread Jamon Camisso via talk


On 1/9/19 12:46 PM, Jason Shaw via talk wrote:
darryl, you should be able to look at yum or apt/dpk histories to see 
if/when cron was updated and possibly gleam some information about 
who/what did it.


for debian and ubuntu : 
https://serverfault.com/questions/175504/how-do-i-get-the-history-of-apt-get-install-on-ubuntu 



Certainly sounds like something automatically updated the cron package 
to me.  Good luck in the forensics.


Sounds bad on all counts. I'm not aware of any bugs in 16.04 that would 
wipe out any crontabs on auto-updates or manual updates. If you're the 
lucky person to discover one, it will definitely require an SRU update 
to the cron package itself.


Does anything show up related to cron in /var/log/apt/*.log as Jason 
pointed out?


What about in syslog and auth.log? Anything there that would show 
something like 'crontab -r' being invoked?


Lastly, are you using any config management tool like puppet, chef, 
salt, ansible, juju, etc.? My immediate reaction upon reading this is to 
cast aspersions at config management - think sorcerer's apprentice and 
all that.


Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

[GTALUG] programming system questions

2018-10-11 Thread Jamon Camisso via talk

On 11/10/18 12:59, o1bigtenor wrote:
> And what does one do when the web is down?

A framework like react is built with this in mind - serviceworkers
handle offline actions until there's connectivity.

I'm sure others let you do the same thing with a local data store/db, be
it natively or through a plugin, and then sync up once there's a connection.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] programming system questions

2018-10-11 Thread Jamon Camisso via talk

On 11/10/18 10:37, David Mason via talk wrote:
> Electron is probably the easiest way to move a web app to an
> application. See:
>     https://electronjs.org/
> 
> It uses html, javascript, css and should be able to connect to your
> postgresql database.

slack, what should be a simple text chat built on electron is taking
873044 kb RSS memory on my desktop.

electron should be the last resort - it is probably the worst thing you
could do for your users if you care about resource constraints.

I would question the merit of even moving from a web application. I am
on 400/100kbit DSL in the country, and I don't have any issues with even
large react or ember based web apps.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Questions on wireguard and networking

2018-10-03 Thread Jamon Camisso via talk

On 03/10/18 10:36, o1bigtenor via talk wrote:
> I am wanting to use this wireguard between two different routers here
> to firmly control not only the in but also the outgoing electronic
> communications.
> 
> Perhaps someone has a better solution - --if so - - - I'm looking (grin!).

GRE & IPsec would be the bog standard approach here.

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/P2P_GRE/2_p2pGRE_Phase2.html

Ignore the cisco specific bits, just look at the diagrams and descriptions.

You can implement this yourself pretty easily using 'ip_gre' (GRE kernel
module) and strongswan (for IPsec) following any of the tutorials out there.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] tr: Illegal byte sequence

2018-09-27 Thread Jamon Camisso via talk

On 27/09/18 09:35, James Knott via talk wrote:
> On 09/27/2018 09:29 AM, Jamon Camisso via talk wrote:
>> f.,,H%+IMpQ-yDG+W'5'+AmjU$CcF*ZK
>>
>> That said, if that's a password for a human, I pity the person who has
>> to type it.
> 
> What???  You mean you haven't memorized it?  ;-)
>> What are you using passwords like that for, as opposed to some kind of
>> key based auth?
> 
> I use that sort of password for WiFi.  However, I use the Perfect
> Passwords from www.grc.com.  They have 63 random character strings just
> for that purpose.
> 
> Here's an example:
> "57,%Y9Nhttps://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] tr: Illegal byte sequence

2018-09-27 Thread Jamon Camisso via talk

On 26/09/18 10:43, Giles Orr via talk wrote:
> I wrote a random password generator shell script, the core of which is
> this one-liner:
> 
> dd if=/dev/urandom bs=1 count=256 2>/dev/null | tr -dc
> 'A-Za-z0-9!@$%^&*(){}[]=+-_/?\|~`' | head -c 32

If semi-random 32 (or n) character passwords is what you're after, pwgen
should work on Linux and macOS:

pwgen -s -y 32 1
f.,,H%+IMpQ-yDG+W'5'+AmjU$CcF*ZK

That said, if that's a password for a human, I pity the person who has
to type it.

What are you using passwords like that for, as opposed to some kind of
key based auth?

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Attacks on MAC address lists (was: suggestions for stopping occasional spurious use of commercial wi-fi)

2018-09-17 Thread Jamon Camisso via talk

On 16/09/18 17:51, David Collier-Brown via talk wrote:
> I've set up MAC address lists, after a surprising number of reboots to
> unwedge the router  (did I even mention I hate flaky PC-style software?).
> 
> How can my hacker avoid them? Wait until my wife's Mac drops off-line
> and steal her MAC?

Actually I'd like to know more about your wifi setup. What kind of
security is/was in place?

I'd be somewhat dubious about a malicious hacker if you were using WPA2
with a decent passphrase. Ok, if WEP, well that takes a few minutes, but
if you're using WEP then all hope is lost..

If WPA2, try it out, fire up aireplay, capture the 4 way handshake and
then run wpacrack against it with a decent dictionary.

If you have a moderately ok passphrase, it will take days on a decently
speced machine to brute force it, if at all.

Howto here: https://aircrack-ng.org/doku.php?id=cracking_wpa

Are you sure something else isn't going on?
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] [u-u] Suggestions for stopping occasional spurious use of commercial wi-fi

2018-09-17 Thread Jamon Camisso via talk

On 17/09/18 08:37, James Knott via talk wrote:
> On 09/16/2018 09:47 PM, UU via talk wrote:
>> 2. change SSID & don't broadcast it
>>  
> 
> That's generally not effective.  It provides a false sense of security.

Likewise MAC address white listing. It is easy enough to use ip link set
dev address, or ifconfig hw ether to spoof a MAC address.

Anyone who has gone to the trouble to crack your WPA2 PSK security will
be able to spoof a MAC address. Their packet captures will contain
legitimate authenticated clients that can be copied.

arping can be used to hijack the MAC of a currently connected client as
well, no need to wait for them to be offline.

So there's really no benefit to white listing if someone is targeting
you - far more trouble to maintain, and very much encourages a false
sense of security.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Boot setup issues

2018-09-14 Thread Jamon Camisso via talk

On 14/09/18 10:22, o1bigtenor via talk wrote:
> So I've installed both of these systems (more than once each) they
> have their own partitions for everything but boot and efi yet I'm only
> seeing one system available on grub (depending upon the last install
> as to which). So I'm doing something wrong!! I tried using grub
> updating tools (# os-prober) still no joy. The web pages that I'm
> finding seem to be for an older version of grub and, as usual, I'm
> finding man pages are like reading cuneiform (which I find
> unintelligible).

Try installing refind - it is pretty good at detecting multiple OSes.

That said, if you have a shared boot partition between installations,
then you're going to have a much harder time detecting things, since
each OS will run update-grub, and clobber the other's grub.cfg entries.

You might be better off writing your own grub.cfg file or customizing
scripts in /etc/kernel to handle regenerating grub.cfg when there are
kernel updates.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

[GTALUG] Anyone here using Manjaro or OpenSUSE?

2018-09-09 Thread Jamon Camisso via talk

On 09/09/18 00:14, Evan Leibovitch via talk wrote:
> Hi all.
> 
> I'm looking to install a new distro, after using Mint and Kubuntu for a
> long time.
> I'm trying to choose whether to try Manjaro or OpenSUSE.
> 
> Sure, I can install both and can look around. But I'm wondering is there is
> anyone here who uses either of these distros who might be aware of issues
> not readily apparent. Intended desktop is KDE.
> 
> Note: I want to be able to use Dupeguru, Spotify, Skype and Signal, apps
> that under *buntu require auxilliary PPA repositories. Some of these are
> dealbreakers if I can't use them.

There are snaps for all those except Dupeguru (I don't see RPMs for it
anywhere either, so it looks like .deb from PPA or .spec RPM build are it).

Manjaro and OpenSUSE run snapd with no issues, so you ought to be able
to tick 3 of the 4 boxes (snap search ) returns:

signal-desktop  1.16.0   snapcrafters  -  Signal Private Messenger
for Windows, Mac, and Linux

skype   8.28.0.41   skype✓ classic  One
Skype for all your devices. New features. New look. All Skype.

spotify1.0.88.353.g15c26ea1-14  spotify✓   -  Music for everyone


Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

[GTALUG] Any Debian User Groups in the GTA?

2018-09-05 Thread Jamon Camisso via talk

On 05/09/18 12:02, o1bigtenor via talk wrote:
> Being one is is in what would seem to be a severe backwater how and/or
> where can one access  these 'Debian mailing lists'. I would likely not have
> code to contribute but have at times run into some very puzzling problems
> where I could have benefited from 'expert' adivce.

Open buffet of lists: https://lists.debian.org/users.html

Take your pick!

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Ubuntu -- Disabling Ping

2018-08-30 Thread Jamon Camisso via talk

On 29/08/18 21:44, Howard Gibson via talk wrote:
>I am playing with my hack Ubuntu machine, and I am sorting out
> security. I want to disable ping.  This is a laptop, and I want to
> document the application of aluminium foil.

Could you elaborate a bit about how disabling ICMP enhances security of
this system? I'm curious what kind of information you're trying to
control with it off.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Ubuntu -- Disabling Ping

2018-08-29 Thread Jamon Camisso via talk

On 29/08/18 21:44, Howard Gibson via talk wrote:
>I am playing with my hack Ubuntu machine, and I am sorting out
> security. I want to disable ping.  This is a laptop, and I want to
> document the application of aluminium foil.
> 
>The standard ping disabler is the following line...
> 
> # echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
> 
>This works fine on my Fedora laptop.  On Ubuntu, I get...

The # makes me think you are root on the Fedora laptop.

> $ sudo echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
> -bash: /proc/sys/net/ipv4/icmp_echo_ignore_all: Permission denied

That's expected with a sudo echo > redirect invocation. The shell is
doing redirection. sudo is invoking echo, the output of which is being
redirected in your normal user's shell to a file that you do not have
permission to write to.

Try this if you want to go the sudo route:

echo 1 |sudo tee /proc/sys/net/ipv4/icmp_echo_ignore_all

That way tee is invoked with elevated privileges and writes its output
to the file.

Or you can become root like on your Fedora system and use echo 1 >...

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] SSL Server Certificate

2018-07-17 Thread Jamon Camisso via talk

On 17/07/18 20:38, Peter King via talk wrote:
>> Off-tangent... Can someone do a talk on "SSL/TLS Certificate" for users,
>> sysadmin, and application programmers level?  Like,
>> - how to create certificate
>> - what fields to populate when create certificate.  It seems to
>>   be sensitive to expiry date, certain fields, etc.
>> - how to install them, at server side and at client side.
>>
>> I understand SSH private/public keys.  But, for the life of me, I don't
>> understand SSL/TLS or OpenSSL package.
> 
> Seconded!  (For obvious reasons.)

I suppose I could give a talk at an upcoming meeting. If an organizer
wants to contact me offlist I'm sure we can arrange something.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] SSL Server Certificate

2018-07-16 Thread Jamon Camisso via talk

On 16/07/18 21:16, Peter King via talk wrote:
> I'm puzzled about how to set up server certificate validation in getting
> my email, which isn't surprising given that I understand next to nothing
> about the way certificates work.
> 
> Here's the particular issue.  I want to check over ssl/tls to see that the
> server certificate is valid, and that it matches a fingerprint I have for
> it.  So, I know just enough to get the certificate from the server, in this
> case from Google:
> 
>   $ openssl s_client -connect pop.gmail.com:995 -showcerts > 
> ~/gmail.openssl.txt
> 
> By inspection I can see that the certificate is provided by GlobalSign.  So
> I do a quick check:
> 
>   $ ls -l /etc/ssl/certs/GlobalSign*

s_client doesn't behave exactly as you expect. It needs explicit
instructions to send a -servername when you use -connect. What you're
actually getting if you look carefully is the imap.gmail.com certificate.

Without servername:

openssl s_client -connect pop.gmail.com:993 2>&1 |openssl x509 -noout
-subject -fingerprint
subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN =
imap.gmail.com
SHA1 Fingerprint=BD:94:41:8C:64:D9:B1:43:49:3A:98:68:57:12:51:A3:3C:52:BF:86

With -servername:
openssl s_client -servername pop.gmail.com -connect pop.gmail.com:993
2>&1 |openssl x509 -noout -subject -fingerprint
subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN =
pop.gmail.com
SHA1 Fingerprint=59:B1:5F:6A:BF:F2:28:D9:4A:FC:89:DB:75:FD:7D:65:EC:82:AD:E7

> Lo and behold, there is an obvious hit: GlobalSign_Root_CA.pem.  So I put
> that down as the certificate for the server.

This ends up being the incorrect CA certificate. If you take a look at
the full openssl s_client output, you'll see the chain listed right at
the beginning, including the identity of the authority's certificate:

openssl s_client -servername pop.gmail.com -connect pop.gmail.com:993
.
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=pop.gmail.com
   i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
 1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
   i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign

0 is the certificate from the server itself, with the subject and CN
matching pop.gmail.com. The 's' field is the subject field of the
certificate. The 'i' field is the issuer field.

Likewise, 1 is the intermediate certificate that Google uses to sign
their public-facing certificates, which itself is the public component
of their private intermediate certificate.

That intermediate of Google's is signed by GlobalSign using the latter's
root R2 certificate. Their root R2 is self-signed, and there's the
entire chain.

So the root that you're looking for is described in that last field of
the intermediate certificate 'OU=GlobalSign Root CA - R2'. Take a look
in /etc/ssl/certs/ and you'll see a file: GlobalSign_Root_CA_-_R2.pem

To see how the chain all lines up, look at how the issuer of one is the
subject of the next.

I've saved Google's pop & the intermediate to separate files to make it
easier. Also note that openssl 'hash' operates on the subject, so it
isn't anything special, it is just easier to eyeball when checking
things as opposed to reading a subject and missing something like 'R2'
for example ;)

 server certificate:
openssl x509 -in pop.gmail.com.pem -noout -subject -issuer -issuer_hash

subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN =
pop.gmail.com
issuer=C = US, O = Google Trust Services, CN = Google Internet Authority G3
6a909d98

 intermediate Google G3 certificate:
openssl x509 -in globalsign-intermediate.pem -noout -subject -issuer
-hash -issuer_hash

subject=C = US, O = Google Trust Services, CN = Google Internet Authority G3
issuer=OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
6a909d98
4a6481c9

 globalsign root R2 certificate
openssl x509 -in /etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem -noout
-subject -issuer -hash
subject=OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
issuer=OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
4a6481c9

See how subjects & hashes line up? Note the G3, R2 bits don't mean
anything special in terms of protocols, they're just labels that Google
& GlobalSign use internally to keep track of their different
certificates. Every intermediate & root CA do these however they like -
just look through /etc/ssl/certs and check subject names to see the variety.

Hope this helps with troubleshooting.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Thermal paste availability / Raising the dead

2018-07-08 Thread Jamon Camisso via talk

On 08/07/18 15:03, Alex Beamish via talk wrote:
> Best Buy only ships this on-line, and Canada Computes doesn't seem to
> stock it. Can anyone comment on where they get thermal paste? I could
> wait for delivery, but it would be great just to get the stuff and move on.

http://www.canadacomputers.com/index.php?cPath=8_128 - lots of different
thermal compounds to choose from.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] server questions - - help needed

2018-06-04 Thread Jamon Camisso via talk

On 03/06/18 15:47, o1bigtenor via talk wrote:
> So I am trying to determine what may have caused the system to do a
> reboot, whilst I have my suspicions I want to figure out exactly what
> is happening to cause this kind of behavior. AIUI servers should be
> able to run happily for years without issues (barring hardware
> problems) so I want that kind of reliability. Where in /var/log will I
> be finding the most clues as to the events that lead up to this
> 'reboot'?

Most servers from the big vendors will have an out of band (aka lights
out) management interface. Tools like freeIPMI let you control the
physical host - like remote serial console, chassis power control etc.

Does yours have this feature? Usually hardware issues show up in a log
there - things like power supply issues, CPU overheat conditions etc.

If you don't have one, I highly recommend looking into whether your
server supports an add-on out of band management card

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] server questions - - help needed

2018-06-04 Thread Jamon Camisso via talk

On 03/06/18 20:05, Clifford Ilkay via talk wrote:
> By the way, I don't understand why long up times are considered to be some
> sort of badge of honour. If you're doing regular updates even with very
> conservative distributions, like CentOS or Debian stable, you're going to
> have to reboot your server due to kernel updates at least every few months.

There are a few kernel hot fix tools out there to address this.

Canonical offer canonical-livepatch: https://www.ubuntu.com/server/livepatch

SuSE has kGraft: https://www.suse.com/products/live-patching/

RedHat develops kpatch: https://access.redhat.com/articles/2475321 - I'm
not sure how they distribute patches.

Oracle bought ksplice: http://ksplice.oracle.com/

Shameless self-promotion - I think ours is the easiest to setup - snap
install, livepatch enable and you're all set. That and you get 3 tokens
free whereas all the other offerings seem to require paid subscriptions.

You can get a $0 ksplice license for a single desktop system I think,
but other than that, Oracle seem to only support their own Linux with it
now.

None of these helped with spectre/meltdown but for any other patches
that I've seen, patches just happen. These tools give more flexibility
in terms of planning infrastructure reboots while keeping systems stable
and secure. I highly recommend running one!

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Can't boot using Xorg, only Wayland works on Ubuntu 18.04

2018-05-16 Thread Jamon Camisso via talk

On 2018-05-16 12:16 PM, Jim Ruxton via talk wrote:
> Thanks Stewart.
> 
>> On 2018-05-14 12:09 AM, Jim Ruxton via talk wrote:
>>> I recently updated to Ubuntu 18.04 and cannot boot using Xorg only
>>> Wayland. I have tried reinstalling xorg, reinstalling nvidia drivers,
>>> setting |WaylandEnable=false| in |/etc/gdm/custom.conf| but whenever
>>> trying to login using Xorg I get a frozen screen and mouse.
>> On my 18.04 system, gdm is running under Xwayland no matter what session
>> I choose. So I'd suggest commenting out the WaylandEnable=false unless
>> the gdm login isn't visible on your system.
> If I don't comment out WaylandEnabled = false I can't even get to the
> login screen so yes I have to comment this out.
>>
>> Also, the first time I explicitly chose "GNOME on Xorg" at the password
>> "cog", I got a blank screen with just a mouse cursor. On reboot, GNOME
>> is happily running on Xorg ($DESKTOP_SESSION is "gnome-xorg") — but
>> Xwayland's still running too.
>>
>> Xorg is supposed to be the default for new installations under 18.04,
>> and I was definitely running it under 17.10. I was surprised to find
>> that after the upgrade I'd been pushed over to Xwayland.
> I am  in the same boat, was using Xorg  on 17.10 but cannot get it to
> work in 18.04. Maybe the only way to get it back is a clean install?

I ran into the same issue - blank screen, with and without wayland.

If I switch to KDE everything works.

I'll dig around for bugs about it.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Sending array variable over CGI ?

2018-05-13 Thread Jamon Camisso via talk

On 2018-05-13 12:57 AM, William Park via talk wrote:
>> Any of that look useful?
> 
> What does URL look like, when sending those 16 integers?
> 
> Or, has Web/CGI evolved to a point where you just include JSON content
> in POST method, and javascript handles the magic behind the scene?

I'm using PUT, but POST would be the same - the URL in my Django
application is just a restful endpoint at /save.

I don't know how Perl & CGI handle PUT/POST data that isn't a form field
or URL parameter, but this link looks useful:

https://stackoverflow.com/questions/19610312/perl-cgi-passing-variable-in-post-with-json

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Sending array variable over CGI ?

2018-05-12 Thread Jamon Camisso via talk

On 2018-05-12 05:48 PM, William Park via talk wrote:
> Hi all,
> 
> If I'm sending single valued data over web, eg. a=111, b=222, c=333,
> then I can do 
> http://.../xxx.cgi?a=111=222=333
> 
> How do I send array data, like A[1]=111, A[2]=222, A[3]=333 to a CGI
> script?  I don't think I can do something like
> http://.../xxx.cgi?A[1]=111[2]=222[3]=333
> Or, can I?
> 
> I have seen a same variable repeated,
> http://.../xxx.cgi?A=111=222=333
> but that means the CGI script has to build the array.

If JSON is an option, it is pretty easy to do what you're after in
javascript. For example, I've been working on a project using
crypto.subtle in the browser. I generate a key and an IV with
javascript, and it is easy to represent the arrays of bytes like you've
specified.


For example: I have an IV Uint8Array(16) that looks like this:
Uint8Array(16) [ 147, 174, 163, 227, 241, 236, 204, 23, 159, 18, … ]

As a string it looks like what you'd expect - iv.toString() shows:
"147,174,163,227,241,236,204,23,159,18,218,74,177,105,214,153"


Now what you're after with mapping in JSON (I've inserted line breaks):
JSON.stringify(iv))
{"0":147,"1":174,"2":163,"3":227,"4":241,"5":236,
"6":204,"7":23,"8":159,"9":18,"10":218,
"11":74,"12":177,"13":105,"14":214,"15":153}


Alternatively, you can get an unkeyed array using Array.from() and
converting that to JSON:
JSON.stringify(Array.from(iv))
"[147,174,163,227,241,236,204,23,159,18,218,74,177,105,214,153]"

Any of that look useful?

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Crontab versioning

2018-05-04 Thread Jamon Camisso via talk

On 2018-05-03 10:44 AM, Alex Beamish via talk wrote:
> I'm developing scripts that get run by crontab, so I'm in there making
> updates fairly regularly. I would love to be able to document the changes,
> so I'm wondering if there a usual and customary technique to version
> crontabs?

What are you changing in crontabs so much that you need versioning?
Shouldn't all the logic be in your scripts? Maybe I'm missing something,
but it seems like needless complication to me.

> Ideally there would be some sort of hook around 'crontab -e', but failing
> that, I'd have the output of 'crontab -l' (run regularly by cron?) go to a
> versioned file. Plan B sounds a bit hokey to me.
If you do need to version things, you can just chuck a git repo under
/var/spool/cron/crontabs and ignore any files there you don't want tracked.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] New Desktop PC -- debian Linux - Proposed 2 TB HDD Partitioning;

2018-04-18 Thread Jamon Camisso via talk

On 2018-04-18 07:35 AM, Russell via talk wrote:
> 
> 
> On April 17, 2018 9:02:14 AM CDT, lsore...@csclub.uwaterloo.ca wrote:
>> On Tue, Apr 17, 2018 at 08:20:47AM -0400, Russell via talk wrote:
>>> Currently I have two versions of the same os on the same machine. One
>> on M.2 Xpoint nvram and one on a standard SSD. I'm playing around with
>> tweaking before I do a final config. So far the Xpoint direct hw access
>> appears 3x as fast as the SSD while real world throughput shows up
>> about twice as fast on the Xpoint, recent INTEL cache fencing
>> notwithstanding.
>>>
>>> dd if=/dev/zero bs=1M count=1024 | md5sum
>>> 1024+0 records in
>>> 1024+0 records out
>>> 1073741824 bytes (1.1 GB, 1.0 GiB) copied, 1.35008 s, 795 MB/s
>>> cd573cfaace07e7949bc0c46028904ff  -
>>>
>>> 795 is just under twice as fast as writing to the conventional SSD.
>>
>> That command didn't write anything to anywhere.
> 
> It wrote a bunch of zeros to a virtual file. Perhaps even touching a tmp file 
> along the way. Even if it didnt touch tmp, it wrote the zeros someplace in 
> order to perform the count.
> 
> I was just trying to comment on the speeds of the two installs relative to 
> the respective  disks the OS runs from. I'm sorry you didn't understand that. 
> Perhaps I should have said running the OS from the two different drives, 
> irrespective of all the other disk writes which may happen when the OS 
> operates normally when calling dd from a GUI.

Try bonnie++ a few times on each install. It is explicitly designed to
test drive performance.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] life expectancy of 32-bit x86 [was Re: Fedora Netinstall] [long]

2018-02-14 Thread Jamon Camisso via talk

On 2018-02-14 11:06 AM, Lennart Sorensen via talk wrote:
> If it was actually possible to buy arm servers I think at least some
> people would have (I know I would have in the past), but none of the
> systems announced could actually be bought unless you were google or
> facebook or something like that.

I think you can buy Cavium ThunderX systems if you get in touch with the
distributor in Canada. We have some of their systems in the US for arm64
build farm purposes.

But yes, the long promised ARM in the datacentre thing seems to remain
just that, a promise with no major channel resellers or anyone offering
much in terms of product.

HP tried high density ARM servers with its Moonshot blades, but it seems
like that effort died off in 2014 as soon as it started, and the whole
HP/HPE thing the next year probably didn't help.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Increasing interest in the Go language

2018-02-03 Thread Jamon Camisso via talk

On 2018-02-03 10:28 AM, David Mason via talk wrote:
> I'd also comment on Rust being an interesting competitor to Go.
> 
> Rust has better performance, complete statically determined safety
> (enforced by the type system), no garbage collection, minimal runtime, and
> an active group targeting WebAssembly (i.e. very high performance browser
> programs). It's what you should be programming in if you think you need C.
> 
> Go has a simpler type system and good-enough performance for many
> applications. It might be what you should be programming in if you need a
> higher-performance Python (but with a lot fewer libraries).
> 
> They both interop with C and C++; I think Rust has a richer set of
> libraries (crates they call them).

https://github.com/rust-unofficial/awesome-rust#cryptography is what
scared me off Rust when I was looking at it for a personal project to do
with TLS certificates a year or so ago. Specifically, the multitude of
crates for something that's so easy to get wrong made me wary.

Has the situation changed much in Rust crypto land?

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Increasing interest in the Go language

2018-02-02 Thread Jamon Camisso via talk

On 02/02/18 13:16, Myles Braithwaite  via talk wrote:
> On 2018-02-02 09:14, David Collier-Brown via talk wrote:
>> Later this month I'm joining a company that is fairly Go-intensive.
>> They originally prototyped in Perl, but over time needed more
>> performance but not to the level that would require assembler or even
>> C.
>>
>> What else have folks observed?
> 
> I've migrated a couple of personal and work stuff from Python 2 to Go in
> the last three months.
> 
> I've found that there is a larger third party library community now and
> the syntax isn't that foreign looking to me anymore, (see this Gist for
> an example,
> ).
> 
> Also that speed gain is hard to ignore.

You might like https://github.com/PuerkitoBio/goquery - makes it easy to
do the usual jquery type: thing.Find(".class").Each(func... processing.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Meltdown performance hit.

2018-01-11 Thread Jamon Camisso via talk

On 11/01/18 19:13, Alvin Starr via talk wrote:
> Its a paravirt VM.
> The steal time is much less than 1% bouncing between 0 and 0.2
> 
> Yes it is possible that other VM's are stealing resources leaving less
> compute power for my instance but I have had extremely stable cpu
> utilization going back something like 2 months.
> But the step is significant within a matter of a day it went from 2.5%
> utilization to 17.4% utilization in 2 steps.
> 
> My image is held up by the moderator so I posted here (
> https://owncloud.netvel.net/s/G3HGQUEb5saLBSn )if your interested.
> 
> The timing is suspect and I had another server that sees periodic work
> and it completely collapsed because of the change in performance at just
> the same time.
> 
> A bit of searching shows that others are complaining about the same
> problem.
> 

That does look like a substantial hit. What happens if you try the
workload on a new VM? Roll the dice until you get lucky maybe?
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Meltdown performance hit.

2018-01-11 Thread Jamon Camisso via talk

On 11/01/18 16:59, Alvin Starr via talk wrote:
> I cannot prove this yet but I believe there has been a big performance
> hit in the cloud providers.
> 
> I use amazon for a couple of lightly loaded servers
> 
> Attached is the traffic graph from the last 2 weeks.
> 
> Nothing has changed but for the reboot required by AWS as part of their
> patch roll out.
> 
> The reboot was at Tue Jan  2 09:02.
> 
> It may be just coincidence but the huge step-wise increase in base load
> is just crazy given nothing on my side changed but for the reboot.
> 
> So I take exception with Intel's comment that most folks will not notice
> the performance hit.

When you say server, is this a VM or bare metal? Is it dedicated or how
is it provisioned on AWS?

The reason I ask is that if it is a VM, it could very well be the case
that it was migrated to another host that may have higher resource
contention. For example, what does steal show up as when you watch in
top during the perceived slowdowns?

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Intel Meltdown Bug -- Conundrum For New Desktop PC Build Spec (to run debian Linux) -- Switch From Intel CPU To AMD CPU ??

2018-01-08 Thread Jamon Camisso via talk

On 2018-01-08 04:48 PM, Andrew Paolucci via talk wrote:
> Hi Steve,
> 
> I believe from what is bouncing around the internet the upcoming line of 
> Intel Processors this year will still have the physical bug and the software 
> patch is seen as the "fix" for the foreseeable future. I was hoping for a 
> refund/return program similar to the Pentium floating point bug. If you are 
> willing to keep supporting Intel after this snafu I don't see a point in 
> waiting unless it's for new tech, not secure tech. AMD is a solid option 
> moving forward though, no hidden network stack or Minx OS onboard.

Sadly, AMD also has a separate chip with its own OS, and it has a buffer
overflow flaw (that is supposed to be fixed soon with bios/uefi updates):

http://seclists.org/fulldisclosure/2018/Jan/12

More general write up here:
https://www.bleepingcomputer.com/news/security/security-flaw-in-amds-secure-chip-on-chip-processor-disclosed-online/
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] [browser bitching] Re: Programming languages (in comparison?) - -was Learn Swift for Apple/iOS. Learn ??? for Google/Android.

2017-12-15 Thread Jamon Camisso via talk

On 2017-12-15 11:46 AM, Myles Braithwaite  via talk wrote:
> Steve Petrie, P.Eng. via talk wrote:
>> Headless Chrome and the Puppeteer Library for Scraping and Testing the
>> Web   Wednesday 29 November
>> http://www.i-programmer.info/news/87/11344.html
> 
> Thought this was a interesting idea so I prototyped it in Jupyter:
> 
> 
> 
> My 2 cents worth of programming :-).

I haven't read the article yet, but I always see people resorting to
selenium, when other tools seem like they might have less overhead. Is
there any mention of phantomjs? http://phantomjs.org/

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Programming languages (in comparison?) - -was Learn Swift for Apple/iOS. Learn ??? for Google/Android.

2017-12-10 Thread Jamon Camisso via talk

On 2017-12-10 06:28 AM, o1bigtenor via talk wrote:
> So I know precious little about programming languages. I looked up 'Rust
> programming language'.
> 
> Wikipedia (which can often be useful if not always totally accurate)
> listed it as:
> 
>  " . . . a systems programming language sponsored by Mozilla Research,
> which describes it as a "safe, concurrent, practical language,"
> supporting functional and imperative-procedural paradigms. Rust is
> syntactically similar to C++, but its designers intend it to provide
> better memory safety while maintaining performance."
> 
> OK - - - sponsored by Mozilla (AIUI that sort means that its their baby)
> and its to '. . . provide better memory safety . . ." .
> Well given how Mozilla products work for me - - - they don't really know
> anything about how to use memory. The only way I can keep using FF is to
> kill it every couple three days and then restart it. Somehow that isn't
> my idea of memory usage done well so if that's Rust - - - well then
> that's a total non-starter for me!

I think you'll be surprised at how well the latest Firefox 57 performs.
It's their first release featuring core browser components written in Rust.

Fast and stable for me. Give it a try and see if your characterization
above still holds.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] IBM Mainframe and z/OS

2017-12-04 Thread Jamon Camisso via talk

On 2017-12-03 10:33 PM, R360 Design INC via talk wrote:
> Hello everyone,
> 
> Does anyone know how I could gain hands-on experience on an IBM mainframe?
> This is a career path Id like to pursue - i.e. Websphere zOS consultant or
> CICS. I am currently a UoT student and was wondering how people  gain
> experience

You may want to have a watch here (it does the rounds occasionally, I
might have seen it on this list a while back even?)

Title: Here's What Happens When an 18 Year Old Buys a Mainframe

https://www.youtube.com/watch?v=45X4VP8CGtk

Cheaper than a fruity modest spec'ed laptop.
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] SSD wear leveling [was Re: Build critique request and the story behind it.]

2017-11-20 Thread Jamon Camisso via talk

On 2017-11-20 03:44 PM, D. Hugh Redelmeier via talk wrote:
> True, but it is more complicated.
> 
> Underneath the facade of a normal HDD, an SSD does a bunch of tricky
> things.
> 
> Terminology (mine):
> 
> virtual block: what the disk host adapter and OS sees.  Just like a
> block on an HDD.
> 
> real block: a chunk of flash that can hold one virtual block
> 
> erase block: the smallest unit of flash that can be erased.
> 
> - an erase block contains a lot of real blocks.  Think roughly a
>   megabyte.  The collection of real blocks within it is fixed.
> 
> - only erased real blocks can be written to.  And only once before
>   they are erased again.
> 
> - real blocks can be in one of three states:
> 
>   + free (not representing any virtual block but not erased)
> 
>   + erased (not representing any virtual block, erased)
> Note: an erased real block is not an erase block (it will
> be inside an erase block).
> 
>   + in-use (representing a virtual block)
> 
> - in the real hardware, you can never update a block in place.  So
>   when a program writes to a virtual block, a real, erased block is
>   written and some book-keeping is done.
> 
>   If the write was to a virtual block that was represented by a real
>   block, that real block becomes free: there is no way for the
>   computer to reference it, so it need not be preserved.
> 
> - the SSD firmware keeps track of erased blocks.  When it
>   runs out, it does a garbage collect phase to find unused blocks.  If
>   it finds that a whole erase-block is full of free blocks, it will
>   erase that block and add it to the free pool.
> 
>   But that isn't normal.  Normally, an erase block is like swiss
>   cheese and the good stuff has to be moved to an erased block to allow
>   their former erase block to be erased.
> 
>   As you can see, a write to a block might precipitate as much as 1MiB
>   of actual writes.  That's called "write amplification" and it is
>   can wear out SSDs quite seriously.  And it will slow things down a
>   lot.
> 
> - how does the drive firmware learn that a physical block is free?
> 
>   + a block on an SSD is born free
> 
>   + a write to a virtual block will cause a write to a newly allocated
> physical block AND implicitly make the old physical block free (but
> not erased!)
> 
>   + deleting a file on an SSD causes its virtual blocks to be free,
> but the SSD firmware does not know that until a trim command
> tells it.
> 
> Consequences:
> 
> - having a lot of free physical blocks cuts down on write amplification
> 
> - the effect is non-linear
> 
> - to increase the number of free blocks
> 
>   + use trim
> * fstrim(8)
> * trimm option to mount
> 
>   + allocate less of the disk drive for OS use.
> But, if it isn't a new disk, you have to tell the SDD firmware
> that the free space is free.  I don't know how to do that.

One of the better write ups that I've seen about SSDs in general and and
over-provisioning specifically:

https://www.seagate.com/ca/en/tech-insights/ssd-over-provisioning-benefits-master-ti/

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

[GTALUG] Canonical looking for an SRE

2017-11-10 Thread Jamon Camisso via talk

We're looking for an SRE to fill an open position.

Work is home based and the team spans APAC, EMEA, and Americas.

https://ldd.tbe.taleo.net/ldd03/ats/careers/requisition.jsp?org=CANONICAL=1=1300

If you're interested give me a shout offlist and I'll see about making
sure the right people are involved in screening :)

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Migrating from MySQL to Postgres

2017-11-07 Thread Jamon Camisso via talk

On 2017-11-07 10:20 AM, Myles Braithwaite  via talk wrote:
> Anyone have some recent first hand experience migrating a MySQL database
> to Postgres and would like a coffee and cookies in exchange for your
> case study?
> 
> I'm working on a project that we are trying to get up and running on
> Postgres (as we plan on hosting it on Heroku's awesome Postgres
> instances) and have found that the existing migrate utilities (mysqldump
> --compatible=postgresql[0], pgloader[1], random sed files, etc) haven't
> produced the desire results.

I haven't done this recently (in the last 2 or so years, but...), any
time I have needed to do a conversion in the past, mysql2postgres[1] has
worked well.

https://github.com/maxlapshin/mysql2postgres
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] VMware ESXi Licensing and Quality

2017-10-16 Thread Jamon Camisso via talk

On 2017-10-16 02:49 PM, Alvin Starr via talk wrote:
> On 10/16/2017 02:37 PM, Lennart Sorensen via talk wrote:
>> On Fri, Oct 13, 2017 at 03:23:50PM -0400, Clifford Ilkay via talk wrote:
>>> ESXi 6.5 runs on a Linux kernel. I have no idea if they've modified the
>>> kernel and if they have, if they contribute their changes to upstream as
>>> they are required to do under the terms of the GPL.
>> Actually it does not.  It uses some linux device drivers, but not a
>> linux kernel.
>>
> That's kind of interesting.
> Usually device drivers are intimately tied to the OS's design.
> What OS are they using?

ESXi and Xen are 'type 1' hypervisors, in that they are their own
operating system. Guests sit directly on top. VMs need to be patched to
make use of the hypervisor's ability to use virtualization related CPU
instructions.

KVM, VirtualBox, and Hyper-V (I think) are considered type 2. They run a
normal OS, and then provide an emulation layer for guest VMs. You can
run normal processes on the host OS, because it is just running an extra
set of processes to provide virtualization to guests. The guests don't
need to be modified at all, which is why it is easy to run any OS on a
type 2 hypervisor.

You'll also see the term VMM used interchangeably with hypervisor.

How the type of VMM relates to device drivers and licensing, I really
can't say.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] FSOSS: last day for early-bird registration!

2017-10-04 Thread Jamon Camisso via talk

On 2017-10-03 10:12 PM, William Park via talk wrote:
> It's been going down hill for few years.  This year, I'll pass.

Why do you say that?

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Firefox memory usage (was GTALUG Meeting on Tuesday 10 October at 7:30pm)

2017-10-01 Thread Jamon Camisso via talk

On 2017-10-01 06:58 AM, o1bigtenor via talk wrote:
>> Resource usage in web browsers depend on a given web site. The greatest
>> example is The Verge[0] a technology blog that requires 274 HTTP
>> requests and 3.0 MB of data[1]. According to the Firefox extension Tab
>> Data[2] on first load that take ~30MB of RAM and comes down to ~17MB
>> after all the requests get processed. Interesting side note this
>> article[3] can use anywhere from 40MB to 100MB of RAM.
>>
>> Browser developers build better optimized browsers while web developers
>> make heavy web pages which use up all the resources (usually with ads).
>>
>> Extensions also take out a lot of memory as while, checkout about:memory.
>>
>> Though your question is warranted, it's not really appropriate as it
>> will result a bunch of questions from the speaker (i.e. what web sites
>> are you visiting, how many extensions are you using, what's your
>> internet connection, etc).
>>
> 
> OK - - - -what you're saying is that 'its the customers fault'. That I'm
> visiting
> websites that just use too many resources.
> 
> Except - - - I don't run flash (haven't for a number of years in fact) and
> the
> longevity of a browser is minimal. (Where I go is very much business
> related
> and my business stuff is mostly related to computer information relating to
> my
> business projects and business information - - often from governmental
> agencies
> and I don't think that they generally generate web pages like the one you
> referred
> to above.) By that I mean that after a few days the
> best way to get through put out of the miserable POS is to kill it and then
> restart. That process feels quite a bit like M$ where when the system gets
> 'used' something hangs and the best solution is to reinstall. As a logic
> system
> that is, to put it quite bluntly, unacceptable.

Give Firefox 57 (beta or nightly builds)[1] a shot. I've been running
nightly for a few months now with no issues. Just as stable as 52 and
older releases, but exponentially faster. I'm not the only one who
thinks so[2].

Cheers, Jamon

[1] https://www.mozilla.org/en-US/firefox/quantum/
[2]
https://techcrunch.com/2017/09/29/its-time-to-give-firefox-another-chance/
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Fw: surprise!

2017-04-09 Thread Jamon Camisso via talk

On 07/04/17 21:03, Mauro Souza via talk wrote:
> One of my hobbies is to download those sites with wget and a fake user
> agent string,  and analyze them. If they are phishing, I like to flood it
> with random fake logins and passwords.
> 
> I once got a keylogger sending the logs by FTP. I connected to it, deleted
> every log, and chmoded a-w the directory. The owner of the keylogger must
> have been surprised to see his logger didn't worked.

Or even more surprised that their wget honeypot worked and they got root
on your system :D

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] testing CURL without real server

2017-03-29 Thread Jamon Camisso via talk

On 29/03/17 00:45, William Park via talk wrote:
> Question for curl expert...
> 
> I want to see what curl sends out, because I want to know what a proper
> HTTP request looks like.  Manpage says -v or --trace.  OK.  But, curl
> requires a real URL to connect to.

https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html describes the
range of what an HTTP 1.1 request can look like. e.g. OPTIONS, POST,
request headers for specifying content types etc.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Hashbang syntax in bash script [was: Watching a network folder: is there a smart way of doing this?\

2017-03-02 Thread Jamon Camisso via talk

On 01/03/17 20:53, Scott Elcomb via talk wrote:
> On Wed, Mar 1, 2017 at 5:41 AM, William Park via talk  wrote:
>> If you know /bin/bash is the right location, then use /bin/bash.  If
>> not, let 'env' find it.
> 
> Basically this; I've been bitten a couple times with a missing
> /bin/bash (though never /bin/sh)
> 
> Picked the trick up a few years ago (not sure where) and never looked back.  
> :-)

Question: if /bin/bash doesn't exist, but it is defined via an env
variable, what kind of system sets things up such that /bin/bash doesn't
exist?

I use /usr/bin/env for most things, but not for bash. Just
curious/looking for a compelling reason to adopt it in future scripts.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Need help with DNS Nameservers

2016-11-03 Thread Jamon Camisso via talk

On 02/11/16 17:35, David Mason via talk wrote:
> I have a domain for my family email (and other things) mason-rose.ca

> So, first and foremost, I need DNS Servers that can host the DNS records.
> 
> Any insight/help appreciated.

I'd consider two options:

1. Do it yourself, which has minimal cost of using your DNS registrar's
nameservers, and wherever you run your SMTP server (free if you do it at
home), or cheap on the usual linode/digitalocean/vultr hosting options.

2. Use a dedicated service like fastmail. Wash your hands of dealing
with email forever.

I haven't used the latter, but anyone I know who does is unequivocally
positive about their service.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] restore GPT partition table?

2016-10-25 Thread Jamon Camisso via talk

On 25/10/16 22:06, Lennart Sorensen via talk wrote:
> 
> Luckily gpt has two copies.  One at the start of the disk and one at the end.
> 
> Any gpt compatible partition tool should actually offer to copy the
> backup from the end of the device.

> Found valid GPT with protective MBR; using GPT.
> Disk /dev/loop0: 204800 sectors, 100.0 MiB
> Logical sector size: 512 bytes
> Disk identifier (GUID): 5946A311-C895-4DAE-94CF-9C96EB8E14C1
> Partition table holds up to 128 entries
> First usable sector is 34, last usable sector is 204766
> Partitions will be aligned on 2048-sector boundaries
> Total free space is 2014 sectors (1007.0 KiB)
> 
> Number  Start (sector)End (sector)  Size   Code  Name
>12048  204766   99.0 MiB8300  Linux filesystem
> 
> 
> So seems simple enough to recover the partition table from the backup.

You've outdone yourself and all of us. I had no idea about that backup
GPT location. Maybe I should learn to appreciate GPT a little more?

TIL!

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Routing and/or Proxying

2016-09-05 Thread Jamon Camisso via talk


On 03/09/16 16:05, Giles Orr via talk wrote:

I'm running application servers that have to make queries to servers
behind a firewall.  The firewall (not in my control) has to be
configured to admit IP addresses.  Getting addresses added to the
firewall can be slow.  So it seems to me the best way to do this would
be to set up a couple of proxy servers with fixed/known IPs so that
the application servers (fluctuating headcount and IPs) could make
their requests through the proxy servers - which are known to the
firewall.


HAproxy is perfect for this. You can set ACLs on it to only allow 
traffic from the app servers (you'll still have to update the HAproxy 
ACLs, but you control that so it is quick and easy right?)


Then HAproxy just proxies to the server(s) behind the firewall. You can 
weight traffic to whichever you choose, or direct traffic to different 
backends depending on many different criteria.


You can have multiple HAproxies with DNS A records, or I've set it up 
with VRRP and made it failover when sharing a single IP.



This makes sense in my head so far.  But here's the problem: I'd like
to send all network traffic from the application servers through the
proxy servers, regardless of content, port, destination, anything.
But in saying that, it begins to sound more like "routing" than
"proxying", and enforcing this seems like it might be tricky on the
open internet.  And authentication of some sort would seem to be
needed to prevent bad actors using the proxy to access stuff behind
the firewall.


If it was just stuff like HTTP/HTTPS I'd suggest squid for this, but it 
sounds like you likely need something like what you've mentioned below.



A VPN is a possibility, but not one I'm enthusiastic about: I tackled
OpenVPN a few months back, and after a day and a half and very little
progress my brains started to slide out my ears.  But if that's what I
need to do, I'll get back on it.


OpenVPN isn't so bad once you have the CA set and you use easy-rsa to 
issue certs. Then you just set the VPN to the default route for your 
traffic, and enable forwarding on the proxy server (which also hosts 
your HAproxy)


You could also use IPSec for a quick and dirty VPN. If you weren't going 
over the open internet I'd suggest plain GRE, but it sounds like you 
need to encrypt the traffic before it reaches your egress.


Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] anyone running linux on a new dell xps 9550

2016-09-05 Thread Jamon Camisso via talk


On 22/08/16 20:11, Dave Cramer via talk wrote:

incredibly cheap powerful machine, a bit too new. Anyone here have any real
world experience?



I've used an XPS 9350 with Ubuntu 16.04 and it was superb[1]. Seriously 
great display on the 13", I'm sure the 15" is just as nice, especially 
with the 4K display. The NVMe storage option makes full disk encryption 
still perform faster than on regular SATA.


If you want a system with i7/16GB RAM, compare with the HP Spectre 360. 
At that spec level, I think the cost/performance ratio tips in favour of 
the HP units.


Last thing to note - if you're after battery life, get the 
non-touchscreen version.


Cheers, Jamon

[1] Ultimately, I sent it back. Mine had the infamous coil-whine issue, 
where I could hear anything CPU/GPU intensive causing the whine around 
6500kHz and 15kHz. It was too much for me, but no one else around could 
hear it. If you're interested in one, but worried this might be an issue 
for you, try http://onlinetonegenerator.com/ with sawtooth waveforms.

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Notebook Computer Recommendations

2016-07-06 Thread Jamon Camisso via talk

On 2016-07-05 23:22, CLIFFORD ILKAY via talk wrote:
> Hello All,
> 
> I am in the market for a laptop with the following specs.
> 
> Supports at least 32GB of RAM. 64GB would be better if the premium is
> not too high. If the memory is not maxed out, it should be a matter of
> adding more sticks rather than throwing away what it already has
> installed. (I intend to run a bunch of virtual machines on this machine.)
> 
> At least 1920x1080 display. 3k or 4k would be "nice to have" but not
> essential.
> 
> 13" to 15" display would be fine. A 17" machine had better be
> exceptional for me to consider having to lug something that big around.

> Any recommendations besides what I have mentioned?
> 

The System76 Serval matches those criteria pretty well, except for
weight (3.4 kilos!): https://system76.com/laptops/serval

Up to 64GB RAM
1920x1080 in 15" or 17"
i7 6700 or 6700k
Geforce 970M or 980M

It looks like a beast.

A friend has used their laptops and desktops for a few years now and I'm
pretty certain my next system will be from them. I've heard that their
warranty/support is exceptionally good in the event that you need it too.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] mysterious restarts

2016-06-22 Thread Jamon Camisso via talk

On 2016-06-22 17:46, D. Hugh Redelmeier via talk wrote:
> Remember, he truncated the values (grep does not round).
> 
> My best guess:  the average of the readings would be from a
> distribution centred on 59.996435 (0.005 larger than Lennart
> calculated).  It could be as low as 59.991435 or as high as 60.991434,
> assuming six digits of precision in the fraction.  I know nothing
> about accuracy of the device.
> 
> Summary: the 60Hz hypothesis is not excluded by the evidence.  Far
> from it.
> 
> P.S. "grep -c" eliminates the need for "wc -l".

and sort/uniq eliminate even more:

cat /tmp/MGC|sort -n |uniq -c
  16 FREQ value 59.95
  99 FREQ value 59.96
 282 FREQ value 59.97
 464 FREQ value 59.98
 459 FREQ value 59.99
 385 FREQ value 60.00
 302 FREQ value 60.01
 144 FREQ value 60.02
  68 FREQ value 60.03
   3 FREQ value 60.04
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] mysterious restarts

2016-06-21 Thread Jamon Camisso via talk

On 2016-06-20 17:15, Kevin Cozens via talk wrote:
> On 16-06-18 07:58 PM, Michael Galea via talk wrote:
>> You know of course that the grid frequency is only approximately 60.00
>> hz.
> 
> The short term accuracy of the grid frequency is poor. At any given
> moment in time will be close to 60Hz but may not be exactly 60Hz. On the
> other hand it has very good long term accuracy.

Someone shared this series of videos about emulating AC syncing between
generators a while back: https://www.youtube.com/watch?v=RT1ySBc-Bls

Having watched that particular video, and seeing how out of phase
appears as a load to the other system was one of those lightbulb moments
for me.

As someone who doesn't have any electrical knowledge beyond basic
circuitry, I found it worth watching the whole set of videos again.

Cheers, Jamon
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

81 matches

Mail list logo