[GTALUG] HowTo: mail with mutt, davmail, exchange, and XOAUTH2

2024-01-22 Thread John Sellens via talk 
Peter King and Dave Collier-Brown expressed interested in using
mutt (or other IMAP client) with exchange, and I thought this
might be of general interest.  So a new thread.

I've been using mutt and davmail to do Office365 (exchange style)
mail for almost two years, and it has been working great for me.
I archive my mail into mbox files on my local machine, but there
should be nothing preventing saving to IMAP folders (other than
more typing).

I mentioned this in a list message in April last year

I use this to access work M365 and Seneca College M365, which both require
multi factor authentication.

On my ubuntu desktop/laptop I install the packages davmail and openjfx,
and my ~/.davmail.properties includes (among others)
davmail.mode=O365Interactive
davmail.url=https://outlook.office365.com/EWS/Exchange.asmx
davmail.smtpPort=1025


at startup/login I run
( davmail -server > /dev/null 2>&1 & )

and my .muttrc has things like
set imap_user="jsell...@example.com"
set spoolfile=imap://localhost:1143/INBOX
set smtp_url = "smtp://jsell...@example.com@localhost:1025/"
set smtp_authenticators = "login"
set ssl_force_tls = no

Start up mutt, get prompted for password, get popup window asking
for two factor (e.g. google authenticator, or duo push), comply,
and there's my mail.  And davmail is willing to cache credentials,
so I don't always have to two factor.

Note that this does not require IMAP access to M365 - it uses the
"normal" exchange protocols, just like Outlook would.

Feel free to let me know if you run into problems, and I'll try to help.

Hope that's helpful!

John

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] lazy jail server admin forced to act

2024-01-07 Thread John Sellens via talk 
You may find that you need DKIM and DMARC as well. If you’re using postfix it’s 
fairly easy to hook opendkim in. 

My biggest hurdle was trying to find clear concise guides. 

John


---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Re-creating a Wordpress Installation

2023-11-29 Thread John Sellens via talk 
I always use the wp cli utility in cases like these, when I have
command line access to the (current) web server.

https://wp-cli.org/

https://developer.wordpress.org/cli/commands/search-replace/

e.g.

wp search-replace 'http://expired.com/my_wordpress_site' \
  'https://www.mywordpresssite.com' --dry-run --skip-columns=guid

review the output, then remove the --dry-run option to actually
update the database.

The fact that wordpress still saves the site URL all over the
place in the database is more than a little ridiculous.

Hope that helps!

John


On Wed, 2023/11/29 12:15:34PM -0500, Don Tai via talk  wrote:
| 
https://www.wpbeginner.com/wp-tutorials/how-to-change-your-wordpress-site-urls-step-by-step/
| 
| try this, options 2-4 should work
| 
| On Wed, 29 Nov 2023 at 11:40, William Witteman via talk 
| wrote:
| 
| > I am hoping to benefit from the experience of the group.
| >
| > I have to recreate a wordpress-based website for work, from partial
| > information.
| >
| > I have a database dump, and the contents of the web root - which gives me
| > hope that this is possible.
| >
| > What I don't have are any configuration files for the webserver, and this
| > wordpress site used to live as a subfolder of another domain which has not
| > been renewed - like http://expired.com/my_wordpress_site
| >
| > I also don't have the .htaccess file for the site.
| >
| > I put the files on my local Debian box, and re-created the database, but
| > all the links on the site are broken, because they still try to resolve
| > expired.com. I changed the siteurl in wordpress, but the problem
| > persists, and I am at a loss.
| >
| > Anyone have any advice?
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] mbox vs Maildir [was Re: Linux friendly email providers?]

2023-11-23 Thread John Sellens via talk 
Ah - mbox format - still use it for my mail archives.
Convenient for grepping or loading into vi.


On Fri, 2023/11/24 01:20:20AM -0500, D. Hugh Redelmeier via talk 
 wrote:
| | From: Ron / BCLUG via talk 
| 
| | I've seen mbox files get corrupted (all mailbox
| | messages in one file, and a line like "From: " is the message delimiter.
| | Terrible!)
| 
| I don't remember seeing that corruption in the last few decades of using 
| mbox. The horrors of in-band signalling are well known -- maybe the 
| software I use reflects that knowledge.

I believe in an mbox file, the messages start with "From " (no colon),
preceded by either the beginning of the file, or a newline.

When the body of a message contains "From " the convention is
that it must be replaced by ">From " when saving to the file
i.e. add a > before the From.

That's how message delimiter confusion is avoided.

Geez, there is such much crap filling up my brain.  Cheers.

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] brands matter; Lenovo's brands

2023-09-19 Thread John Sellens via talk 
On Tue, 2023/09/19 11:49:09AM -0400, James Knott via talk  
wrote:
| > Possibly the biggest booster of Linux in DEC was Jon Hall
| > https://en.wikipedia.org/wiki/Jon_Hall_(programmer)
| 
| IIRC, the DEC Alpha was the first 64 bit CPU Linux was ported to. There was
| an article about that (written by Jon Hall IIRC) in the Linux Journal.

Jon "maddog" Hall is a good man, and he is still actively promoting
Linux and open source.  I think he was recently at Ohio Linuxfest,
and I think is currently in Brazil, doing the same.

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] use Window to access SSH server with obsolete ciphers

2023-08-04 Thread John Sellens via talk 
You can often ssh from newer systems to older systems by telling ssh
that it's allowed to use older options.

For example, to connect from ubuntu 22 to centos 5, my .ssh/config file has

  Host centos5.example.com
KexAlgorithms +diffie-hellman-group1-sha1
# ubuntu 22+ needs
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

and I left myself a reference to:
https://www.openssh.com/legacy.html

Hope someone finds that helpful - cheers

John


On Fri, 2023/08/04 09:58:44AM -0400, D. Hugh Redelmeier via talk 
 wrote:
| Recent Fedora systems' SSH client won't access CentOS 6 servers.
| 
|   Unable to negotiate with x.y.z.w port 22: no matching host key type 
|   found. Their offer: ssh-rsa,ssh-dss
| 
| (One should not still be running CentOS 6!)
| 
| All my workstations run recent Fedora systems.  How could I access this 
| server?
| 
| It turns out the Windows has an SSH client these days and it isn't as 
| picky about ciphers as Fedora.
| 
| It could well be that other Linux distros support older ciphers too.
| 
| This isn't generally a good thing: those ciphers were retired due to 
| security concerns.
| ---
| Post to this mailing list talk@gtalug.org
| Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] war story: gtalug.org's filled up

2023-04-06 Thread John Sellens via talk 
davmail is your answer.

I use it to access work M365 and Seneca College M365, which both require
multi factor authentication.

On my ubuntu desktop/laptop I install the packages davmail and openjfx,
and my ~/.davmail.properties includes (among others)
davmail.mode=O365Interactive
davmail.url=https://outlook.office365.com/EWS/Exchange.asmx

at startup/login I run
( davmail -server > /dev/null 2>&1 & )

and my .muttrc has things like
set imap_user="jsell...@example.com"
set spoolfile=imap://localhost:1143/INBOX
set smtp_url = "smtp://jsell...@example.com@localhost:1025/"
set smtp_authenticators = "login"
set ssl_force_tls = no

Start up mutt, get prompted for password, get popup window asking
for two factor (e.g. google authenticator, or duo push), comply,
and there's my mail.  And davmail is willing to cache credentials,
so I don't always have to two factor.

Note that this does not require IMAP access to M365 - it uses the
"normal" exchange protocols, just like Outlook would.

Feel free to let me know if you run into problems, and I'll try to help.

Hope that's helpful!

John


On Thu, 2023/04/06 10:51:34AM -0400, Peter King via talk  
wrote:
| I desperately miss mutt.  But the University of Toronto, in its
| administrative wisdom, moved us all to Microsoft365 which insists on token
| security of a kind mutt doesn't implement.  If I ever leave or find a way to
| implement it, I'm back to using mutt like a shot.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] war story: gtalug.org's filled up

2023-04-05 Thread John Sellens via talk 
Antony mentioned missing reading mail with mutt. 

I’m still using mutt, and it works really well for me. It automatically formats 
HTML only messages (using the elinks command), can throw HTML at my browser 
when I ask, handles O365 multi-factor authentication, interprets calendar 
messages and so on. 

I can pipe messages into my folder filing command, filter and save bulk mail by 
rules, and various other things. 

I will admit it took a fair amount of setup over the years, and surely isn’t 
for everyone. But I find it makes my e-mail life easier in a number of ways. 
And I rarely have to click a mouse button. 

Cheers

John


---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] war story: gtalug.org's filled up

2023-04-05 Thread John Sellens via talk 
Way back in October 2000, on the SAGE members mailing list,
well-known expert Tom Limoncelli said:
"It isn't a service if it isn't monitored.  If there is
no monitoring then you're just running software."
--- Tom Limoncelli


On Wed, 2023/04/05 02:34:15PM -0500, o1bigtenor via talk  
wrote:
| Quite  a number of years ago a now deceased mentor advised that a great way
| to reduce the problem caused by a runaway var file was to use separate
| /var and /usr partitions (from / and /home).


I would argue that these days, in most cases, that is no longer
a good configuration.  Sure, /var filling up won't prevent you
from manipulating files in /home.

But if /var or / or /tmp is full, you've got a problem.  And with multiple
partitions, you need to have multiple chunks of free space.  And you
have to have a good idea up front of what your space requirements are.

And yes, with LVM you can often extend a partition.  But multiple
partitions just mean more problems to worry about.

Better you just alert once your disk gets 80% (or whatever) full.

My two cents - cheers.

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

[GTALUG] recruiting: junior/intermediate system administrator

2022-10-05 Thread John Sellens via talk 
Hope this is okie dokie to mention.

We're recruiting an all-rounderjunior/intermediate system administrator.

Remote likely most of the time, but would need to be able to get to the
office in Newmarket about once a week and to the colo in Scarborough
when necessary (not very often).

https://www.aecdaily.com/careers/#sysadmin

Happy to elaborate if anyone is curious.

Thanks - cheers

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Old DOS NFS client won't talk to Linux NFS server

2022-06-28 Thread John Sellens via talk 
I was all set to say "well, obviously", but ...

On my ubuntu desktop, nfs(5) tells me that mount.nfs(8) will
take an nfsvers=2 option.

I wonder if your desktop did the mount with the default version 4?
Did you try forcing a mount from your desktop with nfsvers=2?

My man pages seemed to suggest that mountd was only needed for
NFS 2 and 3 - could there be firewall settings on your embedded
NFS server blocking some traffic from the DOS client?

The PROGRAM_NOT_AVAILABLE makes me wonder if the portmapper lookup
by the DOS client didn't find what it wanted, or was blocked?

It looks like your server is listening both tcp and udp which is likely good.

Hope that's helpful ...

John


On Tue, 2022/06/28 04:11:57PM -0400, Kevin Cozens via talk  
wrote:
| Greetings, all.
| 
| I'm wondering if someone may have some insight in to an NFS related problem.
| 
| I have an embedded system running Linux. I set it as an NFS server. I have
| been able to have the server mount its own share and I have also been able
| to mount the share on my desktop. That tells me the NFS configuration is
| fundamentally working.
| 
| The problem is when I try to mount the from an old industrial system running
| Hummingbird NFS Maestro DOS based software from 1997. That system is able to
| ping the server so I know it has a network connection. However, when the
| "nfs link Z: \\192.168.100.110\/share" command is issue I just get the
| message on the server saying "No response from server".
| 
| The Linux NFS server is supposed to support NFS v2 through v4. The old
| system is probably v3 at best and the logs only seem to indicate v2. I
| haven't figured out how to disable v4 support on the NFS server. I used
| tshark to capture the NFS traffic.
| 
| When the "exports" command was issued on the old machine:
| 
|   909 873.726802357 192.168.100.101 → 192.168.100.110 Portmap 98 V2 GETPORT
| Call MOUNT(15) V:1 UDP
|   910 873.727576161 192.168.100.110 → 192.168.100.101 Portmap 70 V2 GETPORT
| Reply (Call In 909) Port:53625
|   911 873.728326009 192.168.100.101 → 192.168.100.110 MOUNT 110 V1 EXPORT Call
|   912 873.731315731 192.168.100.110 → 192.168.100.101 MOUNT 142 V1 EXPORT
| Reply (Call In 911)
| 
| 
| When the "nfs link" command was issued on the old machine:
| 
|   915 929.199301001 192.168.100.101 → 192.168.100.110 Portmap 98 V2 GETPORT
| Call HCLNFSD(788585389) V:1 UDP
|   916 929.13392 192.168.100.110 → 192.168.100.101 Portmap 70 V2 GETPORT
| Reply (Call In 915) PROGRAM_NOT_AVAILABLE
|   917 929.200757113 192.168.100.101 → 192.168.100.110 Portmap 98 [RPC
| retransmission of #915]V2 GETPORT Call (Reply In 916) HCLNFSD(788585389) V:1
| UDP
|   918 929.201092226 192.168.100.110 → 192.168.100.101 Portmap 70 [RPC
| duplicate of #916]V2 GETPORT Reply (Call In 915) PROGRAM_NOT_AVAILABLE
|   919 929.201744034 192.168.100.101 → 192.168.100.110 Portmap 98 [RPC
| retransmission of #915]V2 GETPORT Call (Reply In 916) PCNFSD(150001) V:2 UDP
| 
| 
| The output from rpcinfo is:
| 
| $ rpcinfo -p
|program vers proto   port  service
| 104   tcp111  portmapper
| 103   tcp111  portmapper
| 102   tcp111  portmapper
| 104   udp111  portmapper
| 103   udp111  portmapper
| 102   udp111  portmapper
| 1000241   udp  57318  status
| 1000241   tcp  46225  status
| 151   udp  53625  mountd
| 151   tcp  40199  mountd
| 152   udp  53980  mountd
| 152   tcp  53443  mountd
| 153   udp  50848  mountd
| 153   tcp  49067  mountd
| 132   tcp   2049  nfs
| 133   tcp   2049  nfs
| 134   tcp   2049  nfs
| 1002272   tcp   2049
| 1002273   tcp   2049
| 132   udp   2049  nfs
| 133   udp   2049  nfs
| 1002272   udp   2049
| 1002273   udp   2049
| 1000211   udp  42943  nlockmgr
| 1000213   udp  42943  nlockmgr
| 1000214   udp  42943  nlockmgr
| 1000211   tcp  44539  nlockmgr
| 1000213   tcp  44539  nlockmgr
| 1000214   tcp  44539  nlockmgr
| 
| 
| Is the DOS based NFS client compatible with current day Linux NFS server?
| Any idea why I see messages saying PROGRAM_NOT_AVAILABLE?
| If something is supposedly missing, what program is it looking for? It would
| have been a lot more helpful if whatever program is reporting a "missing
| program" said what program it couldn't find, or couldn't talk to.
| 
| -- 
| Cheers!
| 
| Kevin.
| 
| http://www.ve3syb.ca/   | "Nerds make the shiny things that
| https://www.patreon.com/KevinCozens | distract the mouth-breathers, and
| | that's why we're powerful"
| Owner of Elecraft K2 #2172  |
| #include  | --Chris Hardwick
| ---
| Post to this mailing list talk@gtalug.org
| Unsubscribe from this mailing list

Re: [GTALUG] Making RPM from directory tree?

2022-06-11 Thread John Sellens via talk 
I've long found that making linux packages seems to be more
complicated than I might have hoped.

To build RPMs, you typically use rpmbuild(8) which uses a set pf
diretories (SOURCES, SPECS, BUILDROOT, RPMS, ...) to build rpms.

But you might have a look at "fpm" - the "effing" package manager.

https://github.com/jordansissel/fpm
https://www.digitalocean.com/community/tutorials/how-to-use-fpm-to-easily-create-packages-in-multiple-formats

I find creating RPM repositories relatively simple - createrepo(8)
(or possibly createrepo_c(8)) feel straightforward to me. GPG package
signing is not too hard.  I find deb/apt repositories to be more involved.

Hope that helps!

John


---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] U of T alumni mail + Thunderbird

2022-04-23 Thread John Sellens via talk 
I only just discovered "davmail" which can be helpful in situations
like this.

davmail is a server/gateway that you run on your local machine that
knows how to talk to Exchange or Office 365 mail servers, and which
provides local ports for IMAP, POP, and SMTP.

And, it knows how to handle interactive two-factor authentication.

So you can use any IMAP mail client (thunderbird, mutt, whatever)
however you wish.

My use case is that I like using the mutt mail client, which talks
IMAP, but does not know how to talk to Exchange.  So, I run davmail,
set davmail to use "O365Interactive" authentication, and tell mutt to
connect to imap://localhost:1143/INBOX and tell it my email address.

Mutt prompts me for my password, then davmail pops up a microsoft
style two factor authentication window, I put in my authenticator
code, and read and reply to mail, save locally, do whatever.

And davmail will cache an oauth (or other?) token, so I don't have
to deal with multi-factor authentication every time.

I use this to connect to the O365 email service for an Ontario
educational institution that does not provide IMAP access and which
requires multi-factor authentication.  So far, so good.

Hope this is useful.

John

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Can anyone recommend a source for Laptop batteries..

2022-02-04 Thread John Sellens via talk 
We have bought replacement ThinkPad batteries and A/C adapters from

https://www.battdepot.com/ca/

and had good experiences - batteries worked, prices and shipping were fair.

Hope that helps - cheers

John


On Fri, 2022/02/04 05:12:48PM -0500, Michael Galea via talk  
wrote:
| I'm looking for recommendations on replacing my T420's battery pack. Either
| a store, source, particular manufacturer or any experiences
| would be welcome.
| --
| Thanks
| Michael Galea
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Command doesn't work in script but works on command line?

2021-11-06 Thread John Sellens via talk 
On Sat, 2021/11/06 01:32:13PM -0400, Kevin Cozens via talk  
wrote:
| Modify the script to capture all output from the command as it may help you
| determine what may be going wrong when you run the command in a script.
| (e.g. >& messages.txt)

I'll echo Kevin's suggestion, and mention that potentially the output
of "printenv" might be informative, and I think you can capture everything
from a script by using (after the #! line)
exec >/tmp/output 2>&1
which I think sends all output of all following commands to /tmp/output.

I also try to check the result of commands in scripts and complain e.g.
alsa_out args ... \
|| echo 1>&2 "oh not alsa_out failed"
or
alsa_out args ...
ret=$?
if [ $ret -ne 0 ]; then
echo 1>&2 "alsa_out failed with $ret"

Hope that helps

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Command doesn't work in script but works on command line?

2021-11-06 Thread John Sellens via talk 
Jim - I may have missed it, but I think you said only that it "doesn't
work" but didn't elaborate.

Does running the script result in any error messages?

Or does it appear to work but not have the desired effect?

Is your script file executable? i.e. are the x permission bits set
in the output of "ls -l filename"?

Could it be that you're expecting your script to be in your PATH,
and it isn't e.g. if you run
prompt% scriptname
does it say command not found?  Do you need to run it with ./scriptname?

You mentioned that you want it to be clickable.  I'm relatively unfamiliar
with alsa, but is it possible it needs something from the environment
that isn't available when clicked?

It's likely something relatively simple, but more details would likely help 
narrow it doen.

Hope that helps

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] War Story: debugging remote port access

2021-03-20 Thread John Sellens via talk 
Thanks for the port war story.

I've learned that something like

netstat -na | grep -w LISTEN

often helps me discover/confirm port problems.

And having a telnet client (or nc) on another machine, often provides
much more specific answers than a web browser or an application client
(which often say "something went wrong" with no further details).

Cheers

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] DRAM Issues

2021-01-17 Thread John Sellens via talk 
If it's old, I might guess that replacement memory is cheap on ebay.

If I were you, I would try running memtest86 and see what it says.
Assuming you're ok to shut the machine down for a while.

Depending on configuration, you might be able to upgrade
memory (and performance) for a very low price, while
replacing your failing RAM.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] information storage ideas

2020-12-09 Thread John Sellens via talk 
On Wed, 2020/12/09 06:58:14AM -0600, o1bigtenor via talk  
wrote:
| I want to thank both of you for your ideas. It seems something like one
| of these could work but I'm not sure about the connecting files back into
| either of these. At least I can't see an easy way of doing such.

In dokuwiki, as in almost all wikis, you can easily link to any URL.

Or, you can easily upload copies of media (images, documents, etc) and refer
to them from any page.

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] SSL Certs for both web and email servers

2020-12-03 Thread John Sellens via talk 
And the other thing to remember: when the certificate renews,
restart/reload your services, to use the new certificate(s).

I use puppet to pass certificates around, and trigger an apache
reload when needed, similarly with dovecot and postfix for mail.

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] SSL Certs for both web and email servers

2020-12-01 Thread John Sellens via talk 
On Tue, 2020/12/01 08:16:49AM +0200, ac via talk  wrote:
| > I have three domains and a small but invariant number of subdomains
| > that I want to encrypt - should I try to pull them all under one SSL
| > cert, or do one for each domain, or one for every subdomain?  I don't
| > need a wildcard, but I would like something relatively painless if
| > possible.
| 
| yes, in your case, and for painless and easy, just use the domain name
| and one cert. so, instead of mail.example.com and www.example.com 
| - just use example.com. 

I think that might cause client complaints in some cases.

I think letsencrypt now provides wildcard certifications, but you
can use mutliple -d options when creating or updating a certificate e.g.

  certbot certonly \
--non-interactive \
--expand \
--webroot \
-w /var/www/html/letsencrypt \
--cert-name www.example.com \
-d example.com \
-d mail.example.com \
-d blog.example.com

And then the one certificate is valid for all those names.

Hope that helps - letsencrypt is really remarkably convenient.

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Group knowledge base

2020-10-29 Thread John Sellens via talk 
On Thu, 2020/10/29 10:17:23PM -0400, William Park via talk  
wrote:
| How do you or your company maintain group "knowledge base"?  I guess,
| wiki for internal stuffs.

We use a wiki for internal stuffs.  Have done so across multiple companies
for quite a while.

I would go mad trying to maintain documentation in word/excel.
How do you search across all your files?  Across platforms?

At my current place, we use dokuwiki, which I find to be a nice
combination of features, without a lot of overhead (PHP, files).
I even script some reports that insert pages into the wiki nightly.

Previously I've used xwiki (java) which was nice, but as it's java,
there's a running (sleeping) process all the time.

People who wish to spend money (from small to large) like confluence.
Confluence is very nice, but it helps if you're already hooked into
the Atlassian ecosystem.

There are a bunch of alternatives of course, but those are ones
that I've found to be good alternatives when I've been looking.

Hope that helps, but seriously, set up a wiki.

Cheers

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] for multi-hop ssh/scp: option "ProxyJump"

2020-08-29 Thread John Sellens via talk 
On Sat, 2020/08/29 09:20:35PM -0400, William Park via talk  
wrote:
| We had to do it manually, one jump at a time, making note (on
| paper) where we were each jump. :-)

There's a reason why my shell prompt includes the fully-qualified hostname.
(And userid, if it's not my normal one.)

I've seen people colour code their xterms by hostname as well.

If you're "clever", you can probably change your xterm title string
as you go, so you window title could end up with a label like:
   jumphost1 -> nexthop -> 3rdhop -> dbserver
(e.g. xtitle from http://www.shelldorado.com/scripts/cmds/xtitle )

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Bash does-directory-exist question

2020-07-10 Thread John Sellens via talk 
On Fri, 2020/07/10 09:38:48AM -0400, Giles Orr via talk  wrote:
| This gives immediate visual feedback on the write-status of the
| current directory.  But test's '-w' and '-d' both claim that you're
| still in a valid directory under the above circumstances.  Does anyone
| know of a simple way to find out if the directory you're currently in
| actually exists?

The directory "." will still exist while you have it open (your current
directory), but will be unreachable, as you observed with stat(1) and
the number of links.

Would checking for "test -d $PWD" work?  I think $PWD is the full path
and so if it's no longer reachable, the test should fail?

Hope that helps

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Continuing Printer Woes

2020-06-03 Thread John Sellens via talk 
I think "falsisign" looks like fun:

FalsiScan: Make it look like a PDF has been hand signed and scanned
https://gitlab.com/edouardklein/falsisign

You scan and save a bunch of signatures.  Then the code
modifies the original PDF to look scanned and puts a random
signature where you say to put it.

John

On Wed, 2020/06/03 03:04:14PM -0400, Scott Allen via talk  
wrote:
| "sign it --> scan it back in" steps
| 
| I use a Wacom tablet to do the signing.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] On the subject of backups.

2020-05-06 Thread John Sellens via talk 
On Wed, 2020/05/06 10:38:29AM -0400, Howard Gibson via talk  
wrote:
| > ZFS is another option. And it handles delta-backups very easily.
| 
|How do you recover stuff from delta backups?  You have to figure which 
backup the file or directory is in, right?

Remember that snapshots, like RAID, are not actually backups,
unless they are on a different machine, in a different place.

ZFS makes it easy:

You can browse through snapshots for /mypool/myfs by looking
in /mypool/myfs/.zfs/snapshot and if your ZFS snapshots are
named using dates, easy peasy to choose when.  You can also
brute force and
  find /mypool/myfs/.zfs/snapshot -name 'myfile.tex' -ls
and find what's there.

You can use "zfs rollback" to revert to a snapshot.

You can use "zfs send ... | zfs recv ..." to copy a specific
snapshot (or group of snapshots) to another pool, system, etc.

And of course, when you create a snapshot, you could create your
own index listing of what's there for easy grepping.

ZFS is great.

You can still (and likely should) continue to backup to Blu-ray,
but ZFS will make sure your files don't rot in place unnoticed.

Hope that helps, cheers

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] On the subject of backups.

2020-05-04 Thread John Sellens via talk 
On Mon, 2020/05/04 12:03:19PM -0400, Alvin Starr  wrote:
| The client really only wants to use Centos/RHEL and ZFS is not part of that
| mix at the moment.

Well, one could argue that zfs on centos is fairly well supported ...


| The data is actually sitting on a replicated Gluster cluster so trying to
| replace that with an HA NAS would start to get expensive if it were a
| commercial product.

Of course "expensive" depends on the client.  An HA truenas that size,
all flash is (I believe likely well) under $15K USD.


Ah - you didn't mention Gluster.

In theory, Gluster has geographic replication.

And if your bricks are on LVM storage, you can use gluster snapshots as well:

https://docs.gluster.org/en/latest/Administrator%20Guide/Managing%20Snapshots/
to guard against accidental removals, etc.

(I've not used either, and my glusters are quite old versions at the present 
time.)

Depending on how it's all configured, you may get better performance
backing up the bricks, rather than backing up gluster itself.  I have
a two-node gluster, mirrored, so I can backup the bricks on one of the
servers and get everything.  Obviously that's a very simple "cluster".

Traditionally, gluster filesystem performance with large numbers of
small files in a directory is horrible/pathetic.  If you're backing up
the gluster filesystem, you would almost certainly get better performance
if your file structure is deeper and narrower, if that's possible.

Cheers

John
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] On the subject of backups.

2020-05-04 Thread John Sellens via talk 
I bet no one would want this advice, but it seems to me that the
implementation needs to change i.e. that one big (possibly shallow)
filesystem on xfs is unworkable.

The best answer of course depends on the value of the data.

One obvious approach is to use a filesystem/NAS with off-site replication.
Typically a commerical product.

At relatively modest cost, I like the truenas systems from ixsystems.com.
ZFS based, HA versions available, replication can be done.
The HA versions are two servers in one chassis, with dual-ported SAS disks.

For do-it-yourselfers, I like using ZFS and ZFS replication of snapshots.
For example, I do much (much) smaller offsites from my home to work
using ZFS and zfs-replicate.

You can also do freenas (non-commercial truenas) but without the HA
hardware and code.

Hope that helps - cheers

John


On Mon, 2020/05/04 09:55:51AM -0400, Alvin Starr via talk  
wrote:
| The actual data-size for 100M files is on the order of 15TB so there is a
| lot of data to backup but the data only increases on the order of tens to
| hundreds of MB a day.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Adding all users to the "disk" group: bad idea, or terrible idea?

2020-02-17 Thread John Sellens via talk 
The developer seems to be insisting on an answer, rather than
a need.  The need is to allow easy writing when appropriate.

Consider a wrapper script that uses sudo to call the actual command.

And then set sudoers(5) to allow appropriate people to run the command
as root without a password.

That means that it's easy for the user, and access to the disk
devices is only provided through the (presumably) tested and
well-functioning command.

Remember: you can solve any problem in computer science with
another level of indirection.

I suspect that there's a way via udev or dbus to accomplish the
appropriate thing.  But I'm not smart enough for that.

Hope that helps!

John


On Mon, 2020/02/17 04:28:52PM -0500, Stewart C. Russell via talk 
 wrote:
| So I'm working with a developer making a simple cross-platform graphical
| program to write Raspberry Pi OS images to SD card. This is meant for
| beginners to use. The developer is adamant that their program doesn't need
| to run under 'sudo' but that every user should be added to the disk group
| instead.
| 
| This means that every user can write directly to system disk devices at any
| time. The Debian-based systems I use don't add regular users to "disk". Is
| it reasonable/common for regular users to be set up this way?
| 
| cheers
| 
|  Stewart $(export HAVE_ACCIDENTALLY_OVERWRITTEN_ROOT=1) Russell
| 
| 
| 
| ---
| Post to this mailing list talk@gtalug.org
| Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] server question

2020-01-21 Thread John Sellens via talk 
You want a server name (FQDN) that works internally, but not externally.
Just stick it in DNS.

Generally you likely have DNS configured somewhere for some domain.
You can add an A record with machine1's internal address e.g.

intservice.mydomain.com IN A 192.168.10.101

Even if you stick that in public DNS, there's no access through your
firewall from outside to inside, so often not a big deal.  (It would
potentially leak information about your name intserver.mydomain.com.)

You likely have a firewall/router at the edge of your internal network.
Many firewalls provide DNS service e.g. pfsense provides a DNS resolver
and you can add entries there that are only visible internally, even if
most of your DNS is external.  See also the dnsmasq server.

You may have internal DNS servers running internally - you can add
records there.

Don't want to use your public domain name?  Buy another domain, and use
it only internally - set up DNS the same way.  You can even just make
up a domain, but that means that you run the risk of not being able
to get to legit external servers, if someone else uses that domain.
And it means you won't be able to get real SSL certificates.

Or use a subdomain of your domain (e.g. internal.mydomain.com).

Last few places I've been, we've purchased a separate domain just for
internal use.  We exposed a little bit of it in public DNS (e.g. a
wildcard for *.myinternal.com) so that we can get letsencrypt SSL
certificates for use on internal only machines.


Note that some firewalls try to protect against DNS rebinding attacks,
and won't give you an internal address from a public DNS server. You
can usually whitelist specific domains.  e.g.  I have intwww.syonex.com
as an A record in public DNS to 192.168.1.2 and I tell my pfsense
firewall to trust syonex.com's DNS and give me that address internally.

Remember - DNS is your friend.  Tools like dnsmasq let you do weird
but useful things with DNS.

Hope that helps!

John


On Tue, 2020/01/21 10:03:53PM -0600, o1bigtenor via talk  
wrote:
| I wasn't thinking of IP addresses - - - rather I was thinking of something
| like example.com but not that. Trying to come up with something so
| that if machine 1 has the server program that machine 2 can access
| machine1 just by using machine1 in the browser.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] anyone here build pro computer workstations?

2019-09-17 Thread John Sellens via talk 
On Tue, 2019/09/17 05:48:31PM -0400, Karen Lewellen via talk  
wrote:
| Given mac pros the desk top units are rather new creations,

Mac Pros have been avilable Since 2006, so not that new.

You may be thinking of the Mac Pro cylindrical style, since 2013.

https://en.wikipedia.org/wiki/Mac_Pro

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Sudo in Script

2019-09-15 Thread John Sellens via talk 
On Sun, 2019/09/15 12:01:28PM -0400, Stephen via talk  wrote:
| I restart Apache in a script file that requires a Sudo command. That
| requires a password.

Look up the "NOPASSWD" tag in the sudoers(5) man page.

You could set one or more users or groups to be able to run
apachectl graceful
(or any other command) without requiring a password.
---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] of routers and access points

2019-04-25 Thread John Sellens via talk 
I have a Netgate SG-1000 running pfsense inside my bridge-mode Rogers
modem, which has been replaced by the slightly bigger SG-1100 ($159 USD).
In the furnace room, and then some cat5 heads off to more convenient
spots for access points, etc.

I like separate access points, which are sometimes harder to find than
all-in-ones (but you can usually turn off routing on those).

PoE is convenient, but adds expense.  I trust you know about PoE injectors?

I like Ubiquiti, but sometimes they're happier if you buy into their
ecosystem.  But do you know about Ubiquiti's home systems? https://amplifi.com/
Not the cheapest alternative, but almost plug and play (in the good sense).

Hope that helps - cheers!

John
On Thu, 2019/04/25 01:27:02PM -0400, David Mason via talk  
wrote:
| This (letting the router do all the work) is a possibility, but the router is 
very far from all the other connections, so at the moment I have a long RJ45 
cable to the router. So I’d have to run another long cable back to the switch 
where everything else is plugged in.
| 
| Part of my question was whether anyone else is using POE access points, and 
whether it’s worth doing as right now I have an extension cord running to the 
router. If so I’d need a router that supported POE, so I mentioned the Ubiquiti 
EdgeRouter as such a (non-WiFi) router.
| 
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] optimum swap size

2019-02-27 Thread John Sellens via talk 
Note that if you mmap() a file, it has no direct impact on swap usage.
(Because the actual file is effectively the backing store.)

This might be a helpful read:


https://stackoverflow.com/questions/43541420/when-and-how-is-mmaped-memory-swapped-in-and-out

Hope that helps!

John


On Wed, 2019/02/27 11:47:59AM -0500, Gary via talk  wrote:
| Thank you. My intent (haven't done it yet) is to use mmap() in c++ for a
| very large file (2 gigs). I suspect that the virtual memory technology in
| x86 would simply page in/out file data to/from ram using the least recently
| used algorithm. Would the swap partition size be material here or am I
| worrying unnecessarily.
| /gary
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

[GTALUG] seeking web developer, project lead

2019-02-13 Thread John Sellens via talk 
Hi - hope no one minds a job posting - apologies if so.

We're looking for a web developer/project lead to join our small team
for a new project.  We're based in Newmarket, and meet in person once
a week.  Full-time, permanent, likely looking for intermediate/senior,
but we're flexible for the right candidate.

Likely PHP front end, MySQL, some middle layer, using current practices.

Job posting is here, and I'm happy to answer any questions:
https://www.aecdaily.com/careers/

Thanks - cheers

John
jsell...@syonex.com

---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Practical Use of GRUB's DSL: With the examples inexplicably left out of the GRUB documentation

2018-10-16 Thread John Sellens via talk 
I'm a big LaTeX fan for more than a short while.  Lately for
multi-destination documents I've found that asciidoc has
worked well as a source for some documents.

I convert asciidoc to docbook, then to pdf, HTML, etc., most via LaTeX.


On Tue, 2018/10/16 11:11:32AM -0400, David Mason via talk  
wrote:
| I use LaTeX for everything - most particularly for papers and lecture slides. 
I haven’t used it in a while, but HeVeA (http://hevea.inria.fr/) is the best 
way to convert LaTeX to HTML.  When I last used it, it was quite effective. And 
it is quite focussed on including code in documents.
| 
| ../Dave
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] suggestion: naming temp files

2018-04-17 Thread John Sellens via talk 
| > Many people use tmp, tmp2, tmp3 as names.  I find those visually too like
| > real filenames and longer to type than I want.  The names I use are 0, 1,
| > 2, 3.  They are short, distinctive, and unreasonable as permanent
| > filenames.
| 
| Why not use mktemp? "man mktemp" for information about templates, suffixes 
etc.

Or in your .cshrc or .bashrc something like
mkdir -m 700 -p /tmp/me
tmp="/tmp/me"
export TMPDIR=/tmp/me

I'm far too lazy to want to have to remember to clean up after myself.

John
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Getting external IP

2018-01-27 Thread John Sellens via talk 
On Sat, 2018/01/27 04:45:55PM -0500, William Park via talk  
wrote:
| On Sat, Jan 27, 2018 at 03:03:56PM -0500, Don Tai wrote:
| > dig +short myip.opendns.com @resolver1.opendns.com
| 
| This I like, even though it only applies for OpenDNS.

I think it's general purpose - I believe it replies with
your source address - no previous record in opendns needed.
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] python sweetness — The mysterious case of the Linux Page Table

2018-01-03 Thread John Sellens via talk 
One could assert that the days of time sharing systems are largely over,
at least on production systems that people care about.

And I think it's fair to say that it has been good practice for quite
some time to not allow random binaries to run on systems you care about.

I have no idea whether hypervisors (like xen or esxi) are vulnerable.
But the same guidelines can be applied to VMs running on hypervisors.

I wonder how exploitable this problem really is?

Cheers, happy new year

John


On Wed, 2018/01/03 10:56:30PM -0500, Dhaval Giani via talk  
wrote:
| 
https://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html
| gives the gory details
| 
| At this point, I cannot stress on how important it is to update your
| systems as soon as your distribution ships them. I am hoping this
| remains to be a once in a lifetime event.
| 
| Dhaval
| ---
| Talk Mailing List
| talk@gtalug.org
| https://gtalug.org/mailman/listinfo/talk
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Flatpak: Anyone with Experience or Opinions on It?

2017-11-03 Thread John Sellens via talk 
Those are not problems which are specific to linking to/using particular
versions of libraries.

How do you ensure that security updates of commands and configuration
files happen?  It's not a new or different problem.

One can choose to use the default version, which by implication will
be the latest and greatest version that is installed on the machine.
And your program/package will get updates as they are installed.

If you use a particular version of the library:
- a local admin can choose to accept the risk
- a package maintainer can label the package risky, and/or
  delete/disable/deprecate the package
- a program maintainer can update the code to use the new version

One can't abdicate responsibilty for security by assuming that your
binary will run with a secure version of a library.

Cheers

John



On Fri, 2017/11/03 01:09:47PM -0400, Dhaval Giani  
wrote:
| How do you ensure security updates happen everywhere, or that you are
| not linking to an insecure version? What about old software which is
| no longer maintained? Also work is not duplicated?
| 
| Dhaval
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] little PCs for internet gateways

2016-10-25 Thread John Sellens via talk 
On Tue, 2016/10/25 05:47:02PM -0400, D. Hugh Redelmeier via talk 
 wrote:
| By gateway, I mean router/firewall/whatever box that sits between your 
| LAN and the internet.


| I've chosen to use two different Zotac Zbox tiny PCs.
| - the CI321 is a fanless box with two ethernet ports (two is the
|   minimum for a pleasant router).
| - the RI323 has a fan and two ethernet ports.  It is more
|   fully-featured and I got it cheap.  It even has two 2.5" drive bays.

Thanks for the pointer - those are interesting.


You might want to look at the pfsense/netgate boxes e.g.
the "SG-1000 microFirewall Security Appliance" for $149USD
http://store.netgate.com/SG-1000.aspx


And of course I might recommend pfsense on the Zotec boxes.

Hope that's helpful to someone - cheers!

John
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk