[GTALUG] HowTo: mail with mutt, davmail, exchange, and XOAUTH2
Peter King and Dave Collier-Brown expressed interested in using mutt (or other IMAP client) with exchange, and I thought this might be of general interest. So a new thread. I've been using mutt and davmail to do Office365 (exchange style) mail for almost two years, and it has been working great for me. I archive my mail into mbox files on my local machine, but there should be nothing preventing saving to IMAP folders (other than more typing). I mentioned this in a list message in April last year I use this to access work M365 and Seneca College M365, which both require multi factor authentication. On my ubuntu desktop/laptop I install the packages davmail and openjfx, and my ~/.davmail.properties includes (among others) davmail.mode=O365Interactive davmail.url=https://outlook.office365.com/EWS/Exchange.asmx davmail.smtpPort=1025 at startup/login I run ( davmail -server > /dev/null 2>&1 & ) and my .muttrc has things like set imap_user="jsell...@example.com" set spoolfile=imap://localhost:1143/INBOX set smtp_url = "smtp://jsell...@example.com@localhost:1025/" set smtp_authenticators = "login" set ssl_force_tls = no Start up mutt, get prompted for password, get popup window asking for two factor (e.g. google authenticator, or duo push), comply, and there's my mail. And davmail is willing to cache credentials, so I don't always have to two factor. Note that this does not require IMAP access to M365 - it uses the "normal" exchange protocols, just like Outlook would. Feel free to let me know if you run into problems, and I'll try to help. Hope that's helpful! John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] lazy jail server admin forced to act
You may find that you need DKIM and DMARC as well. If you’re using postfix it’s fairly easy to hook opendkim in. My biggest hurdle was trying to find clear concise guides. John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Re-creating a Wordpress Installation
I always use the wp cli utility in cases like these, when I have command line access to the (current) web server. https://wp-cli.org/ https://developer.wordpress.org/cli/commands/search-replace/ e.g. wp search-replace 'http://expired.com/my_wordpress_site' \ 'https://www.mywordpresssite.com' --dry-run --skip-columns=guid review the output, then remove the --dry-run option to actually update the database. The fact that wordpress still saves the site URL all over the place in the database is more than a little ridiculous. Hope that helps! John On Wed, 2023/11/29 12:15:34PM -0500, Don Tai via talk wrote: | https://www.wpbeginner.com/wp-tutorials/how-to-change-your-wordpress-site-urls-step-by-step/ | | try this, options 2-4 should work | | On Wed, 29 Nov 2023 at 11:40, William Witteman via talk | wrote: | | > I am hoping to benefit from the experience of the group. | > | > I have to recreate a wordpress-based website for work, from partial | > information. | > | > I have a database dump, and the contents of the web root - which gives me | > hope that this is possible. | > | > What I don't have are any configuration files for the webserver, and this | > wordpress site used to live as a subfolder of another domain which has not | > been renewed - like http://expired.com/my_wordpress_site | > | > I also don't have the .htaccess file for the site. | > | > I put the files on my local Debian box, and re-created the database, but | > all the links on the site are broken, because they still try to resolve | > expired.com. I changed the siteurl in wordpress, but the problem | > persists, and I am at a loss. | > | > Anyone have any advice? --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] mbox vs Maildir [was Re: Linux friendly email providers?]
Ah - mbox format - still use it for my mail archives. Convenient for grepping or loading into vi. On Fri, 2023/11/24 01:20:20AM -0500, D. Hugh Redelmeier via talk wrote: | | From: Ron / BCLUG via talk | | | I've seen mbox files get corrupted (all mailbox | | messages in one file, and a line like "From: " is the message delimiter. | | Terrible!) | | I don't remember seeing that corruption in the last few decades of using | mbox. The horrors of in-band signalling are well known -- maybe the | software I use reflects that knowledge. I believe in an mbox file, the messages start with "From " (no colon), preceded by either the beginning of the file, or a newline. When the body of a message contains "From " the convention is that it must be replaced by ">From " when saving to the file i.e. add a > before the From. That's how message delimiter confusion is avoided. Geez, there is such much crap filling up my brain. Cheers. John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] brands matter; Lenovo's brands
On Tue, 2023/09/19 11:49:09AM -0400, James Knott via talk wrote: | > Possibly the biggest booster of Linux in DEC was Jon Hall | > https://en.wikipedia.org/wiki/Jon_Hall_(programmer) | | IIRC, the DEC Alpha was the first 64 bit CPU Linux was ported to. There was | an article about that (written by Jon Hall IIRC) in the Linux Journal. Jon "maddog" Hall is a good man, and he is still actively promoting Linux and open source. I think he was recently at Ohio Linuxfest, and I think is currently in Brazil, doing the same. John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] use Window to access SSH server with obsolete ciphers
You can often ssh from newer systems to older systems by telling ssh that it's allowed to use older options. For example, to connect from ubuntu 22 to centos 5, my .ssh/config file has Host centos5.example.com KexAlgorithms +diffie-hellman-group1-sha1 # ubuntu 22+ needs HostkeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa and I left myself a reference to: https://www.openssh.com/legacy.html Hope someone finds that helpful - cheers John On Fri, 2023/08/04 09:58:44AM -0400, D. Hugh Redelmeier via talk wrote: | Recent Fedora systems' SSH client won't access CentOS 6 servers. | | Unable to negotiate with x.y.z.w port 22: no matching host key type | found. Their offer: ssh-rsa,ssh-dss | | (One should not still be running CentOS 6!) | | All my workstations run recent Fedora systems. How could I access this | server? | | It turns out the Windows has an SSH client these days and it isn't as | picky about ciphers as Fedora. | | It could well be that other Linux distros support older ciphers too. | | This isn't generally a good thing: those ciphers were retired due to | security concerns. | --- | Post to this mailing list talk@gtalug.org | Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] war story: gtalug.org's filled up
davmail is your answer. I use it to access work M365 and Seneca College M365, which both require multi factor authentication. On my ubuntu desktop/laptop I install the packages davmail and openjfx, and my ~/.davmail.properties includes (among others) davmail.mode=O365Interactive davmail.url=https://outlook.office365.com/EWS/Exchange.asmx at startup/login I run ( davmail -server > /dev/null 2>&1 & ) and my .muttrc has things like set imap_user="jsell...@example.com" set spoolfile=imap://localhost:1143/INBOX set smtp_url = "smtp://jsell...@example.com@localhost:1025/" set smtp_authenticators = "login" set ssl_force_tls = no Start up mutt, get prompted for password, get popup window asking for two factor (e.g. google authenticator, or duo push), comply, and there's my mail. And davmail is willing to cache credentials, so I don't always have to two factor. Note that this does not require IMAP access to M365 - it uses the "normal" exchange protocols, just like Outlook would. Feel free to let me know if you run into problems, and I'll try to help. Hope that's helpful! John On Thu, 2023/04/06 10:51:34AM -0400, Peter King via talk wrote: | I desperately miss mutt. But the University of Toronto, in its | administrative wisdom, moved us all to Microsoft365 which insists on token | security of a kind mutt doesn't implement. If I ever leave or find a way to | implement it, I'm back to using mutt like a shot. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] war story: gtalug.org's filled up
Antony mentioned missing reading mail with mutt. I’m still using mutt, and it works really well for me. It automatically formats HTML only messages (using the elinks command), can throw HTML at my browser when I ask, handles O365 multi-factor authentication, interprets calendar messages and so on. I can pipe messages into my folder filing command, filter and save bulk mail by rules, and various other things. I will admit it took a fair amount of setup over the years, and surely isn’t for everyone. But I find it makes my e-mail life easier in a number of ways. And I rarely have to click a mouse button. Cheers John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] war story: gtalug.org's filled up
Way back in October 2000, on the SAGE members mailing list, well-known expert Tom Limoncelli said: "It isn't a service if it isn't monitored. If there is no monitoring then you're just running software." --- Tom Limoncelli On Wed, 2023/04/05 02:34:15PM -0500, o1bigtenor via talk wrote: | Quite a number of years ago a now deceased mentor advised that a great way | to reduce the problem caused by a runaway var file was to use separate | /var and /usr partitions (from / and /home). I would argue that these days, in most cases, that is no longer a good configuration. Sure, /var filling up won't prevent you from manipulating files in /home. But if /var or / or /tmp is full, you've got a problem. And with multiple partitions, you need to have multiple chunks of free space. And you have to have a good idea up front of what your space requirements are. And yes, with LVM you can often extend a partition. But multiple partitions just mean more problems to worry about. Better you just alert once your disk gets 80% (or whatever) full. My two cents - cheers. John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
[GTALUG] recruiting: junior/intermediate system administrator
Hope this is okie dokie to mention. We're recruiting an all-rounderjunior/intermediate system administrator. Remote likely most of the time, but would need to be able to get to the office in Newmarket about once a week and to the colo in Scarborough when necessary (not very often). https://www.aecdaily.com/careers/#sysadmin Happy to elaborate if anyone is curious. Thanks - cheers John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Old DOS NFS client won't talk to Linux NFS server
I was all set to say "well, obviously", but ... On my ubuntu desktop, nfs(5) tells me that mount.nfs(8) will take an nfsvers=2 option. I wonder if your desktop did the mount with the default version 4? Did you try forcing a mount from your desktop with nfsvers=2? My man pages seemed to suggest that mountd was only needed for NFS 2 and 3 - could there be firewall settings on your embedded NFS server blocking some traffic from the DOS client? The PROGRAM_NOT_AVAILABLE makes me wonder if the portmapper lookup by the DOS client didn't find what it wanted, or was blocked? It looks like your server is listening both tcp and udp which is likely good. Hope that's helpful ... John On Tue, 2022/06/28 04:11:57PM -0400, Kevin Cozens via talk wrote: | Greetings, all. | | I'm wondering if someone may have some insight in to an NFS related problem. | | I have an embedded system running Linux. I set it as an NFS server. I have | been able to have the server mount its own share and I have also been able | to mount the share on my desktop. That tells me the NFS configuration is | fundamentally working. | | The problem is when I try to mount the from an old industrial system running | Hummingbird NFS Maestro DOS based software from 1997. That system is able to | ping the server so I know it has a network connection. However, when the | "nfs link Z: \\192.168.100.110\/share" command is issue I just get the | message on the server saying "No response from server". | | The Linux NFS server is supposed to support NFS v2 through v4. The old | system is probably v3 at best and the logs only seem to indicate v2. I | haven't figured out how to disable v4 support on the NFS server. I used | tshark to capture the NFS traffic. | | When the "exports" command was issued on the old machine: | | 909 873.726802357 192.168.100.101 → 192.168.100.110 Portmap 98 V2 GETPORT | Call MOUNT(15) V:1 UDP | 910 873.727576161 192.168.100.110 → 192.168.100.101 Portmap 70 V2 GETPORT | Reply (Call In 909) Port:53625 | 911 873.728326009 192.168.100.101 → 192.168.100.110 MOUNT 110 V1 EXPORT Call | 912 873.731315731 192.168.100.110 → 192.168.100.101 MOUNT 142 V1 EXPORT | Reply (Call In 911) | | | When the "nfs link" command was issued on the old machine: | | 915 929.199301001 192.168.100.101 → 192.168.100.110 Portmap 98 V2 GETPORT | Call HCLNFSD(788585389) V:1 UDP | 916 929.13392 192.168.100.110 → 192.168.100.101 Portmap 70 V2 GETPORT | Reply (Call In 915) PROGRAM_NOT_AVAILABLE | 917 929.200757113 192.168.100.101 → 192.168.100.110 Portmap 98 [RPC | retransmission of #915]V2 GETPORT Call (Reply In 916) HCLNFSD(788585389) V:1 | UDP | 918 929.201092226 192.168.100.110 → 192.168.100.101 Portmap 70 [RPC | duplicate of #916]V2 GETPORT Reply (Call In 915) PROGRAM_NOT_AVAILABLE | 919 929.201744034 192.168.100.101 → 192.168.100.110 Portmap 98 [RPC | retransmission of #915]V2 GETPORT Call (Reply In 916) PCNFSD(150001) V:2 UDP | | | The output from rpcinfo is: | | $ rpcinfo -p |program vers proto port service | 104 tcp111 portmapper | 103 tcp111 portmapper | 102 tcp111 portmapper | 104 udp111 portmapper | 103 udp111 portmapper | 102 udp111 portmapper | 1000241 udp 57318 status | 1000241 tcp 46225 status | 151 udp 53625 mountd | 151 tcp 40199 mountd | 152 udp 53980 mountd | 152 tcp 53443 mountd | 153 udp 50848 mountd | 153 tcp 49067 mountd | 132 tcp 2049 nfs | 133 tcp 2049 nfs | 134 tcp 2049 nfs | 1002272 tcp 2049 | 1002273 tcp 2049 | 132 udp 2049 nfs | 133 udp 2049 nfs | 1002272 udp 2049 | 1002273 udp 2049 | 1000211 udp 42943 nlockmgr | 1000213 udp 42943 nlockmgr | 1000214 udp 42943 nlockmgr | 1000211 tcp 44539 nlockmgr | 1000213 tcp 44539 nlockmgr | 1000214 tcp 44539 nlockmgr | | | Is the DOS based NFS client compatible with current day Linux NFS server? | Any idea why I see messages saying PROGRAM_NOT_AVAILABLE? | If something is supposedly missing, what program is it looking for? It would | have been a lot more helpful if whatever program is reporting a "missing | program" said what program it couldn't find, or couldn't talk to. | | -- | Cheers! | | Kevin. | | http://www.ve3syb.ca/ | "Nerds make the shiny things that | https://www.patreon.com/KevinCozens | distract the mouth-breathers, and | | that's why we're powerful" | Owner of Elecraft K2 #2172 | | #include | --Chris Hardwick | --- | Post to this mailing list talk@gtalug.org | Unsubscribe from this mailing list
Re: [GTALUG] Making RPM from directory tree?
I've long found that making linux packages seems to be more complicated than I might have hoped. To build RPMs, you typically use rpmbuild(8) which uses a set pf diretories (SOURCES, SPECS, BUILDROOT, RPMS, ...) to build rpms. But you might have a look at "fpm" - the "effing" package manager. https://github.com/jordansissel/fpm https://www.digitalocean.com/community/tutorials/how-to-use-fpm-to-easily-create-packages-in-multiple-formats I find creating RPM repositories relatively simple - createrepo(8) (or possibly createrepo_c(8)) feel straightforward to me. GPG package signing is not too hard. I find deb/apt repositories to be more involved. Hope that helps! John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] U of T alumni mail + Thunderbird
I only just discovered "davmail" which can be helpful in situations like this. davmail is a server/gateway that you run on your local machine that knows how to talk to Exchange or Office 365 mail servers, and which provides local ports for IMAP, POP, and SMTP. And, it knows how to handle interactive two-factor authentication. So you can use any IMAP mail client (thunderbird, mutt, whatever) however you wish. My use case is that I like using the mutt mail client, which talks IMAP, but does not know how to talk to Exchange. So, I run davmail, set davmail to use "O365Interactive" authentication, and tell mutt to connect to imap://localhost:1143/INBOX and tell it my email address. Mutt prompts me for my password, then davmail pops up a microsoft style two factor authentication window, I put in my authenticator code, and read and reply to mail, save locally, do whatever. And davmail will cache an oauth (or other?) token, so I don't have to deal with multi-factor authentication every time. I use this to connect to the O365 email service for an Ontario educational institution that does not provide IMAP access and which requires multi-factor authentication. So far, so good. Hope this is useful. John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Can anyone recommend a source for Laptop batteries..
We have bought replacement ThinkPad batteries and A/C adapters from https://www.battdepot.com/ca/ and had good experiences - batteries worked, prices and shipping were fair. Hope that helps - cheers John On Fri, 2022/02/04 05:12:48PM -0500, Michael Galea via talk wrote: | I'm looking for recommendations on replacing my T420's battery pack. Either | a store, source, particular manufacturer or any experiences | would be welcome. | -- | Thanks | Michael Galea --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Command doesn't work in script but works on command line?
On Sat, 2021/11/06 01:32:13PM -0400, Kevin Cozens via talk wrote: | Modify the script to capture all output from the command as it may help you | determine what may be going wrong when you run the command in a script. | (e.g. >& messages.txt) I'll echo Kevin's suggestion, and mention that potentially the output of "printenv" might be informative, and I think you can capture everything from a script by using (after the #! line) exec >/tmp/output 2>&1 which I think sends all output of all following commands to /tmp/output. I also try to check the result of commands in scripts and complain e.g. alsa_out args ... \ || echo 1>&2 "oh not alsa_out failed" or alsa_out args ... ret=$? if [ $ret -ne 0 ]; then echo 1>&2 "alsa_out failed with $ret" Hope that helps John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Command doesn't work in script but works on command line?
Jim - I may have missed it, but I think you said only that it "doesn't work" but didn't elaborate. Does running the script result in any error messages? Or does it appear to work but not have the desired effect? Is your script file executable? i.e. are the x permission bits set in the output of "ls -l filename"? Could it be that you're expecting your script to be in your PATH, and it isn't e.g. if you run prompt% scriptname does it say command not found? Do you need to run it with ./scriptname? You mentioned that you want it to be clickable. I'm relatively unfamiliar with alsa, but is it possible it needs something from the environment that isn't available when clicked? It's likely something relatively simple, but more details would likely help narrow it doen. Hope that helps John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] War Story: debugging remote port access
Thanks for the port war story. I've learned that something like netstat -na | grep -w LISTEN often helps me discover/confirm port problems. And having a telnet client (or nc) on another machine, often provides much more specific answers than a web browser or an application client (which often say "something went wrong" with no further details). Cheers John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] DRAM Issues
If it's old, I might guess that replacement memory is cheap on ebay. If I were you, I would try running memtest86 and see what it says. Assuming you're ok to shut the machine down for a while. Depending on configuration, you might be able to upgrade memory (and performance) for a very low price, while replacing your failing RAM. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] information storage ideas
On Wed, 2020/12/09 06:58:14AM -0600, o1bigtenor via talk wrote: | I want to thank both of you for your ideas. It seems something like one | of these could work but I'm not sure about the connecting files back into | either of these. At least I can't see an easy way of doing such. In dokuwiki, as in almost all wikis, you can easily link to any URL. Or, you can easily upload copies of media (images, documents, etc) and refer to them from any page. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] SSL Certs for both web and email servers
And the other thing to remember: when the certificate renews, restart/reload your services, to use the new certificate(s). I use puppet to pass certificates around, and trigger an apache reload when needed, similarly with dovecot and postfix for mail. John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] SSL Certs for both web and email servers
On Tue, 2020/12/01 08:16:49AM +0200, ac via talk wrote: | > I have three domains and a small but invariant number of subdomains | > that I want to encrypt - should I try to pull them all under one SSL | > cert, or do one for each domain, or one for every subdomain? I don't | > need a wildcard, but I would like something relatively painless if | > possible. | | yes, in your case, and for painless and easy, just use the domain name | and one cert. so, instead of mail.example.com and www.example.com | - just use example.com. I think that might cause client complaints in some cases. I think letsencrypt now provides wildcard certifications, but you can use mutliple -d options when creating or updating a certificate e.g. certbot certonly \ --non-interactive \ --expand \ --webroot \ -w /var/www/html/letsencrypt \ --cert-name www.example.com \ -d example.com \ -d mail.example.com \ -d blog.example.com And then the one certificate is valid for all those names. Hope that helps - letsencrypt is really remarkably convenient. John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Group knowledge base
On Thu, 2020/10/29 10:17:23PM -0400, William Park via talk wrote: | How do you or your company maintain group "knowledge base"? I guess, | wiki for internal stuffs. We use a wiki for internal stuffs. Have done so across multiple companies for quite a while. I would go mad trying to maintain documentation in word/excel. How do you search across all your files? Across platforms? At my current place, we use dokuwiki, which I find to be a nice combination of features, without a lot of overhead (PHP, files). I even script some reports that insert pages into the wiki nightly. Previously I've used xwiki (java) which was nice, but as it's java, there's a running (sleeping) process all the time. People who wish to spend money (from small to large) like confluence. Confluence is very nice, but it helps if you're already hooked into the Atlassian ecosystem. There are a bunch of alternatives of course, but those are ones that I've found to be good alternatives when I've been looking. Hope that helps, but seriously, set up a wiki. Cheers John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] for multi-hop ssh/scp: option "ProxyJump"
On Sat, 2020/08/29 09:20:35PM -0400, William Park via talk wrote: | We had to do it manually, one jump at a time, making note (on | paper) where we were each jump. :-) There's a reason why my shell prompt includes the fully-qualified hostname. (And userid, if it's not my normal one.) I've seen people colour code their xterms by hostname as well. If you're "clever", you can probably change your xterm title string as you go, so you window title could end up with a label like: jumphost1 -> nexthop -> 3rdhop -> dbserver (e.g. xtitle from http://www.shelldorado.com/scripts/cmds/xtitle ) John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Bash does-directory-exist question
On Fri, 2020/07/10 09:38:48AM -0400, Giles Orr via talk wrote: | This gives immediate visual feedback on the write-status of the | current directory. But test's '-w' and '-d' both claim that you're | still in a valid directory under the above circumstances. Does anyone | know of a simple way to find out if the directory you're currently in | actually exists? The directory "." will still exist while you have it open (your current directory), but will be unreachable, as you observed with stat(1) and the number of links. Would checking for "test -d $PWD" work? I think $PWD is the full path and so if it's no longer reachable, the test should fail? Hope that helps John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Continuing Printer Woes
I think "falsisign" looks like fun: FalsiScan: Make it look like a PDF has been hand signed and scanned https://gitlab.com/edouardklein/falsisign You scan and save a bunch of signatures. Then the code modifies the original PDF to look scanned and puts a random signature where you say to put it. John On Wed, 2020/06/03 03:04:14PM -0400, Scott Allen via talk wrote: | "sign it --> scan it back in" steps | | I use a Wacom tablet to do the signing. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] On the subject of backups.
On Wed, 2020/05/06 10:38:29AM -0400, Howard Gibson via talk wrote: | > ZFS is another option. And it handles delta-backups very easily. | |How do you recover stuff from delta backups? You have to figure which backup the file or directory is in, right? Remember that snapshots, like RAID, are not actually backups, unless they are on a different machine, in a different place. ZFS makes it easy: You can browse through snapshots for /mypool/myfs by looking in /mypool/myfs/.zfs/snapshot and if your ZFS snapshots are named using dates, easy peasy to choose when. You can also brute force and find /mypool/myfs/.zfs/snapshot -name 'myfile.tex' -ls and find what's there. You can use "zfs rollback" to revert to a snapshot. You can use "zfs send ... | zfs recv ..." to copy a specific snapshot (or group of snapshots) to another pool, system, etc. And of course, when you create a snapshot, you could create your own index listing of what's there for easy grepping. ZFS is great. You can still (and likely should) continue to backup to Blu-ray, but ZFS will make sure your files don't rot in place unnoticed. Hope that helps, cheers John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] On the subject of backups.
On Mon, 2020/05/04 12:03:19PM -0400, Alvin Starr wrote: | The client really only wants to use Centos/RHEL and ZFS is not part of that | mix at the moment. Well, one could argue that zfs on centos is fairly well supported ... | The data is actually sitting on a replicated Gluster cluster so trying to | replace that with an HA NAS would start to get expensive if it were a | commercial product. Of course "expensive" depends on the client. An HA truenas that size, all flash is (I believe likely well) under $15K USD. Ah - you didn't mention Gluster. In theory, Gluster has geographic replication. And if your bricks are on LVM storage, you can use gluster snapshots as well: https://docs.gluster.org/en/latest/Administrator%20Guide/Managing%20Snapshots/ to guard against accidental removals, etc. (I've not used either, and my glusters are quite old versions at the present time.) Depending on how it's all configured, you may get better performance backing up the bricks, rather than backing up gluster itself. I have a two-node gluster, mirrored, so I can backup the bricks on one of the servers and get everything. Obviously that's a very simple "cluster". Traditionally, gluster filesystem performance with large numbers of small files in a directory is horrible/pathetic. If you're backing up the gluster filesystem, you would almost certainly get better performance if your file structure is deeper and narrower, if that's possible. Cheers John --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] On the subject of backups.
I bet no one would want this advice, but it seems to me that the implementation needs to change i.e. that one big (possibly shallow) filesystem on xfs is unworkable. The best answer of course depends on the value of the data. One obvious approach is to use a filesystem/NAS with off-site replication. Typically a commerical product. At relatively modest cost, I like the truenas systems from ixsystems.com. ZFS based, HA versions available, replication can be done. The HA versions are two servers in one chassis, with dual-ported SAS disks. For do-it-yourselfers, I like using ZFS and ZFS replication of snapshots. For example, I do much (much) smaller offsites from my home to work using ZFS and zfs-replicate. You can also do freenas (non-commercial truenas) but without the HA hardware and code. Hope that helps - cheers John On Mon, 2020/05/04 09:55:51AM -0400, Alvin Starr via talk wrote: | The actual data-size for 100M files is on the order of 15TB so there is a | lot of data to backup but the data only increases on the order of tens to | hundreds of MB a day. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Adding all users to the "disk" group: bad idea, or terrible idea?
The developer seems to be insisting on an answer, rather than a need. The need is to allow easy writing when appropriate. Consider a wrapper script that uses sudo to call the actual command. And then set sudoers(5) to allow appropriate people to run the command as root without a password. That means that it's easy for the user, and access to the disk devices is only provided through the (presumably) tested and well-functioning command. Remember: you can solve any problem in computer science with another level of indirection. I suspect that there's a way via udev or dbus to accomplish the appropriate thing. But I'm not smart enough for that. Hope that helps! John On Mon, 2020/02/17 04:28:52PM -0500, Stewart C. Russell via talk wrote: | So I'm working with a developer making a simple cross-platform graphical | program to write Raspberry Pi OS images to SD card. This is meant for | beginners to use. The developer is adamant that their program doesn't need | to run under 'sudo' but that every user should be added to the disk group | instead. | | This means that every user can write directly to system disk devices at any | time. The Debian-based systems I use don't add regular users to "disk". Is | it reasonable/common for regular users to be set up this way? | | cheers | | Stewart $(export HAVE_ACCIDENTALLY_OVERWRITTEN_ROOT=1) Russell | | | | --- | Post to this mailing list talk@gtalug.org | Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] server question
You want a server name (FQDN) that works internally, but not externally. Just stick it in DNS. Generally you likely have DNS configured somewhere for some domain. You can add an A record with machine1's internal address e.g. intservice.mydomain.com IN A 192.168.10.101 Even if you stick that in public DNS, there's no access through your firewall from outside to inside, so often not a big deal. (It would potentially leak information about your name intserver.mydomain.com.) You likely have a firewall/router at the edge of your internal network. Many firewalls provide DNS service e.g. pfsense provides a DNS resolver and you can add entries there that are only visible internally, even if most of your DNS is external. See also the dnsmasq server. You may have internal DNS servers running internally - you can add records there. Don't want to use your public domain name? Buy another domain, and use it only internally - set up DNS the same way. You can even just make up a domain, but that means that you run the risk of not being able to get to legit external servers, if someone else uses that domain. And it means you won't be able to get real SSL certificates. Or use a subdomain of your domain (e.g. internal.mydomain.com). Last few places I've been, we've purchased a separate domain just for internal use. We exposed a little bit of it in public DNS (e.g. a wildcard for *.myinternal.com) so that we can get letsencrypt SSL certificates for use on internal only machines. Note that some firewalls try to protect against DNS rebinding attacks, and won't give you an internal address from a public DNS server. You can usually whitelist specific domains. e.g. I have intwww.syonex.com as an A record in public DNS to 192.168.1.2 and I tell my pfsense firewall to trust syonex.com's DNS and give me that address internally. Remember - DNS is your friend. Tools like dnsmasq let you do weird but useful things with DNS. Hope that helps! John On Tue, 2020/01/21 10:03:53PM -0600, o1bigtenor via talk wrote: | I wasn't thinking of IP addresses - - - rather I was thinking of something | like example.com but not that. Trying to come up with something so | that if machine 1 has the server program that machine 2 can access | machine1 just by using machine1 in the browser. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] anyone here build pro computer workstations?
On Tue, 2019/09/17 05:48:31PM -0400, Karen Lewellen via talk wrote: | Given mac pros the desk top units are rather new creations, Mac Pros have been avilable Since 2006, so not that new. You may be thinking of the Mac Pro cylindrical style, since 2013. https://en.wikipedia.org/wiki/Mac_Pro --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Sudo in Script
On Sun, 2019/09/15 12:01:28PM -0400, Stephen via talk wrote: | I restart Apache in a script file that requires a Sudo command. That | requires a password. Look up the "NOPASSWD" tag in the sudoers(5) man page. You could set one or more users or groups to be able to run apachectl graceful (or any other command) without requiring a password. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] of routers and access points
I have a Netgate SG-1000 running pfsense inside my bridge-mode Rogers modem, which has been replaced by the slightly bigger SG-1100 ($159 USD). In the furnace room, and then some cat5 heads off to more convenient spots for access points, etc. I like separate access points, which are sometimes harder to find than all-in-ones (but you can usually turn off routing on those). PoE is convenient, but adds expense. I trust you know about PoE injectors? I like Ubiquiti, but sometimes they're happier if you buy into their ecosystem. But do you know about Ubiquiti's home systems? https://amplifi.com/ Not the cheapest alternative, but almost plug and play (in the good sense). Hope that helps - cheers! John On Thu, 2019/04/25 01:27:02PM -0400, David Mason via talk wrote: | This (letting the router do all the work) is a possibility, but the router is very far from all the other connections, so at the moment I have a long RJ45 cable to the router. So I’d have to run another long cable back to the switch where everything else is plugged in. | | Part of my question was whether anyone else is using POE access points, and whether it’s worth doing as right now I have an extension cord running to the router. If so I’d need a router that supported POE, so I mentioned the Ubiquiti EdgeRouter as such a (non-WiFi) router. | --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] optimum swap size
Note that if you mmap() a file, it has no direct impact on swap usage. (Because the actual file is effectively the backing store.) This might be a helpful read: https://stackoverflow.com/questions/43541420/when-and-how-is-mmaped-memory-swapped-in-and-out Hope that helps! John On Wed, 2019/02/27 11:47:59AM -0500, Gary via talk wrote: | Thank you. My intent (haven't done it yet) is to use mmap() in c++ for a | very large file (2 gigs). I suspect that the virtual memory technology in | x86 would simply page in/out file data to/from ram using the least recently | used algorithm. Would the swap partition size be material here or am I | worrying unnecessarily. | /gary --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
[GTALUG] seeking web developer, project lead
Hi - hope no one minds a job posting - apologies if so. We're looking for a web developer/project lead to join our small team for a new project. We're based in Newmarket, and meet in person once a week. Full-time, permanent, likely looking for intermediate/senior, but we're flexible for the right candidate. Likely PHP front end, MySQL, some middle layer, using current practices. Job posting is here, and I'm happy to answer any questions: https://www.aecdaily.com/careers/ Thanks - cheers John jsell...@syonex.com --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Practical Use of GRUB's DSL: With the examples inexplicably left out of the GRUB documentation
I'm a big LaTeX fan for more than a short while. Lately for multi-destination documents I've found that asciidoc has worked well as a source for some documents. I convert asciidoc to docbook, then to pdf, HTML, etc., most via LaTeX. On Tue, 2018/10/16 11:11:32AM -0400, David Mason via talk wrote: | I use LaTeX for everything - most particularly for papers and lecture slides. I haven’t used it in a while, but HeVeA (http://hevea.inria.fr/) is the best way to convert LaTeX to HTML. When I last used it, it was quite effective. And it is quite focussed on including code in documents. | | ../Dave --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] suggestion: naming temp files
| > Many people use tmp, tmp2, tmp3 as names. I find those visually too like | > real filenames and longer to type than I want. The names I use are 0, 1, | > 2, 3. They are short, distinctive, and unreasonable as permanent | > filenames. | | Why not use mktemp? "man mktemp" for information about templates, suffixes etc. Or in your .cshrc or .bashrc something like mkdir -m 700 -p /tmp/me tmp="/tmp/me" export TMPDIR=/tmp/me I'm far too lazy to want to have to remember to clean up after myself. John --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Getting external IP
On Sat, 2018/01/27 04:45:55PM -0500, William Park via talkwrote: | On Sat, Jan 27, 2018 at 03:03:56PM -0500, Don Tai wrote: | > dig +short myip.opendns.com @resolver1.opendns.com | | This I like, even though it only applies for OpenDNS. I think it's general purpose - I believe it replies with your source address - no previous record in opendns needed. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] python sweetness — The mysterious case of the Linux Page Table
One could assert that the days of time sharing systems are largely over, at least on production systems that people care about. And I think it's fair to say that it has been good practice for quite some time to not allow random binaries to run on systems you care about. I have no idea whether hypervisors (like xen or esxi) are vulnerable. But the same guidelines can be applied to VMs running on hypervisors. I wonder how exploitable this problem really is? Cheers, happy new year John On Wed, 2018/01/03 10:56:30PM -0500, Dhaval Giani via talkwrote: | https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html | gives the gory details | | At this point, I cannot stress on how important it is to update your | systems as soon as your distribution ships them. I am hoping this | remains to be a once in a lifetime event. | | Dhaval | --- | Talk Mailing List | talk@gtalug.org | https://gtalug.org/mailman/listinfo/talk --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] Flatpak: Anyone with Experience or Opinions on It?
Those are not problems which are specific to linking to/using particular versions of libraries. How do you ensure that security updates of commands and configuration files happen? It's not a new or different problem. One can choose to use the default version, which by implication will be the latest and greatest version that is installed on the machine. And your program/package will get updates as they are installed. If you use a particular version of the library: - a local admin can choose to accept the risk - a package maintainer can label the package risky, and/or delete/disable/deprecate the package - a program maintainer can update the code to use the new version One can't abdicate responsibilty for security by assuming that your binary will run with a secure version of a library. Cheers John On Fri, 2017/11/03 01:09:47PM -0400, Dhaval Gianiwrote: | How do you ensure security updates happen everywhere, or that you are | not linking to an insecure version? What about old software which is | no longer maintained? Also work is not duplicated? | | Dhaval --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Re: [GTALUG] little PCs for internet gateways
On Tue, 2016/10/25 05:47:02PM -0400, D. Hugh Redelmeier via talkwrote: | By gateway, I mean router/firewall/whatever box that sits between your | LAN and the internet. | I've chosen to use two different Zotac Zbox tiny PCs. | - the CI321 is a fanless box with two ethernet ports (two is the | minimum for a pleasant router). | - the RI323 has a fan and two ethernet ports. It is more | fully-featured and I got it cheap. It even has two 2.5" drive bays. Thanks for the pointer - those are interesting. You might want to look at the pfsense/netgate boxes e.g. the "SG-1000 microFirewall Security Appliance" for $149USD http://store.netgate.com/SG-1000.aspx And of course I might recommend pfsense on the Zotec boxes. Hope that's helpful to someone - cheers! John --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk