Re: Advice on hardware server to use for small a dedicated data center

[ghe]

‐‐‐ Original Message ‐‐‐
On Friday, June 26, 2020 12:34 PM, echo test  wrote:

> Then, I want to build a small data center for my company for hosting 
a web app and a mail server. It's the first time I'm going to buy some 
hardware for this. I tried looking for it on the web in order to compare 
them but it seems that hardware vendors never want to talk about Debian 
on their websites.


Well, this might be heresy, but at that size, consider a Raspberry Pi 
running Raspian (Debian (sorta) recompiled for its CPU -- questions are 
accepted on this list).


I'm on a T1, and I've been running them as Internet servers for almost a 
decade (replaced a genuine server). I suspect you could do RAID with a 
couple USB drives, and you could get the Ethernet ports you're looking 
for with a 4-hole switch.


I use a 3+ because I want to give the 4 a couple years to get its 
hardware and software debugged. The disadvantage of the 3+ is the 100M 
Ethernet speed (the 4 claims 1G, but I doubt it). Check the speed of 
your 'Net connection. 100M is plenty fast for most installations.


Keep a spare on hand, ready to replace the server when #1 dies. But I've 
been using them for years, on a good UPS, with no probs at all.


--
Glenn English

Re: cron problem

[ghe]

‐‐‐ Original Message ‐‐‐
On Sunday, May 17, 2020 4:48 PM, David Wright  
wrote:


> OK, I thought you might list both. I'm not actually sure where output
> goes because I always have MAILTO set, which takes care of it.

Since I don't know what MAILTO is, I suspect I've never had to have it 
set before:-)


I looked around and found 'mailto's (LC) in my amanda config (it points 
at root@localhost -- the amanda cron job script's another thing that's 
missing). But nowhere else.


Is MAILTO an environmental var? There's no MAILTO in 'env' when root or 
backup (the amanda user) or ghe (me). There's a MAIL in the users' 
environments, but I don't think that's what you're talking about. It's 
pointed at /var/mail/ anyway.


> Have you checked the logs? I see lines in both auth.log and syslog
> whenever cron jobs run, and even when I just look with crontab -l.

I just looked at syslog and auth, and I don't see anything that looks 
like email in there. And I sent crontab -l earlier -- nothing in there 
either.


What should I see?



Never mind, at least for a bit. I just found that the SMTP server is bent...

--
Glenn English

Re: cron problem

[ghe]

‐‐‐ Original Message ‐‐‐
On Sunday, May 17, 2020 12:03 PM, David Wright 
 wrote:



> I always examine my cron with
>
> crontab -l
>
> rather than just catting some random file.
>
> Cheers,
> David.

Here it is, but I see no difference, except the disabled tripwire.

root@sbox:~# crontab -l
# 14 3 * * * /etc/sls/mountTripwire.sh ; /usr/sbin/tripwire -m c | mail 
-s "SBOX Tripwire Report" r...@slsware.net ; /etc/sls/umountTripwire.sh

5 1 * * * /bin/cat /proc/mdstat
10 1 * * * test -x /usr/sbin/apticron && /usr/sbin/apticron --cron #apticron

--
Glenn English

Re: cron problem

[ghe]

On 5/17/20 10:42 AM, ghe wrote:

Buster, Supermicro desktop

Cron jobs (some of them) don't show up in root's email.

I admin 2 domains -- one on Squeeze, one on Buster. My Squeeze cron 
results show up fine; Buster's don't. I've reinstalled the Buster jobs. 
I've copyNpasted them from the Squeeze crontab. Both logwatch results 
show up (part of /etc/crop.daily). It seems that that the jobs I enter 
manually don't show up. They didn't use to do that.



Here's my crontab on Buster:

root@sbox:~# cat /var/spool/cron/crontabs/root
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.93Jh1O/crontab installed on Sun May 17 10:11:58 2020)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
5 1 * * * /bin/cat /proc/mdstat
10 1 * * * test -x /usr/sbin/apticron && /usr/sbin/apticron --cron 
#apticron


(The date is a few minutes ago because I removed a dup of logwatch.)


And on Squeeze:

root@rrserv:~# cat /var/spool/cron/crontabs/root
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.bgZABv/crontab installed on Wed May 13 12:48:16 2020)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
2 1 * * * /bin/cat /proc/mdstat


Here's what happens if I manually run one of them (Buster):

root@sbox:# /bin/cat /proc/mdstat
Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] 
[raid4] [raid10]

md0 : active raid1 sdc1[1] sda1[0]
   488253440 blocks super 1.2 [2/2] [UU]
   bitmap: 0/4 pages [0KB], 65536KB chunk

unused devices: 


I have a feeling that I've done something trivially wrong. But I can't 
find it. Thoughts?





--
Glenn English

RE: nft bewilderment

[ghe]

Close the ticket. wiki.archlinux.org on nftables looks like it answers
enough of my questions to keep me going for a few days...

Thanks for the replies and suggestions.

-- 
Glenn English

Re: nft bewilderment

[ghe]

‐‐‐ Original Message ‐‐‐
On Tuesday, May 5, 2020 12:42 PM,  wrote:

> On Tuesday, May 05, 2020 01:50:00 PM ghe wrote:
>
> > This wiki explains a lot, but seems to assume I know a lot to begin
> > with. Which I don't.
> > I know iptables quite well, but nft has added a lot of terms and
> > features to the mix. That's fine, but I haven't been able to find out
> > much about some of them.
>
> Aside from advice like google (ddg) them, why don't you list them here.

There were so many I don't remember all of them.

A few:

The Debian pages on nft.
The Arch pages.
The Ubuntu pages.
The man page.
The nft site.
Serverfault.
Admin magazine.

Amazon looking for O'Reilly etc. books.

Sorry. That's almost certainly not all. It's from the sites I printed
and sites I saved bookmarks to.

And I use DDG, not Google. I'll try Google...

-- 
Glenn English

Re: nft bewilderment

[ghe]

> It's not clear from your message if you've seen this.

> https://wiki.nftables.org

Yes, I have. Lots of help, but lots of info missing.

This wiki explains a lot, but seems to assume I know a lot to begin
with. Which I don't.

I know iptables quite well, but nft has added a lot of terms and
features to the mix. That's fine, but I haven't been able to find out
much about some of them.

> Kind regards,
> Andrei

-- 
Glenn English

nft bewilderment

[ghe]

Buster, Supermicro desktop, nft noob

Can anyone recommend a book or website with a thorough explanation of
nft (the iptables replacement)?

I'm working on rewriting my aged packet filter shell script (big and
from the ipchains days) with nft and python. I've spent several hours on
the web, and I've found lots of info about nft, but nowhere have I come
across a plain and straightforward explanation -- lots of 'how nft is a
huge improvement over iptables', but very little about why or what
things mean or what's necessary to make things happen.

So far, the best I've been able to do is just change the commands in
examples and test them to see what happens.

Like, for one example: What's a 'base chain', what's not, why do both
exist, what's the functional difference, what do the various components
of the command line mean, etc.

-- 
Glenn English

pip

[ghe]

> The package you want is python3-pip (already installed?), and the
executable is /usr/bin/pip3.

Thanks Liam. Works like a champ...

-- 
Glenn English

python pip trouble

[ghe]

Buster, Supermicro workstation

I wanted to install pip (python3 is installed and working well and my
apt mirrors are up to date):

root@sbox:~# apt install pip
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package pip

I went to Synaptic to look around a bit. It installed (pip for
pythion3). I went to man pip, and was told I could enter a command
followed by --help:

root@sbox:~# pip install --help
-bash: pip: command not found

root@sbox:~# whereis pip
pip: /usr/bin/X11/pip

root@sbox:~# /usr/bin/X11/pip
Traceback (most recent call last):
  File "/usr/bin/X11/pip", line 9, in 
from pip import main
ImportError: No module named pip

root@sbox:~# cd /usr/bin/X11/

root@sbox:/usr/bin/X11# ls -lh pip
-rwxr-xr-x 1 root root 292 Feb 24 16:14 pip

root@sbox:/usr/bin/X11# ./pip
Traceback (most recent call last):
  File "./pip", line 9, in 
from pip import main
ImportError: No module named pip

root@sbox:/usr/bin/X11# python pip
Traceback (most recent call last):
  File "pip", line 9, in 
from pip import main
ImportError: No module named pip

root@sbox:/usr/bin/X11# python3 pip
Traceback (most recent call last):
  File "pip", line 9, in 
from pip import main
ImportError: cannot import name 'main' from 'pip'
(/usr/lib/python3/dist-packages/pip/__init__.py)


What's it doing off everybody's $PATH? What's bent? My brain???

-- 
Glenn English

Re: Any way to open Thunar as root beside this?

[ghe]

On 4/7/20 12:58 PM, ghe wrote:

> How about 'sudo thunar'?

To get past the Alt... and password stuff, put this in /etc/sudoers,
running 'visudo' as root:

  ALL = NOPASSWD: ALL

It all works, with no whining, on my Buster box (and several earlier
releases).

-- 
Glenn English

RE: Any way to open Thunar as root beside this?

[ghe]

How about 'sudo thunar'?

-- 
Glenn English

Re: normalize audio in mp4s

[ghe]

> Please note that the subject of this conversation is mp4 (not mp3).

It's claimed that sox will handle mp4:

https://stackoverflow.com/questions/2666425/how-to-i-configure-sox-to-work-on-mp4

(You do have to install LAME.)

> If you only process uncompressed audio then sox is fine.

It will do the mp's and flac. That I know of -- there may be others.

It normalizes things too. I do that in flac. I don't know if it
normalizes mp's.

-- 
Glenn English

Simple software for a scanner with ability to crop (CanoScan LIDE 700F)

[ghe]

Ok, I noticed that simple-scan uses sane / xsane, so I didn't have high
hopes (as h-node found nothing compatible), but I installed it anyway on
my Buster system -- no luck: ~"No scanner found".

You might have some luck on the web.

My scanner came with Windows and Mac software, but there aere howTos
telling how to get it going on Linux.

Simple Scan is working perfectly for me now.

-- 
Glenn English

Re: now gmail rant

[ghe]

‐‐‐ Original Message ‐‐‐
On Thursday, March 5, 2020 8:24 PM, Keith Bainbridge  
wrote:

> I am slowly working towards a better email server, but it takes time.

Check out protonmail.com. I moved there from gmail recently.

Free (lower tier -- $4 a month next step up). Open sourcing their code. 
Significant security features -- end to end encryption, etc.). Great user 
support. In Switzerland, far away from crackers and the NSA...

Missing some gmail tricks. A little slow sometimes (don't click 'Send' twice or 
it will). They top-post your sig when replying (can be fixed with 
copy-and-paste, but a PITA).

But it's not Google.

​--
Glenn English

linq

[ghe]

> You misunderstood.  David is saying that /bin may be a symlink,
> instead of a directory.

Indeed I did, and indeed they are:

root@sbox:~# ls -lh / | egrep bin
lrwxrwxrwx   1 root   root7 Jan 16 10:39 bin -> usr/bin
lrwxrwxrwx   1 root   root8 Jan 16 10:39 sbin -> usr/sbin

-- 
Glenn English

linq

[ghe]

‐‐‐ Original Message ‐‐‐
On Wednesday, February 26, 2020 9:10 AM, David Wright
 wrote:

> > Looks to me like it means 'link  to '
>
> Indeed. This means that an old script which tries to run
> /usr/bin/X11/foo will succeed in running /usr/bin/foo,
> which is where foo will have been placed.

I looked around and couldn't find the file that was linked in to bin.
But it must be somewhere since startx still worked.

> If ls X11 worked, then your working directory is presumably
> /usr/bin or /usr/bin/X11…, so you're doing this as root, and are
> writing the output to a file in /usr/bin, so the file will include
> an entry for X11.a.

Does indeed.

> Likewise, the second command will contain
> entries for X11.a and X11.b. Is that the "garbage" showing in diff?

Yes. A random looking number and one of the X11s.

> Hence the importance, stressed by others, of showing your commands
> (with their prompts) as well as the actual output.

Gotcha. I thought I'd included enough for a competent *nix guru to
understand what was going on.

> I have no idea whether your system has anyreliance on the symlink.
> It just depends on what's installed, and of what vintage.

Buster. Should have mentioned that.

> If you go back in time, the X11 system was segregated in its own
> directories under such names as X11R5, X11R6 and X386, so its
> binaries would be in, say, /usr/X11R6/bin and its libraries …
> You get the drift.
>
> As X11 evolved, symlinks like /usr/bin/X11 → /usr/X11R6/bin were
> made so that scripts could use the newer names. Now those scripts
> are out-of-date as everything is in /usr/bin, so the link allows
> them still to work. Similar skullduggery was going on under /etc,
> /usr/lib and /usr/include etc.

> On the down side, it made running two different versions of X, say
> X11R6 and XFree86, on the same system next to impossible.
>
> You may be running a system where even /bin and /sbin have ceased
> to exist as directories, and are merely symlinks to /usr/bin and
> /usr/sbin. Evolution? Tidying up? …

No. In Buster, /usr/(s)bin are still dirs on all the Linux computers
around here (2 AMD64 Busters and a Raspbian Buster):

root@sbox:~# ls -lh /usr | egrep bin
drwxr-xr-x   3 root root  60K Feb 24 16:48 bin
drwxr-xr-x   2 root root  20K Feb 24 16:46 sbin

root@gobook3:~# ls -lh /usr | egrep bin
drwxr-xr-x   2 root root  64K Feb 24 16:54 bin
drwxr-xr-x   2 root root  16K Feb 24 16:52 sbin

root@srv:~# ls -lh /usr | egrep bin
drwxr-xr-x   2 root root  36K Feb 18 09:52 bin
drwxr-xr-x   2 root root  12K Feb 18 09:52 sbin

Thanks for the explanation.

Both evolution and BandAids on BandAids seems to be the answer. Tidying
up, IMHO, bears some consideration. I've spent significant time cleaning
up my own code when things changed for no reason (none to me, anyway).

I haven't dealt anything as big or old as a kernel/disk layout, though,
so maybe the eleventy million links in Debian are justified there...

-- 
Glenn English

link question

[ghe]

What does, in /usr/bin/X11, 'X11 -> .' mean?

Looks to me like it means 'link  to '

When I do 'ls /usr/bin/X11 | grep X11' I get X11.
When I do 'ls /usr/bin/X11/X11/X11 | grep X11' I get X11.

When I do 'du -sh /usr/bin/X11/' I get 81M.
When I do 'du -sh /usr/bin/X11/X11/X11/' I get 81M.

When I do 'ls X11 >X11.a' and 'ls X11/X11/X11 >X11.b' and diff them, I
get a couple garbage lines and no other difference between the two X11s
(the dirs contain very large number of files).

My guess is that all the X11s are pointing to themselves. Anybody know
why that's done?

(I found this yesterday when SLiM, my DM, wasn't coming up -- I'd
managed to delete the entire /usr/bin/X11. But startx was starting XFCE
with no X11 dir. I'm missing something...)

-- 
Glenn English

XFCE doesn't start

[ghe]

On Mon, Feb 24, 2020 at 10:16:36AM -0500, Stefan Monnier wrote:


>> He said above that he expected the `slim` (aka SLiM) display manager.

> Oh.  I've never heard of that one.  It's cruel and unusual to make a
> display manager that doesn't have the letters "dm" in its name.

A good point, well taken. slim_the_dm would be nice.

/dev/sd? was nice too, except for the thumb drives. If I'd been writing
things, I'd have left the SATA/SCSI drives alone and called the USB
drives TD or USB. And maybe put a UUID on them --
the /dev/sds on the MB aren't going anywhere.

I liked eth too. I write software, and *what* it is is much more
useful to me than *where* it is. (I know it can be changed.)

You oughta take a look at slim. Very civilized. All it does is throw up
a pretty picture, ask for your name and PW, and start XFCE with its
marvelous terminal emulator. You can chose the font and size, set it to
display black type on a yellow background (the better to see), and have
it scroll back 2000 lines so you can tell what's going on.

Oh, and with XFCE, you can surf the web and play solitaire too.

> systemctl status slim
> journalctl -u slim
> dmesg | grep -i firmware
> less /var/log/Xorg.0.log
> cd /var/log && ls -lart | tail && less "whatever file is recently

Working on it. There seems to be /usr/bin/X11/x missing
(where it went and why are interesting questions). But amanda's writing
to tape just now, and it doesn't like to be disturbed.

Thanks much for the systemd suggestions. Looks like they're going to
solve the problem.

-- 
Glenn English

XFCE doesn't start

[ghe]

I've bent my system bad. When I boot, it comes up in the CLI -- not in
slim, to XFCE. It does the regular login and the .bashrc tricks, and
startx starts XFCE just fine.

I was trying to get my router to copy its config to the TFTP dir, and I
did something from how-tos on the 'Net (all kinds of different
suggestions) that told something not to start the GUI. I'm sorry, but I
don't know enough to say about what I did or what's broken.

Anybody have any ideas better than a reinstall? Or questions to ask?

Knowing what to do to get TFTP going would be nice too. It used to work
flawlessly, but now the dir on my disk and all my backups show /tftpboot
empty. And the router docs (a Cisco) don't have much to say about it. It
looks like I have the TFTP dir misconfigured on my disc, and it's been
years since I got things working.

--
Glenn English

*nix

[ghe]

‐‐‐ Original Message ‐‐‐
On Sunday, February 16, 2020 1:52 AM, Andrei POPESCU  
wrote:

> On Sb, 15 feb 20, 20:17:07, Charles Curley wrote:
> 
> > On Sat, 15 Feb 2020 14:03:02 -0700
> > ghe g...@slsware.net wrote:
> > 
> > > Until recently, the *nix communities have stuck pretty well to these
> > > recommendations -- they're just descriptions of competent programming,
> > > after all. There may be some discussion over the definitions of "one
> > > thing" and "well" but there is software in our Linux that, I think,
> > > doesn't conform to anybody's understanding of these maxims.
> > 
> > And then there are the exceptions that illustrate the rule. Emacs,

I've never had the pleasure of Emacs. Stallman wrote Emacs just to prove that 
Lisp, with serious modification, can be made to do useful work :-) 

> > LibreOffice, 

LO is several programs that each do a somewhat specific job. But there might be 
room for some discussion of 'one thing' in there. They do work pretty well, in 
my experience. Eventually.

> > and systemd

...

> If you truly believe in this principle without any exception throw away
> your Swiss army knife / Leatherman now.

OK.

Complexity of the software is for us programmers to deal with. Making the 
programs useful for a user can be one of the problems in our writing and 
design. That, I think, is what they meant by "One program doing the job well" 
-- users have a collection of reasonably straightforward and simple tools to do 
things, and the tools work. The screwdrivers and cork screws and knife blades 
can be piped together, you know. Or called in a script.

OTOH, I haven't heard of anybody having figured out how to pipe GUI stuff.


-- 
Glenn English

*nix

[ghe]

‐‐‐ Original Message ‐‐‐
On Friday, February 14, 2020 10:56 PM, Gene Heskett
 wrote:

> On Friday 14 February 2020 22:56:11 Richard Owlett wrote:
>
> > On 02/14/2020 12:52 PM, Gene Heskett wrote:

FYI, fogies, in the Jul-Aug, 1978 Bellsystem Technical Journal,
announcing Unix, in the Style section of the Foreward is a list of
"maxims...gained currency among the builders and users..." The first
sentence of the first maxim in the list is, "Make each program do one
thing well."

The second sentence is "To do a new job, build afresh rather than
complicate old programs by adding new 'features.'"

Until recently, the *nix communities have stuck pretty well to these
recommendations -- they're just descriptions of competent programming,
after all. There may be some discussion over the definitions of "one
thing" and "well" but there is software in our Linux that, I think,
doesn't conform to anybody's understanding of these maxims.

​--
Glenn English
-- 
Glenn English

change email addy

[ghe]

I need to change my email address for this list. There seems to be a lot
about subscribing and unsubscribing on Debian's site, but I couldn't
find anything about a new address.

Could someone who knows how to do this please let me know?

And don't send to the list. Send to ghe2...@protonmail.com.

TIA

-- 
Glenn English

Re: Ethernet trouble

[ghe]

On 1/31/20 2:42 PM, Reco wrote:

> As a programmer, you should be familiar with it :)

Very. And misconfigs too...

-- 
Glenn English

Re: Ethernet trouble

[ghe]

On 1/31/20 11:31 AM, Bob Weber wrote:

> I just ran a test on a VM that I installed last week so it is pretty
> much up to date.  I ran the command "ip a" which gave me the current
> undesirable name "enp1s0" and MAC address.

Check.

> First I created  /etc/systemd/network/10-eth0.link using the MAC address
> and the name eth0.  

Check. (changed the MAC in your cat of the link file and changed the
name in the interfaces file)

Rebooted and:

Jan 31 12:37:56 sbox systemd[1]: Starting Raise network interfaces...
Jan 31 12:37:56 sbox ifup[2147]: ifup: unknown interface enp7s0
Jan 31 12:37:56 sbox systemd[1]: networking.service: Main process
exited, code=exited, status=1/FAILURE
Jan 31 12:37:56 sbox systemd[1]: networking.service: Failed with result
'exit-code'.
Jan 31 12:37:56 sbox systemd[1]: Failed to start Raise network interfaces.

To the best of my knowledge, there is no enp7s0 anymore. Where does:

[2.445808] e1000e :07:00.0 enp7s0: renamed from eth0

happen? (dmesg | egrep enp)

Then there's another line:

[   12.130525] e1000e :07:00.0 eth0: renamed from enp7s0

That should have put eth0 back. Current guess is that sometime between
2.44 and 12.13, somebody tried to bring up the network interfaces and
failed.

So in my current config, eth0 gets changed to enp7s0, ifup is called to
bring up enp7s0, ifup fails because enp7s0 doesn't exist in the
interfaces file, then enp7s0 gets changed back to eth0. As a programmer,
I'm quite used to flaws in software, but lordie...

And systemd is calling ifup? Which relies on the old interfaces file,
and systemd relies on additional interface config file(s)?

After the boot, 'ifup eth0' by hand brings up the interface and ifconfig
shows it active and with the right name and IP. (So does ip a -- I keep
using ifconfig because that's what's in my scripts and it's what I'm
used to.)

-- 
Glenn English

Re: Ethernet trouble

[ghe]

> On Jan 30, 2020, at 04:48 PM, Bob Weber  wrote:

> "Example 3. Debugging NamePolicy= assignments" near the bottom of the page at
> "https://www.freedesktop.org/software/systemd/man/systemd.link.html;

Yeah. That's one I looked at. The one with the table of the Ethernet speeds and 
duplexity. And the list and descriptions of data that're sometimes needed in 
the file.

I'll look at this again tomorrow, Bob, but I'm really not impressed with the 
way systemd is setting up the Ethernet interfaces. Like I said before, 
"Counting Ethernet interfaces isn't rocket science." But it can be made so if 
you make things complex and spread the config over several dirs and several 
files, some of which are explained in the dox but turn out not to exist on my 
Buster disk. 

Somehow, back in the eth days, the data in Debian's /etc/network/interfaces 
file was enough to get networking going. Then, on an Ethernet network, the 
Ethernet chips pretty well figured out the best speed and duplex all by 
themselves as soon as they connected to something. 

> This nameing configuration has worked on 5 Debian systems all running updated 
> testing.

And counting interfaces has worked for me for a couple decades, on many systems 
and several OSs. But I'll find your earlier email and try systemd one more 
time. It'd be nice for the interface names to be, as systemd calls it, 
'consistent.'

And, FWIF, I appreciate your help and advice...

-- 
Glenn English

Re: Ethernet trouble

[ghe]

On 1/30/20 1:42 PM, Bob Weber wrote:

> That's why I recommended you look into systemd link files. 

I looked that up on the 'Net, and it seems pretty reasonable. I looked
around a bit and was told to edit

/usr/lib/systemd/network/99-default.link

(MAC addresses are back to hardware again, but easier to handle -- at
least they're the same whenever you look at them. And Debian puts config
files in /etc. Used to, anyway)

There's a line in 99-default.link about =persistent. The web
says that if I change that to 'none' I'll get the old names back.

I did, and I didn't.

> Systemd has
> the undesired effect of renaming interfaces.  You need to use the MAC
> address to indicate which port should be eth0 , etc.  

It looks like it'll take a lot more than changing a value in a config
file to have happen what I expect. I think I'll just leave things alone
for the time being. Now I know to expect systemd to break things, and
now I know to write around it. I was completely at a loss when those
numbers just changed for no apparent reason.

Counting Ethernet interfaces isn't rocket science.

Again, thanks list.

-- 
Glenn English

Re: Ethernet trouble

[ghe]

On 1/29/20 7:06 PM, David Wright wrote:

> These boards, do their PCI addresses have the save bus number but
> different slot/device numbers? dmesg or kern.log will give you
> those: they look like NN:DD.F optionally preceded by :, where
>  is the domain (typically ), NN is the bus, DD the device
> of slot, F the function(s) provided by that card, eg
> pci :00:0e.0: [10ec:8139] type 00 class 0x02

Well, I don't in any way consider myself a hardware guy, but in Java,
Pascal, C, PERL, Python, FORTRAN, BashScripts, etc, '+' usually does the
same thing every time I type it.

I looked at dmesg a bit. I greped it for 'enp' and there was a funny
joke in the first 2 lines (of the grep output):

[2.181317] e1000e :08:00.0 enp8s0: renamed from eth1
[2.422105] e1000e :07:00.0 enp7s0: renamed from eth0

So something took the rational Ethernet interface names and,
intentionally I assume, broke hundreds of lines of code.

Once I was installing a computer that had a single Ethernet port
soldered to the mobo (a Dell). I had an eth0, but I needed an eth1, so I
put a card in the PCI bus. On reboot, I had eth0 and eth1. 0 was the
mobo, 1 was the card. And it was eth1 no matter which slot it was in.

Or if I put in a sound-card.

They were named by function, not by bus and slot. As a programmer, I'm
much more interested in *what* they are, not *where* they are. I
especially don't need some broken piece of software to rename them.

I know I can put them back to the 'inconsistent' names in Grub, and I'll
be doing that -- and editing the shell scripts.

> AIUI it's nothing to do with the OS as these decisions are made by
> the firmware on the mobo. Juggling cards in a mobo can even outwit
> the BIOS so that the POST won't succeed: I've had mobos where I've
> had to empty the box, power-up and save the settings, add one card
> and repeat, add the next and so on, all to get a box with the cards
> I wanted, located where I wanted them.

With all the 'puters I've dealt with, I've never seen anything like
that. If I got one that did that, I'd have sent it back to Amazon and
bought a Dell or a Raspberry Pi or a SuperMicro -- something with a
competently written and tested BIOS.

Besides, we've got UDEV. It allegedly looks at hardware and makes it
make sense. To do that, it must, I suspect, ignore what the BIOS says
and scan the bus(es) itself. If it does that, my Ethernet ports would
have had the same labels, unless somebody renamed them. Would be the
same too, if they'd just been left alone.

I'm not looking forward to systemd.emacs.

-- 
Glenn English

Re: Ethernet trouble

[ghe]

(Blush, blush)

I took those boards out, and the names went back to what I'd expected
them to be.

I have no idea why. It doesn't make sense to me -- absolutely nothing
changed that had anything to do with Ethernet interfaces. The OS and the
BIOS didn't change either.

I put them back in, and the names changed.

When I originally installed the boards, the names didn't change.
(Buster, IIRC, was Testing back then.)

I've written a lot of software, but my worst bugs never did anything
like this. And I've been on Debian OSs for a long time, and I don't
remember anything like this. That's what Sid and Testing are for, but
Stable's for Internet servers and banks.

I'm really sorry for bothering the list, but you did manage to point me
to the solution. Thanks.

I hear the scriptKiddies haven't fixed the FreeBSD kernel yet.

-- 
Glenn English

Re: Ethernet trouble

[ghe]

On 1/29/20 8:14 AM, Curt wrote:

> You haven't been using a screwdriver lately by any chance?

Yes. I put a couple PCI cards back in. But the E'net ports had the same
names when they were in there earlier and when they were out. The change
happened when the were put back.

But that had nothing to do with naming Ethernet interfaces. At least to
a human it didn't. They're still on the same PCI bus (0, and soldered to
the same places on MB, as I find I've said before).

I'll take the UBS3 card and the RME sound-card back out and see what
happens.

Do you know something interesting about screwdrivers and UDEV?

-- 
Glenn English

Re: Ethernet trouble

[ghe]

On 1/29/20 8:04 AM, Curt wrote:

> 'p' indicates the PCI bus and 's' indicates the slot, was my
> understanding of the naming scheme. 

Yeah. That's what I was told too.

> Would a BIOS/Firmware upgrade
> modify the PCI bus and slot number of your Ethernet ports?

I doubt it. SuperMicro's BIOS writers aren't that stupid. I certainly
hope they aren't.

Besides:
1) There was no change to the BIOS.
2) The interfaces weren't moved anywhere. They're still soldered to the MB.

-- 
Glenn English

Re: Ethernet trouble

[ghe]

On 1/29/20 7:15 AM, Greg Wooledge wrote:

> If you can confirm that it was caused by (or at least, occurred after)
> a firmware upgrade, then at least you'll know that you need to be ready
> for another possible change the next time you upgrade firmware.

Nope. No change(s) in the firmware.

> The enp7s0 style naming is the new "Predictable Network Interface Names"
> scheme.  That is its official name.  It is not, however, an accurate
> description of how it works in reality.  As you've seen, the names
> are NOT predictable.

No, they certainly aren't. The scheme doesn't work. The interfaces are
soldered to the MB, and there were no new ones added, so there should be
no changes in the naming.

> The new workaround to replace udev involves setting up a "dot link"
> file for each interface.  You can do lots of different things, but the
> one that most people will actually care about is mapping a MAC address
> to a name of your choice.  E.g. you can decide to map MAC address
> 01:23:45:67:89:ab to interface name "dmz0", or whatever makes sense
> for your networks.

I've fought with UDEV before, several Debian releases ago. I didn't know
UDEV was responsible for all this. Thanks for the pointer -- I'll see
what I can find in UDEVs config.

-- 
Glenn English

Ethernet trouble

[ghe]

Buster, SuperMicro box

The labels for my Ethernet ports have changed.

There are 2 ports on this box. They used to be called enp6s0 and enp7s0.
Now they're called enp7s0 and enp8s0 (6, 7, and 8). I've rebooted 3
times, and they don't change.

My /etc/network/interfaces had config info for 6 and 7 -- 6 auto, 7 DHCP.

After boot now, there are no interfaces listed in ifconfig (except lo).
And the routing table is empty. ifconfig -a shows 7 and 8.

When I ifup 6, it says it can't find an interface. ifup 7 configures
correctly as described in the interfaces file -- it DHCPs the WiFi out
in the hall and brings up this end of bridge from Ethernet to the WiFi.

If I change 6 to 7 in the interfaces file, comment out 8, and reboot, 7
configs properly, the way 6 used to.

Changing 7 to 8, uncommenting 8, and ifup'ing 8, gets 8 configured
correctly and connects to the bridge.

Everything seems to work as 7 and 8. But this morning, it was 6 and 7.
My shell scripts are all broken now and I'm afraid that next week, after
I change all my scripts, something will change things back. Or increment
them again.

Anybody have an explanation? Or somewhere I can start looking? Or know
how whatever labels Ethernet ports does it (or why they weren't called 0
and 1 in the first place)?

-- 
Glenn English

Re: Dell BIOS Changes

[ghe]

On 1/27/20 10:13 PM, J. D. Leach wrote:

> I suspect Microsoft is back to trying to squelch the use of software
> other than what it approves of.

"Sells" you mean...

I bought a Dell laptop a couple years ago, and it had a 'BIOS' like you
describe. But there was an option in the several pages of BIOS to use
'Legacy' mode. It wasn't like any legacy BIOS I'd ever seen, but I did
manage to get it to boot a civilized OS.

I just looked at servers on their website, and they have a feature they
call "Optional Operating System". That implies they are available
without Windows and will boot Debian. Servers, anyway.

-- 
Glenn English

Re: Planning a Debian NAS

[ghe]

On 1/27/20 12:43 PM, deloptes wrote:

> perhaps yes as it is more or less normal linux, but where do you attach the
> disks - do you think of using a SATA extention?
> 
> I do not know what is the throughput of such extentions, but should be
> considered.

The USB3 ports on the 4 might be fast enough. I have one,but I haven't
played with it much. I've heard mild horror stories about the 4.

-- 
Glenn English

Re: Planning a Debian NAS

[ghe]

On 1/27/20 11:00 AM, Aidan Gauland wrote:

> Can a r-pi be set up with RAID easily?

Define 'easily' :-)

Its OS is a reasonably close clone of Debian, and I've had very little
trouble doing *nix tricks with it. But there's no disk and no SATA
interfaces. A couple USB disks would do it, but I don't know if it'd
recognize then for a RAID.

-- 
Glenn English

Re: Planning a Debian NAS

[ghe]

> On Jan 25, 2020, at 06:34 PM, Aidan Gauland  wrote:
> 
> I want to set up a file server on my home LAN with just consumer-grade 
> hardware, and run Debian stable on it.  For hardware, I am probably going to 
> get a refurbished mid-range tower with a four to six 3.5" SATA drive 
> capacity, and put WD Reds in it.

If you don't already have all the router(s) and WiFi access points and such, 
may I suggest a pile of Raspberry Pis. I have a couple of them in the LAN 
around where I live, and they're working quite nicely (they're running on UPSen 
-- I don't know how reliable they'd be with wall electricity). Competent HowTos 
for those jobs are readily found on the Internet.

Mine are all RPi3+.

The biggest disadvantage to them is the damn wall warts. But they seem to be 
quite happy with power from a USB3 hub...

-- 
Glenn English

Re: Sudo

[ghe]

On 1/25/20 11:14 AM, Charles Curley wrote:

> Are you sure it's root's password that sudo wants? Try giving it your
> user account's password.

su wants root PW. sudo want's user's.

-- 
Glenn English

Re: Clarification Re: Displaying an arbitrary file in _both_ HEX and ASCII

[ghe]

On 1/23/20 3:10 PM, to...@tuxteam.de wrote:

> On Thu, Jan 23, 2020 at 09:42:11PM +, Joe wrote:
>> On Thu, 23 Jan 2020 15:20:44 -0600
>> Richard Owlett  wrote:
>>
>>
>>>2. I repeatedly mentioned/implied *DISPLAY*.
>>>   I never even hinted at editing.
>>>
>>
>> I think you'll find that displaying a file as hex and ASCII is pretty
>> much of a monopoly of hex editors.
> 
> ...except the most obvious choice for command line folks, "hexdump -C",
> which was already mentioned in this thread.

Or hexedit  (CTL^C to get out)

-- 
Glenn English

Re: Pluma's syntax highlighting

[ghe]

On 1/12/20 5:59 AM, Richard Owlett wrote:

> I'm attempting to understand a shell script.



> to add highlighting which Pluma does not provide by default.

A bit OT reply: vim does do highlighting that makes some sense (to me),
in sh and Python, anyway.

-- 
Glenn English

Re: after installing viber, nowhere to be found?

[ghe]

> On Jan 9, 2020, at 10:57 PM, kaye n  wrote:
> 
> Here it is.
> 
> kaye@laptop:~$ sudo whereis viber
> [sudo] password for kaye: 
> viber:

It's not on the machine. That explains q lot.

A new install might be in order. Try aptitude or maybe synaptic -- something 
that talks a little more than apt-get.

Hmm. On my box (Buster) aptitude claims there is nothing called 
viber- at any of my mirrors. I think you need more help than I can 
provide. Can anybody help OP?

-- 
Glenn English

Re: after installing viber, nowhere to be found?

[ghe]

> On Jan 9, 2020, at 10:28 PM, kaye n  wrote:
> 
> Hello friends,
> 
> My system is:
> Host: laptop 
> Kernel: 4.19.0-6-amd64 x86_64 
> bits: 64 
> Desktop: Xfce 4.12.4 
> Distro: Debian GNU/Linux 10 (buster)
> 
> Following the instructions on this web page:
> https://snapcraft.io/install/viber-unofficial/debian
> 
> I installed viber with these commands:
> sudo apt update
> sudo apt install snapd
> sudo snap install viber-unofficial
> 
> It seemed successful, but I can't find it anywhere in the system.
> Opening Application Finder and typing viber does nothing, neither in the 
> terminal.
> 
> Thank you!

Try 'sudo whereis viber' at the CLI? I have no explanation for its not showing 
up in the menu, but I'm pretty sure somebody else on this list has a great and 
accurate explanation :-)

-- 
Glenn English

Re: apple mini

[ghe]

> On Jan 8, 2020, at 07:46 PM, Michael Stone  wrote:
> 
>> If you need to protect against an attacker willing to examine your HDD with 
>> magnetic force microscopy, there is no substitute for physical destruction 
>> of the media.
> 
> Yes--if single-pass all-zeros erase isn't sufficient, the next step up is 
> physical destruction, not multi-pass pattern mumbo-jumbo.

Back in the analog days, I worked at a college radio station that sent out 
radio programs on tape. There was a big box that we passed a reel of tape over 
to erase it. That box might do disks too :-)

Unless there was some magnetic magic written on the disk for the firmware.

-- 
Glenn English

Re: apple mini

[ghe]

On 1/8/20 1:21 PM, Michael Stone wrote:

> If you use /dev/zero you'll be limited by the speed of the disk. If you
> use /dev/random you'll run probably under 1 megabyte per second (that
> is, probably on the order of 100 times slower; unless your night is more
> than a month long it won't be overnight on a modern disk). 

Ah. I've always done one pass of dban on 500G disks (just servers -- not
a whole lot of pictures) and it didn't take too long (couple hours or
so, IIRC).

I've never tried it on the 12T blackHole.

The size of the disk in the Mini might be useful information. The Minis
I've encountered had fairly small disks.

>> In that case, dban or equivalent. Still overnight.
> 
> how does running another program change anything?

dban claims to have available some serious DoD wiping algorithms.

dd doesn't claim anything but writing once.

> Verification is making sure that you actually did what you think you
> did. 

Oh. Like verifying a backup. /dev/zero does make a lot more sense in
that case.

>> but a few passes from dban sure will improve security 
> 
> no, it won't; one pass is sufficient.

According to the dban dox, multiple passes do make a difference. I've
never understood why writing the same tracks over and over makes much
difference, though. But I've seen it in more than one place.

-- 
Glenn English

Re: apple mini

[ghe]

On 1/8/20 11:59 AM, Michael Stone wrote:

> No, that's still an unnecesarily slow alternative 

Hence the suggestion to run it overnight, while asleep. And, I suspect,
dd is plenty good enough to make the disk in a Mac Mini unreadable by a
Mac OS.

> which will not improve
> your security but will make verification harder. :)

In that case, dban or equivalent. Still overnight.

I don't know what verification is, but a few passes from dban sure will
improve security -- in case a disk full of random bytes (or zeros) is
going to be inspected with some hard core instrumentation.

-- 
Glenn English

Re: apple mini

[ghe]

On 1/8/20 10:44 AM, Felix Miata wrote

> If you're seriously concerned the next owner might try that, create a new file
> full of junk from /dev/random or from /dev/null that fills the existing 
> freespace,
> then remove it.

This is not at all a major job. Just get dd copying from /dev/random to
/dev/ before you go to bed tonight. Things will be all better
in the morning.

-- 
Glenn English

Re: buster xfce fails to start

[ghe]

On 1/6/20 10:48 AM, Russell L. Harris wrote:
> On Mon, Jan 06, 2020 at 09:42:46AM -0500, Kenneth Parker wrote:

>> That's funny:  I installed Buster on a Laptop just last week via
>> netinst, and
>> selected xfce (Expert Install menu), and got lightdm.  What's
>> different with
>> the Original Poster?   For example, did you forget to Select a Username?

Oops. I forgot that the first thing I do is replace lightdm -:)

> P.S. I specified XCFE because I hate the Gnome scheme ("It's there,
> but invisible; just search for it with the mouse."); I need to see
> menus.

XFCE's way less 'user friendly' than Gnome. But when you get used to it,
you'll be much happier, IMHO.

> P.P.S.  Typing "startx" at the CLI returns an error message, something
> like "xserver not available"...

Something's bent. I've never had your problem(s) either. It looks to me
like something's missing in X. If I were in your situation, I wouldn't
waste time trying to figure out what's missing and what to do about it.

Perhaps a reinstall in in order. Do you use the 'Expert Install' menu?
Kenneth and I do, and it works real good for both of us.

-- 
Glenn English

Re: buster xfce fails to start

[ghe]

> On Jan 6, 2020, at 01:37 AM, Russell L. Harris  wrote:
> 
> I just installed Buster via netinst on an amd desktop.  I specified
> xfce.  The system boots but no login screen or GUI appears.  Alt-F4
> allows me to log in and reboot or shutdown.

XFCE doesn't have a GUI login; you have to install one. I've used slim for 
years, on many computers.

Or you can just log in to the CLI and type 'startx.'

-- 
Glenn English

Re: apple mini

[ghe]

> On Jan 5, 2020, at 02:54 PM, mick crane  wrote:
> 
> yes I know this is Debian user list
> yes I know that apple is unix.
> I got an apple mini to give to somebody
> to clean it up is that
> "userdel"
> "makeusr" or something like that ?
> mick
> -- 
> Key ID4BFEBB31

Plain old dd'l fill a disk with zeros or random bytes if you ask nicely. OS X 
probably has it; if not, a live Linux CD will.

Or if you want a multi-pass DoD wipe, try DBAN:

https://sourceforge.net/projects/dban/

It's free and works just fine (I haven't run it on a Mac anything, though), 
despite the sales pitch on the website and the adware in the software. You 
download it, burn it to CD, boot the CD, and answer some questions. It wipes 
all the hard disks it can find.

There are several free Mac disk wipers, too.

-- 
Glenn English

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[ghe]

Sven and Andrei, I told you lies. The script's not a daemon. I added
Sven's suggested lines to the .service file, re-enabled it, rebooted,
and it came up exactly as I wanted it to.

Apparently what it does is build an iptables firewall, and quit. Then
when I ask for things, it  comes up, crudely parses my command, and runs
iptables commands to do what I ask.

Like I said, it's been a very long time since I wrote it, and I didn't
know what a daemon was at the time. I thought I did, and there are some
init files imported into the script.

I consider the problem fixed. I thank you for your patience and help.
And I apologize for the bad info I gave you.

Do you still want the files?

-- 
Glenn English

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[ghe]

On 12/31/19 6:09 AM, Sven Hartge wrote:

> Care to share your Shell-Script? 

I'd have no problem with that -- it's been very useful to me over the
years, and I'd be glad for someone to use it.

However. It was written 20 years ago when I was just figuring out Linux
and the shell, and it's been 'updated' many times. It's an embarrassing
mess now. If you're willing to consider it the work of a 6 year-old and
provide significant slack, I'll gladly publicize it.

But let me look into things a bit more first.

-- 
Glenn English

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[ghe]

On 12/31/19 1:05 AM, Andrei POPESCU wrote:

>> I guess I misunderstood the term 'daemon.' I thought it was just a 
>> piece of software that, when run, stays run until it's through -- when 
>> it's started at boot and has no exit, hangs around in the background 
>> doing stuff. Unless somebody tells it to stop.
> 
> Right. Does your script work like this? I'm asking because typically 
> scripts do their thing and then exit.

Yes, it does. It's a huge (for .sh) program (Python was unavailable at
the time :-) that will, interactively, display and modify the iptables
chains. There are several other .sh and PERL scripts I've written that
do similar things -- intended to be daemons, as I understood it.

> Try systemd.service(5).

In man? I will.

But what I'm really looking for is a comprehensive book on systemd like
the 40 pounder 'Learning Python' or other O'Reilly, etc, books that've
saved my life in the past few years. (I'm more comfortable with dead
trees than I am with screens.)

-- 
Glenn English

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[ghe]

> On Dec 30, 2019, at 05:47 PM, Sven Hartge  wrote:
> 
> Please show the output of
> 
>systemctl cat YOUR_SERVICE_UNIT
> 
> This will show all additions and overrides to the unit.

root@test:~# systemctl cat ipfilter
# /usr/lib/systemd/system/ipfilter.service
[Unit]
Description=packetFilter

[Service]
ExecStart=/etc/ipfilterfiles/ipfilter.sh on
ExecStop=/etc/ipfilterfiles/ipfilter.sh off

[Install]
WantedBy=multi-user.target

> Your shell script isn't really daemon, so it is normal to not stay
> running after it setup the iptables rules.

I guess I misunderstood the term 'daemon.' I thought it was just a piece of 
software that, when run, stays run until it's through -- when it's started at 
boot and has no exit, hangs around in the background doing stuff. Unless 
somebody tells it to stop.

This code has, under the old init system, been thinking it's a daemon for a 
couple decades now. But you're right. On other systemd computers, I have to 
start my local firewall by hand, like I have to with BIND on the DNS server. 

> I think your unit is missing the following:
> 
> ,
> | [Service]
> | Type=oneshot
> | RemainAfterExit=yes
> `

That makes sense. I'll insert those lines and see what happens. 

I knew it'd be trivial when it came to light what I was missing. Thanks a lot.

(grumble, grumble, systemd, grumble, grumble)

>> And how did that file get in /usr? When I wrote it, it was in
>> /lib/systemd/system.
> 
> usr-merge is the keyword here.

What's that? I never heard of that before, and I certainly didn't ask for it. 
One of the reasons I run Debian was that the config stuff is all in /etc. And, 
it goes without saying, stays there.

As I said before, (grumble, grumble, systemd, grumble, grumble). It seems to be 
pretty nicely done system code, but with an absolutely abominable user 
interface. So far, I know of systemd dirs in /lib, /etc, and /usr. That's no 
way to run a *nix railroad.

While I have you on the hook, Sven, how/where did you get your systemd 
knowledge? I've looked around, and I haven't seen any mention of what you just 
told me. 

-- 
Glenn English

Re: Back to systemd [was: Re: New list for Raspbian? (was: Re: systemdq)]

[ghe]

On 12/30/19 3:54 PM, Andrei POPESCU wrote:

> Please show us the full output of
> 
> systemctl status YOUR_SERVICE_UNIT

root@test:~# systemctl status ipfilter
● ipfilter.service - packetFilter
   Loaded: loaded (/usr/lib/systemd/system/ipfilter.service; enabled;
vendor preset: enabled)
   Active: inactive (dead) since Mon 2019-12-30 16:23:33 MST; 1min 41s ago
  Process: 393 ExecStart=/etc/ipfilterfiles/ipfilter.sh on (code=exited,
status=0/SUCCESS)
  Process: 1520 ExecStop=/etc/ipfilterfiles/ipfilter.sh off
(code=exited, status=0/SUCCESS)
 Main PID: 393 (code=exited, status=0/SUCCESS)

Dec 30 16:23:00 test ipfilter.sh[1520]: [ OK ]   Saved HTTP_BLK to
/etc/ipfilterfiles/savedHTTP_BLK.sh
Dec 30 16:23:00 test ipfilter.sh[1520]: [ OK ]   Saved POP_BLK to
/etc/ipfilterfiles/savedPOP_BLK.sh
Dec 30 16:23:00 test ipfilter.sh[1520]: [ OK ]   Saved NTP_BLK to
/etc/ipfilterfiles/savedNTP_BLK.sh
Dec 30 16:23:01 test ipfilter.sh[1520]: [ OK ]   Saved SMTP_BLK to
/etc/ipfilterfiles/savedSMTP_BLK.sh
Dec 30 16:23:01 test ipfilter.sh[1520]: [ OK ]  Accepting all slsware
Dec 30 16:23:33 test root[1751]: packetFilter: off (ACCEPT all) at Mon
30 Dec 2019 04:23:33 PM MST
Dec 30 16:23:33 test ipfilter.sh[1520]: [ OK ]  Accepting all input
Dec 30 16:23:33 test ipfilter.sh[1520]: [ OK ]  Accepting and
masquerading all routing
Dec 30 16:23:33 test ipfilter.sh[1520]: [ OK ]  Accepting all output
Dec 30 16:23:33 test systemd[1]: ipfilter.service: Succeeded.


> immediately after boot and also explain what makes you think the service 
> is not actually running.

root@test:~# pfil status

 Running on host: test.slsware.net


--- FILTER table---

Chain INPUT (policy ACCEPT 3 packets, 108 bytes)
num   pkts bytes target prot opt in out source
 destination
1   58  5941 ACCEPT tcp  --  *  *   0.0.0.0/0
 0.0.0.0/0tcp dpt:22
25   380 ACCEPT all  --  *  *   216.17.134.0/24
 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target prot opt in out source
 destination
Chain OUTPUT (policy ACCEPT 8 packets, 488 bytes)
num   pkts bytes target prot opt in out source
 destination
1   52  7719 ACCEPT tcp  --  *  *   0.0.0.0/0
 0.0.0.0/0tcp spt:22
25   380 ACCEPT all  --  *  *   0.0.0.0/0
 216.17.134.0/24

--- NAT table---

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target prot opt in out source
 destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target prot opt in out source
 destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target prot opt in out source
 destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target prot opt in out source
 destination


iptaples.sh is big shell script I use on all my computers. pfil (packet
filter) is an alias to save a little typing.

Those steps it goes through in the systemctl status command are some of
the steps it goes through when I stop it by hand (pfil stop). This looks
like it's been started, then immediately stopped. The 'pfil status'
display's the state of the iptables firewall.

If it were running, there'd be many lines from 'pfil status' (attached
if you're interested).


The service file:

root@test:/lib/systemd/system# cat /usr/lib/systemd/system/ipfilter.service
[Unit]
Description=packetFilter

[Service]
ExecStart=/etc/ipfilterfiles/ipfilter.sh on
ExecStop=/etc/ipfilterfiles/ipfilter.sh off

[Install]
WantedBy=multi-user.target


And how did that file get in /usr? When I wrote it, it was in
/lib/systemd/system.

And this all on the RPi4.

-- 
Glenn English
Turning it on:

root@test:/lib/systemd/system# pfil on

 Running on host: test.slsware.net

 Initializing the netfilter chains
[ OK ]  Accepting all slsware
[ OK ]  Netfilter chains initialized
 Loading the netfilter chains for outside IP 216.17.134.204
[ OK ]  TCP SMTP (25) on the local nets
[ OK ]  TCP SMTP (25) from almost anywhere
[ OK ]  TCP POP3 (110, 995) from anywhere
[ OK ]  TCP IMAP (143, 993) from anywhere
[ OK ]  UDP DCC (6277) from anywhere
[ OK ]  TCP HTTP (80) from anywhere
[ OK ]  TCP SSH (22) on the local nets
[ OK ]  TCP FTP (21) from anywhere
[ OK ]  TCP HTTPS (443) from anywhere
[ OK ]  TCP RSYNC (873) on the local nets
[ OK ]  TCP AUTH (113) on the local nets
[ OK ]  TCP SMTP on port 537 from anywhere
[ OK ]  UDP RIP-2 (520) on 224.0.0.9 -- the IANA assignment
[ OK ]  UDP NTP (123) from anywhere
[ OK ]  UDP TRACEROUTE (33434) from anywhere
[ OK ]  UDP and TCP DNS (53) from anywhere
[ OK ]  Netfilter chains loaded
 Enabling the netfilter chains
[ OK ]  Netfilter chains enabled
 Starting other iptables daemons (if any)
 Loading the saved 

Re: various raspbian x posts

[ghe]

On 12/30/19 3:56 PM, Andrei POPESCU wrote:

> And this is the output to exactly what command?

Now that's a good question. I really don't remember. There've been so
many in the last few days, and that came up very early.

-- 
Glenn English

Re: various raspbian x posts

[ghe]

On 12/30/19 2:22 PM, Andrei POPESCU wrote:

> I was asking for examples of non-meaningful systemd error messages. Oh 
> well...

I've got one, Andrei:

"Systemd service ssh cannot be created unless command is given"

That's systemd saying it needs a command. Search the web for "systemd
command" and see what you get :-)

-- 
Glenn English

Re: New list for Raspbian? (was: Re: systemdq)

[ghe]

On 12/30/19 1:08 PM, Greg Wooledge wrote:

> Did you forget to "enable" it?

Nope. It works by hand, and after boot, systemctl status claims it's
running. But is isn't.

> See also .

Already saw it :-)

I'm missing something that is going to be patently obvious when I do it.
I've done the things from many web sites, but it doesn't quite work yet.

And O'Reilly doesn't have a book on systemd yet...

-- 
Glenn English

Re: New list for Raspbian? (was: Re: systemdq)

[ghe]

Goodness. My asking for a little help with systemd seems to have started
the closest thing to a flame war I remember seeing on a Debian mailing list.

I apologize for that, but I learned a lot. SSH works now, but I can't
get my own *.service file to work at boot (does manually, though), but I
now have several things to look for.

With this problem, I probably should have asked the systemd-user list,
but it doesn't exist. The systemd-devel list does and they say user
questions are welcome, but subscribing to it is a real PITA, and the
process didn't work for me (the web page kept saying I didn't respond to
the Capcha -- there was none).


To the subject at hand:

On 12/30/19 10:40 AM, rhkra...@gmail.com wrote:

> I find forums much less convenient than mail 
> lists.

As do I. That's why I asked the debian-user list. On this list, you ask
a question; you usually get a knowledgeable human on the other end with
an answer in just a few minutes.

So let me add a vote for the suggestion that a raspian-user list would
be a good idea. Even though it would likely quickly fill up with people
trying to build science fair projects.

A systemd-user list would be a good idea too.

-- 
Glenn English

Re: systemdq [Solved]

[ghe]

On 12/29/19 10:21 AM, Reco wrote:

> On Sun, Dec 29, 2019 at 09:40:29AM -0700, ghe wrote:
>> Somebody just forgot to enable SSH while preparing the Raspian Buster
>> release, it looks like.
> 
> Nope. It was deliberate - [1] (note the "ssh" part).

Amazing. I'm a self-taught *nix geek, but I've never seen a release
without SSH. Not since I figured out what SSH is, anyway. Makes me
question the sanity of the otherwise quite rational 'Pi folks.

> Reading error messages is not a viable substitute to reading the
> documentation. At least the distribution one.

Look. The problem was with the lame systemd error message. It didn't
provide enough info to figure out how to correct my action. And I did
look for dox. I looked for systemd commands, and didn't find anything
useful. That's why I asked the list. What I needed was a little help
from somebody who knows systemd.

When I try to use a CLI program from the 'apt' collection as a user, the
error message says 'Are you root?' -- useful information.

If the systemd message had said something like "A unit file isn't
enabled' or something like that, I probably would have found the
solution. After a couple responses from the list, I had an idea of how
to look up a solution. And in 5 minutes, all was well.

> Small "problems" such as this "ssh-sshd" discrepancy is the reason
> Raspbian is frowned upon here. It's close to Debian yes, except for such
> small yet fundamental parts, which makes it different to Debian.

I didn't know that. They claim it's the same (with a peculiar /boot
directory), and in the time I've been using 'Pis, I've never seen one do
anything different from a Debian box.

With this trouble, though, there was no difference between Debian and
Raspian. Same systemd, same .system files, same SSH, same systemd
command to get it started.

Why it was disabled is a matter for another discussion...

-- 
Glenn English

Re: systemdq [Solved]

[ghe]

On 12/29/19 7:07 AM, Andrei POPESCU wrote:

> The correct solution to your problem would have been:
> 
> systemctl enable ssh

Exactly.

The ssh.service files are identical on Debian Buster (this box) and on
Raspian Buster (the RPi4 over there). As is the list of ssh* files --
was before I created sshd.service on the RPi, anyway.

Somebody just forgot to enable SSH while preparing the Raspian Buster
release, it looks like. And I didn't know enough about systemd to
realize that was what the error message was trying to tell me.

-- 
Glenn English

Re: systemdq

[ghe]

On 12/28/19 2:57 PM, Charles Curley wrote:

> Oddly enough, the sshd package does not provide sshd.service as a file
> at all, but may create it as part of the installation process. It does
> provide ssh.service. 

I haven't looked at the Debian unit files, but SSH and SSHD both seem to
be in the Raspian ssh.service file. I suspect I would have been OK
enabling the plain old SSH file.

> This leads me to wonder if something is not right
> with the rasbian package.

Not a big surprise to those who've spent some time fighting with the 4.

> Do you have both the server and the client installed? On Debian, you
> need openssh-client and openssh-server.

Yes. All is working as expected now.

-- 
Glenn English

Re: systemdq [Solved]

[ghe]

Trivial in retrospect.

There were several ssh* files in /lib/systemd/service. None named sshd*.
I copied the one named ssh.service to sshd.service, enabled it,
rebooted, and there is was.

An interesting question is why things are different in Raspian Stretch
on a 3+. For the time being, I'll just blame the RPi4 OS/motherboard. Or me.

Thanks all.

-- 
Glenn English

Re: systemdq

[ghe]

>>Have you tried commands of this sort?

# systemctl enable sshd.service
# systemctl start sshd.service
# systemctl status sshd.service

>From asking it to start at boot:

Failed to save action : Systemd service ssh cannot be created unless a
command is given


Trying the suggested commands:

Failed to enable unit: Unit file sshd.service does not exist.

Failed to start sshd.service: Unit sshd.service not found.

Unit sshd.service could not be found.

> Have you tried removing openssh-server package and reinstalling it?
> If you re using any version of Debian the default
> installation comes with sane defaults and it leaves the service
> enabled and running.

Reinstalling (from an RPi mirror) did nothing. Trying to get it started
at boot gave the same error message as before.


My problem was the lame error message -- there are lots of commands on
my server. The suggestions from the list gave me enough info that I feel
I have some things to look after. Looks like creating an sshd.service
unit file would be a good idea.


I was also glad to see that Gene had gone back to Raspian -- my next
step was going to be installing Genuine Debian. Raspian on the RPi4 is,
IMHO, less than stable.

-- 
Glenn English

Re: systemdq

[ghe]

On 12/27/19 5:02 PM, Nektarios Katakis wrote:

> Have you tried removing openssh-server package and reinstalling it?

Another hopefully good suggestion. Thanks, and I'll try it.

> If you re using any version of Debian 

Raspian Buster.

-- 
Glenn English

Re: systemdq

[ghe]

On 12/27/19 4:50 PM, Linux-Fan wrote:

> Have you tried commands of this sort?

Not yet, but I will in a few minutes. My problem was that the error
message was more of the "Oops" type rather than suggesting what I might
do about it.

> # systemctl enable sshd.service
> # systemctl start sshd.service
> # systemctl status sshd.service
> 
> Even if you already tried them without solving the issue, the commands'
> outputs would still be interesting.

I'll reply to the list.

-- 
Glenn English

systemdq

[ghe]

SSH isn't starting at boot on my server. When I try to set it to do
that, systemd says it can't do that 'without a command.'

What kind of command makes it happy? Where does it need to be?

(I've futzed with the ssh file in /etc/default, even entered a command:
(qwerty="42" -- it wasn't impressed). I looked around on the web (lots
of info about systemd commands, but nothing about what I need.)

Help??

-- 
Glenn English

Re: Home made backup system

[ghe]

How about writing a little script for rsync saying how you want it to
backup, what to backup, and what not to backup and set cron jobs for
when you want it to run. In the cron jobs, tell it to write to different
directories, so to keep several days or backups.

Not as smart as amanda (it'll backup more than necessary), but I think
it'll do the job with a whole lot less configuration.

I use something like this to backup a domain a thousand miles away.

-- 
Glenn English

Re: looking for a replacement for debian since systemd

[ghe]

On 12/14/19 2:35 PM, Darac Marjal wrote:

> Why do people get so het up about Ethernet names in Linux? They're
> renamable quite easily. So you can have "eth0" or "ens92" or "wlp0s41"
> or "internet" or "Local Area Connection 1" if you like. Well, perhaps
> not the last one. I'm not sure about spaces.

I didn't know it was possible to change them back then.

And Linux does all kinds of 'interesting' things with spaces :-)

-- 
Glenn English

Re: looking for a replacement for debian since systemd

[ghe]

> On Fri, Dec 13, 2019, 17:12 Britton Kerin  wrote:
> 
>> I see from below vote that we're working on dumping other init systems
>> now as expected.  Luckily I've given up on debian since systemd in the
>> first place and am in long process of finding a replacement.

Might want to take a look at the BSDs too, if you'd like to learn some
new stuff.

I tried a while back (the 'ballot' on the Debian site says not to
badmouth systemd), and freeBsd was the one I came closest to getting to
run. Very nice people, and I know a couple admins who swear by it.

I came back to Linux because the disk and Ethernet names in /dev were so
much easier to deal with in Linux. I see Linux has fixed that now...

-- 
Glenn English

Re: Is this ALL good advise

[ghe]

(Please excuse topPost. )

I'm use protonmail. I run a tiny domain. And I use 2 email
clients/servers: protonmail and Thunderbird. I'm quite happy with
protonmail (PM).

On 12/4/19 3:33 PM, Gene Heskett wrote:
> On Wednesday 04 December 2019 16:17:46 Andrei POPESCU wrote:

>> On Mi, 04 dec 19, 12:49:53, Gene Heskett wrote:
>>> Which bring me to the table to ask about protonmail. Who pays for
>>> that supposedly secure service at the end of the month? Simple
>>> TANSTAAFL, a law that can't be broken and have survivors, John.

Ain't no FL. It's more like a Free Nibble. The free account is pretty
limited -- plenty for me, but there are others who'll eat up their 500M
cache pretty quickly. And the next step up is $4 a month. Not much if
you're paying for an ISP and a room full of computer toys.

>> This is more than enough for me for the stuff I don't want on GMail.

I was on GMail. At GMail, you don't pay for the service, Amazon does.

PM is a lot like GMail -- webBased, kinda free. It even looks a lot like
GMail.

It's not real fast, though. All that cryptography runs through a lot of
CPU cycles. And as best I've been able to find out, they're running on a
/29.

>>> And an it follows question, how does it work with mailing lists such
>>> as this one?

That I don't know. My mailing lists, so far, come in on Thunderbird.
GMail worked, and I can't think of any reason PM wouldn't.

>> What's the point in using something like ProtonMail with a publicly
>> archived mailing list?

Yup. No point to that. Except that Google doesn't get to suck your data.

>> In any case you will be needing key(s).
>> See https://wiki.debian.org/GnuPG for how to generate and manage them.

Not really. Protonmail generates them when you sign up, and the keys
don't go to a PGP/GPG database. That's a bit worrisome -- they're in a
database in Switzerland with no Chain of Trust.

I communicate with a friend down in Texas. He has Enigmail on his Ubuntu
TB, and PM is happy with his key. PM works transparently with other
protonmail installs, with his GPG key (I did have to tell PM that he has
one and I'd like to use it), and with unencrypted folk.

Highly recommended. Very nicely done by some folks at CERN.

I found out about it in an article on Internet security/privacy on the
New York Times -- it's safe for mortals.

OTOH, I haven't been able to get anyone around here to switch from GMail...

-- 
Glenn English

Re: alternatives to gmail?

[ghe]

On 11/19/19 9:16 AM, Karen Lewellen wrote:

> yet another reason to find another email provider, not to be confused
> with a webmail program requiring an email server I do not have for a
> computer i do not own running a Linux distribution I cannot access.

Sorry, I misspoke. Protonmail isn't webmail, it's a web based email
client just like Gmail, but with some significant improvements. If you
can use Gmail on a browser, you can use Protonmail on the same browser.

I heard about it in an article on Internet privacy in the New York
Times. For use by us mortals, for sure.

-- 
Glenn English

Re: alternatives to gmail?

[ghe]

On 11/19/19 5:53 AM, fsdu39d wrote:

> Problem with GMail is that it's constantly reading content of your emails and 
> works closely with government agencies to hand over and store your private 
> email to them.

I'm not sure what your goal is, but as fsdu39d posted from, protonmail
might be a possibility.

https://mail.protonmail.com

Developed by folks at CERN (hence the name, I suspect), in Switzerland
(no NSA or Google), webmail (with, unfortunately, Javascript), hard end
to end encryption (if requested and there's a PGP-like system on the
other end to decrypt), free (as in beer, but not as in GNU).

-- 
Glenn English

Re: fail2ban for apache2

[ghe]

On 11/12/19 5:46 PM, Gene Heskett wrote:

> Oh goody and I get to name & pick the file and its location. Now, wheres 
> a good place to put the restore in the reboot path? 

How about /etc? Or /etc/init.d? That's where mine is...

-- 
Glenn English

Re: fail2ban for apache2

[ghe]

Gene wrote

> So I had been adding iptables rules but had to reboot this 
> morning to get a baseline cups start, only to find my iptables rules 
> were all gone and the bots are DDOSing me again. Grrr

0) Can you block them with an ACL in your router/firewall? And wr mem so
the ACL will be there when it boots. (pardon the Cisco-ese)

1) There's a way (that I haven't needed to use yet) to put all your
iptables rules in a file to be used at every reboot. And I suspect
systemd knows how, or can be asked, to run that file on boot.

You may have to ask iptables to write that file every time you add IPs.

-- 
Glenn English

Re: fail2ban for apache2

[ghe]

On 11/10/19 8:55 AM, Gene Heskett wrote:

> Thats an approximate idea of my understanding how it works, but to 
> gradually transit from manual reading of the logs and applying iptable 
> rules to block the miscreants, the first step would seem to indicate 
> training fail2ban to read the same log file I am. 

Have you looked at Logwatch?

It'll tell you, every morning, the things iptables (and maybe fail2ban)
bounced, the IP, the protocol, the number of hits, and the port. From
that info, and whois on the IP, I can block, in iptables or the router,
entire naughty nets hitting my server (most nets I block are massive
jerks or outside this country).

-- 
Glenn English

Re: Backup Times on a Linux desktop

[ghe]

> On Nov 2, 2019, at 05:42 PM, Linux-Fan  wrote:
> 
> Konstantin Nebel writes:
> 
>> this is basically a question, what you guys prefer and do. I have a Linux
>> destkop and recently I decided to buy a raspberry pi 4 (great device) and
> 
> [...]
> 
>> Now i attached a 4 tb drive to my pi and I decided what the heck, why not
>> doing backups now.
>> 
>> So now I am thinking. How should I approach backups. On windows it does
>> magically backups and remind me when they didnt run for a while. I like that
>> attitude.

I've used Amanda (in a shell script like Gene does) for going on 20 years. It's 
been rock solid. I use it with tape, but I hear it backs up to disks too. The 
only thing I don't like about it (coming from memory of the experience when I 
configured it these many years ago) is that it's pretty difficult to get going. 
Now that it's going, though, I easily change things all the time.

Recovering from a backup is a reasonable job. I don't do it very often, but the 
recovery software is pretty good about asking questions and providing help if 
you haven't used it for a few months.

It doesn't do magic, like Winders does, though. You have to tell it what kind 
of magic you'd like. I have a cron job that runs the backup every couple days 
(in the middle of the night). And another that reminds me to change the tape -- 
amanda whines when I ignore the reminder/forget to change the tape. Very 
thoughtful and well done software.

Oh, and it backs up all the computers on my LAN, including my 'Pi. And as best 
I know, it's strictly CLI.

-- 
Glenn English

Re: Firefox Seems to Have a Mind of It's Own

[ghe]

On 10/24/19 9:14 AM, Stephen P. Molnar wrote:

> Firefox Quantum 70.0(64-bit) on Buster Wants
> 
> The browser always to use Bing for searches even though I've removed it
> from the list of search engines and selected Google as the default..
> 
> Has anyone else noticed this behavior?

No. Mine is set to DDG, and always goes there.

You might grep the Mozilla/Firefox/Thunderbird folder(s) for 'Bing' and
try replacing that with something civilized. (Copying the folder to .saf
first, in case it trashes your browser...)

Or maybe listen to others on this list who know what they're doing.

-- 
Glenn English

Re: Top 7 Programming Languages That Employers Really Want

[ghe]

On 10/18/19 11:44 AM, hdv@gmail wrote:

> On 18/10/2019 19.26, Doug McGarrett wrote:
> 
> ...
> 
>> I'm not sure if any Pascal compilers are still available, but
>> Turbo was the most popular back when. Until the last version
>> came out, and it was too complicated for its own good.
> 
> Forgive me for barging in, but I just had to answer that.
> 
> Sure there is! Take a look at Free Pascal (freepascal.org). It is very much
> alive. I use the RAD editor Lazarus (a clone of Delphi for those who still
> remember what that was) that goes with it regularly.

GNU claims to have one too. Search for 'linux pascal compilers'.

>> I took a good look at Python, and decided that the necessary
>> indentation was too much for me to deal with. Maybe there is
>> some kind of automated system for doing this, but I don't know
>> of it.

Vim knows about Python's indentation fixation. It automatically indents
when it sees a colon.

Pascal teaches you to think good thoughts. It's was a wonderful language
to learn back in the late 1970s.

Perl's mantra is "There's more than one way to do it". That's part of
the reason Perl's considered (by some) a write only language -- you
can't understand what you wrote last week.

Python's is "There's only one way to do it". I skipped Python a while
back because of the indentation, too. A Python program looks a lot like
a C program run through a prettyPrinter.

I miss C's preprocessor, but Python has some cool new data structures
and capabilities that more than make up for that omission. Still no
constants, though.


I'd suggest C, Java, Python3, some shell, Perl, and a few others the
employer uses. FORTRAN can be useful for some applications. But if they
want you to write COBOL or BASIC, look for another job :-)

-- 
Glenn English

Re: hostname?

[ghe]

On 10/5/19 3:18 AM, Curt wrote:

>>> root@pix:~# hostname -f
>>> hostname: Name or service not known
>>
>> OK
>>
> 
> "Name or service not known" is OK? You'd think it wouldn't be, and that
> that devil systemd, believing the static hostname for the machine is
> absent or invalid, is using the transient hostname as a fallback. 
> 
> There must be something escaping me here.

That's what the bent host said yesterday. This morning, after the fix
(an sd command to undo some malware activity):

ghe@sbox:~$ hostname -f
sbox.slsware.net

sd, I've noticed, often makes other software break. Several of my
scripts, for example, started producing peculiar output and/or crashing.

In this case, it broke the vastly complex 'hostname' command.

Whatever, all is (seems to be) OK now, thanks to this list and the
duckduckgo search engine...

-- 
Glenn English

Re: hostname? [fixed, I think]

[ghe]

hostnamectl set-hostname sbox, log out, log back in

The temp hostname disappeared, the CLI prompt is back to what it should
be and where I hope it will stay.

Still no idea of how/why this happened. I certainly didn't tell anything
to change my hostname.

List to the rescue. Thanks guys...

-- 
Glenn English

Re: hostname?

[ghe]

On 10/4/19 2:04 PM, Dan Ritter wrote:

> Righto. systemd strikes again. Here's the relevant man page
> bits:
> 
> hostnamectl may be used to query and change the system hostname
> and related settings.
> 
> This tool distinguishes three different hostnames: the
> high-level "pretty" hostname which might include all kinds of
> special characters (e.g. "Lennart's Laptop"), the static
> hostname which is used to initialize the kernel hostname at boot
> (e.g. "lennarts-laptop"), and the transient hostname which is a
> fallback value received from network configuration. If a static
> hostname is set, and is valid (something other than localhost),
> then the transient hostname is not used.
> 
> 
> 
> 
> In this case, systemd has helpfully decided that a name it is
> picking up from DHCP (most likely) is your system's temporary
> name. I'm not sure why anyone thought this was a good idea, but
> that's what it is.

There is no DHCP. Couldn't be that. I think.

> You can probably tell your dhcp client not to ask for the
> temporary/transient hostname, or tell systemd not to do this
> thing, but I don't know precisely how.

systemd is a mixed blessing. I'll see what I can find about this
'feature' on the web and/or the man page. Thanks for pointing me toward
systemd.

And thanks to the powers that be at Debian for including a significantly
buggy piece of software in the stable release...

Where's Ian?

-- 
Glenn English

Re: hostname?

[ghe]

On 10/4/19 1:36 PM, Dan Ritter wrote:

> Please show us:
> 
> /etc/hostname

root@pix:~# cat /etc/hostname
sbox

> /etc/hosts

root@pix:~# cat /etc/hosts
# /etc/hosts:  This file describes a number of hostname-to-address
#
# Host Database
# localhost is used to configure the loopback interface
# sudo cp hosts /etc ; dist `pwd`/hosts /etc all hosts
# The following lines are desirable for IPv6 capable hosts
# when the system is booting.  Do not change this entry.
#
::1 ip6-localhost   ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

127.0.0.1   localhost.localdomain   localhost lh lcl

# misc ne'r-do-wells
127.0.0.2   ad.doubleclick.net
127.0.0.2   mmv.admob.com

# Pasadena
206.135.251.11  rrserv.richeyrentals.comrrserv rrrc rrc

# an indra IP (net.indra.com)
209.169.1.5 net.indra.com   indra nic

# a FRII IP
216.17.135.75   www.frii.netfrii

# Debian mirrors
184.105.204.138 mirror.picosecond.org   mpo pico
128.135.10.29   punk.uchicago.edu
169.229.226.30  mirrors.ocf.berkeley.edu
128.30.2.26 ftp.us.debian.org
128.61.240.73   security.debian.org

# RPi mirrors
93.93.128.193   raspbian.raspberrypi.org
169.229.226.30  mirrors.ocf.berkeley.edu

# DHCP range -- no longer operative
# 192.168.3.225
# 
# 192.168.3.250

# /30 IPs from FRII (I'm pretty sure)
# their end (my default)
216.17.129.42   fromFRII.netfromFRII fFn
# my router IP
216.17.129.41   toFRII.net  toFRII tFn

# tmp
216.17.134.204  rrservCO.slsware.netrsn


# FRII net (at Frasier with a bare router -- 202, 205, 204, 206 are dioded)
216.17.134.200  slsware.net
216.17.134.201  outgoing.slsware.netoutgoing osn
216.17.134.201  brouter.slsware.net bsn
216.17.134.202  srv.slsware.net srv ssn
216.17.134.202  mail.slsware.netmail msn
216.17.134.202  www.slsware.net www wsn
216.17.134.202  ns1.slsware.net ns1n
216.17.134.202  ntp.slsware.net nsn
216.17.134.203  gobook3.slsware.net gobook3 gb3 gb
216.17.134.203  gobook2.slsware.net gobook2 gb2
216.17.134.204  test.slsware.nettest t
216.17.134.205  sbox.slsware.netsbox
216.17.134.206  
216.17.134.207

# LAN using 216.17.134.?/24
216.17.134.5printer.slsware.net printer 4240
216.17.134.23   bridge.slsware.net  bridge br

# some temporary Juniper stuff
192.168.1.1 ssg.slsware.net ssg fw
192.168.2.1 ssgadmin.slsware.netssga fwa

# netgear wifi AP
192.168.1.1 www.routerlogin.net netgear ap AP

> the output of
> 
> hostname -f

root@pix:~# hostname -f
hostname: Name or service not known

> hostnamectl

root@pix:~# hostnamectl
   Static hostname: sbox
Transient hostname: pix
 Icon name: computer-desktop
   Chassis: desktop
Machine ID: d01c1f97efc944bd81768d849446feaf
   Boot ID: 50e006fce53c47a881b78f09c0bbcbe2
  Operating System: Debian GNU/Linux 10 (buster)
Kernel: Linux 4.19.0-6-amd64
  Architecture: x86-64


Hmm. That's interesting. Transient hostname. I didn't know of
hostnamectl. Tells what it is, but not what to do about it or where it
came from.

-- 
Glenn English

hostname?

[ghe]

My hostname is kinda wrong, and I can't figure out why.

I'm working on a configuration for a Cisco PIX firewall, creating the
config file on a host called sbox. The hostname should be sbox, but it
claims to be pix. pix is the hostname of the firewall.

'/etc/hostname' says sbox, but 'hostname' says pix. And in my dir, the
CLI prompt says pix. There's obviously something going on with the pix
config, but I can't find it.

There's no 'pix' in /etc/hosts, the hostname file in /etc says sbox.
rebooting doesn't help, there's no pix in .bashrc.

There's one in the firewall config file (to assign the firewall's
hostname), but that's way down in /home/ghe/scripts/... and it's never
been run anywhere but ssh'd into a laptop in the next room running
minicom attached to the PIX through the 232 console port. The laptop's
hostname is as it should be, and I've used this method to install config
files into Cisco routers and Cisco and Juniper firewalls for years with
no problems

The word 'PIX' is in sbox' interfaces file, but it's in a comment and
it's uppercase -- the problem hostname is lower case.

Logging in to sbox via SSH from other computers gets a pix hostname.

I've tried grep'ing for pix in many fires and dirs, but I think it's
finding 'pixel' because it returns eleventy million finds.

Does anyone on this list have any idea what's going on?

-- 
Glenn English

Re: graphics card recommendation

[ghe]

On 9/23/19 3:51 PM, Mark Fletcher wrote:

> I've heard a lot of people cursing about Radeon graphics card support in 
> Linux over the years, but my information may be out of date...

It's not out of date. Curse! Curse!!

-- 
Glenn English

Re: ./configure failure, can't find glib on debian-arm buster 10.1

[ghe]

On 9/21/19 12:36 PM, Gene Heskett wrote:

>  And do we have a package manager that will run on an ssh -Y login

I'm not sure what you mean, but the ssh man page says:


-Y  Enables trusted X11 forwarding.  Trusted X11 forwardings are not
subjected to the X11 SECURITY extension controls.

(Debian-specific: This option does nothing in the default configuration:
it is equivalent to “ForwardX11Trusted yes”, which is the default as
described above.  Set the ForwardX11Trusted option to “no” to restore
the upstream behavior.  This may change in future depending on
client-side improvements.)


And

alias sshy="ssh -Y "

in your .bashrc might give you something like what you're looking for
(assuming I understand what you're looking for). With no remembering the
option, no shift key, and a bit less typing.


I have next to no experience with the GUI package manager -- I use apt
or aptitude. I've had no trouble with ssh'ing around and using them on
alien hosts.

I also find it useful to create the ssh login codes so there's no pw
involved. I did this several years ago so I don't remember how to do it.
But, IIRC, it's not a big task -- took only 3 or 4 days to get it going.

-- 
Glenn English

Re: confused, seems to be my normal state

[ghe]

On 9/17/19 4:17 PM, Gene Heskett wrote:

> I'd luv to give it a try, since I've never tried it, but unpacking the 
> NOOBS to an sd card seems to be a secret, so what linux command will 
> unpack the .zip and put it on the card?

Attached is the instruction file I wrote for myself because the process
is a bit complex for me to remember (it says 3B+, but it's the same for
a 4, IIRC). I hope it makes some sense to you.

If not, you need but speak...

-- 
Glenn English
NOOBS 3B+ INSTALLATION INSTRUCTIONS

1. Insert an SD card that is 8GB or greater in size into your computer.
2. Format the SD card using the platform-specific instructions below:
   Linux
  i. We recommend using gparted (or the command line version parted)
  ii. Create a MSDOS partition tabls and single FAT32 partition. A 64G card 
works fine.
  iii. Mount the SD card partition -- on /mnt.
3. Unzip the NOOBS data (files and dirs) into a dir on the Linux disk (sudo 
unzip 2009-08-07.NOOBS_v3_2_0.zip -d unzipped/ -- for example).
4. Move into the dir with the NOOBS data. Copy the data from the Linux dir to 
the partition (cd unzipped ; sudo cp -rv * /mnt)
  on the SD card. Just all the files and dirs. (cp -r * /mnt). Umount the 
SD card (sudo umount /mnt).
5. Insert the SD card into your Pi and connect the power supply, etc.

Your Pi will now boot into NOOBS and should display a list of operating systems 
that you can choose to install.
If your display remains blank, you should select the correct output mode for 
your display by pressing one of 
   the following number keys on your keyboard:
1. HDMI mode - this is the default display mode.
2. HDMI safe mode - select this mode if you are using the HDMI connector and 
cannot see anything on screen when the Pi has booted.
3. Composite PAL mode - select either this mode or composite NTSC mode if you 
are using the composite RCA video connector.
4. Composite NTSC mode

If you are still having difficulties after following these instructions, then 
please visit the Raspberry Pi 
   Forums (http://www.raspberrypi.org/forums/) for support.

Follow the directions. Be sure to set to US in the little window at the bottom.

Changing to XFCE from LXDE
   sudo apt-get install xfce4 xfce4-goodies
   sudo dpkg --get-selections | grep "^lx" or apt-cache show lxde
   remove all of them
   Replace lxde (? -- the login window) with slim.
   
   Reboot
   
   sudo apt-get autoremove && sudo apt-get autoclean

Install Firefox, Webmin, an email client, etc.

Re: I support the founder of FreeSoftware

[ghe]

On 9/19/19 10:47 AM, Tom Browder wrote:

> Not all agree with you. Politics and angry speech have no place on this
> list.

Please allow me to differ.

In this case, I claim they do. Stallman is controversial, but he's one
of the founders of the unix clones. I just hope he'll stay on at GNU.
What happens with him could have a major influence on Debian.

GNU's a major source of user software for Linux (futzed with a bit for
Debian).

Therefore, Debian's users' opinions are relevant here...

-- 
Glenn English

Re: confused, seems to be my normal state

[ghe]

On 9/17/19 11:01 AM, Gene Heskett wrote:

> And that results in exactly the same effect, partitiuon 1 is an iso9660 
> image, and I don't believe the rpi-3b supports that for a boot medium. 
> dos/fat32 only I believe. Obviously I got those images from the wrong 
> place in the debian file system.  So I need to remove these, but where 
> do I get the correct versions?

>From https://www.raspberrypi.org/downloads/ ?

Use the damn NOOBS and quit fighting with your Pi(s)! NOOBS takes a
while, and it doesn't install things the way you want them to be, but it
does work -- you end up looking at a working Buster desktop. No
confusion or cardio stress involved.

There are a lot of recipes on the web to make things all better. And
'rm' works pretty well, too.

-- 
Glenn English

Re: Installation suitability for Dell laptop

[ghe]

On 9/16/19 11:15 AM, Thanos Katsiolis wrote:

> I am a new user of Debian and Linux in general. I am planning to install
> Debian on a Dell laptop, Inspiron 5570 in particular.

I've never had much of a problem running Debian on Dell laptops. Right
now, Buster is (reasonably) happy on my Dell Latitude 5414. Sound works,
DVD player works, etc.

The BIOS is a bit odd -- it's the size of gcc; you have to set it to
legacy and figure out what it's talking about. I did, anyway...

-- 
Glenn English

Re: attempted install of buster arm64 net-install on rp4 fails instantly

[ghe]

On 9/9/19 10:21 AM, Gene Heskett wrote:

> Is there a foolproof way to convert that to "gene", or am I stuck 
> logging into it as "pi"? 

I tried that a long time ago, and had to reinstall, IIRC. What I do now
is create a new user 'ghe' and just pretend pi doesn't exist.

Maybe clear out pi's home dir, and some others, to get rid of unwanted
garbage NOOBS puts everywhere.

> But it runs the 
> machine pretty good.  

Not the 4, I betcha.

> I've copied some stuff to SSD 

Where SSD is that SD card sticking out the back?

Binarys, from the RPi mirror? They seem to be pretty happy with text
files, though.

> Have I forgot something? Probably...

Don't fight with it. You'll lose. Computers aren't real bright.

-- 
Glenn English

Re: attempted install of buster arm64 net-install on rp4 fails instantly

[ghe]

On 9/9/19 8:26 AM, Gene Heskett wrote:

> On Monday 09 September 2019 08:58:10 Greg Wooledge wrote:
> 
>> On Sun, Sep 08, 2019 at 03:04:40AM -0400, Gene Heskett wrote:
>>> sudo dd if=debian-10.0.0-armhf-netinst.iso bs=4096 of=/dev/sdf1
>>>
>>> /dev/sdf1 is an unmounted 64GB PNY u-sd card. Original format NTFS.
>>
> That was one of /my/ screwups, fixed to /dev/sdf later. Now rapbian does 
> something but only a magician knows what as I can't get any video out of 
> it.  The debian-arm net-installs still stop dead after one flash of the 
> green led. Then I start finding rumors that debian-arm isn't ready for 
> pi4's, no device tree, and they became a mob in a few hours.  So now I'm 
> trying to get video out of raspbian, failing miserably. In the meantime 
> I'm trying to put together another working stretch on my pi3 so I can 
> bring my lathe back to life.
> 
> I had it working before the heart attack, but have come to the conclusion 
> I may have over-wrote that card.  Damned hard to put identifying marks 
> on a card that physical size. They should have something like a MAC 
> address imprinted so that one could keep an index list of what each card 
> does.

Label them with a Sharpie -- 1, 2, 3, 4... And make notes in a
'database' (aka 'a piece of paper and a pencil').

> So I've given up on the pi4 till the heat sink cover and more of the 
> micro to normal sized hdmi adapters arrive.  

Amazon. Single connector on both ends. Lots of choices, IIRC. Mine does
good video with the ASUS VE228 monitor over on the table.

There was a little backAndForth between the connectors to find the
video, though, IIRC.

> Might be a couple weeks 
> yet, coming from banggood.  All I have for that adapter now is some sort 
> of a 3 headed contraption I paid $16 for at wallies, and I've no clue if 
> it works. I've never seen video come out of it.
> 
> I even took the new 22" ONN monitor to the pi3 on the lathe, makes a 
> decent pix on the pi3 at just noticeably lower contrast. 
> 
> Cheers, Gene Heskett

Try the Buster NOOBS from the RPi website.

Painless and works good here -- eventually. I'm using a 32G Samsung SD
'card'. And a USB3 external twirling rust disk.

4 is a little persnickety, and the RPi Buster Raspian has been futzed
with. Last I heard, the Debian ARM software wasn't ready for 4 yet.

-- 
Glenn English

Re: logwatch at midnight?

[ghe]

On 9/9/19 5:47 AM, Charles Curley wrote:

> Kudzuesque systemd appears to be taking over everything

Remember the good old days when a *nix program did one thing and did it
well?

-- 
Glenn English

nft 'modules'

[ghe]

In ipchains, there were a lot of modules that I used a few of, like
recent and the one that put comments on the end of a rule. I can't find
anything, one way or the other, discussing these add-ons with nft.

Is there such a thing in nft? Is nft so new that they just haven't been
written yet? Is there no plan to have these available?

-- 
Glenn English

Re: duckduckgo

[ghe]

On 8/18/19 5:16 PM, Ben Caradoc-Davies wrote:

> I use NoScript to enable JavaScript only where I want it.

Yeah. And Firefox has a checkbox in the prefs to block pop-ups. I rarely
see a pop-up any more.

I have a hard time believing DDG is what's doing your pop-ups. It'd
destroy their reputation. OTOH, remember Goggle's 'Do no evil'??

-- 
Glenn English

Re: RPI boot problem (some OT) [solved]

[ghe]

On 8/10/19 11:19 AM, ghe wrote:

Fixed. I did a few things differently, and it came up:

I verified the NOOBS file with sha256 (match).
I unzipped directly to the SD chip.
I moved the HDMI connector to the one toward the back.

Even though I saw nothing in any dox about it making any difference, I'm
inclined to think moving the HDMI cable was the fix, but when I booted
with it in the other one, the square rainbow didn't come up this time.
That makes me think that unzipping to the chip might have made some
difference. And of course, there's always the phase of the moon...

-- 
Glenn English

RPI boot problem (some OT)

[ghe]

I know this isn't the best place to talk about Raspberry Pis, but there
are people here who are familiar with them, and probably people who can
point me to the correct place. And they do run Debian...

My 2G RPi4 arrived yesterday, and it doesn't boot, not all the way
anyway. The red power led goes on, the green 'disk' activity led
flashes, it displays the square rainbow flash image, but doesn't go any
farther than that (the green led stays on). The rainbow display stays on
forever, as far as I can tell.

I've already tried:

Loading a known working 3+ Buster -- did nothing; no surprise. But that
chip was built from the same Buster NOOBS file as the one I prepared for
the 4.

Replacing the SD chip -- no difference.

Reloading the SD chip -- no difference in the boot process. When I went
to gparted to repartition the chip, it looked like it had begun some of
the Raspian partitioning. But it hadn't finished; there was a huge area
that was still available.

Downloading and installing a different NOOBS file (lite instead of full)
-- no difference.

Looking for help on the RPi website -- very little help; they talked
about a new bootloader and told me how to see if I needed it. I didn't
(the green led comes on and blinks). And I already knew how to plug in
the HDMI cable :-)

Looked for help anywhere on the web -- lots of other RPi4 boot problems
discussed, but not mine.

Giving it an hour or so to cogitate and go on to the next step -- the
rainbow was still on the monitor, but the green led had gone out.

This is not the first 'Pi I've loaded a Raspian OS into (the 2 was the
first), and I followed the same procedures I always have. It is,
however, the first time I've had any trouble at all.

The 'Pi seems OK to me -- it does display that flash screen, and that
takes working some CPU cycles and some working RAM. I don't think the
software's bad -- it seems to do quite a bit of stuff trying to boot.

I'm at a loss. A solution/suggestion or a URL would be greatly appreciated.

-- 
Glenn English

Re: Helpful attitude (was: Server hardware advice.)

[ghe]

On 8/8/19 4:39 AM, Kenneth Parker wrote:

> I also hear stories about people, using Raspberry Pi Systems as Servers.

At least a 3+, on a T1, with a good UPS, well backed up, and with clones
of hardware and software near at hand. And running Debian.

Under those conditions, they do just fine.

-- 
Glenn English

Re: Server hardware advice.

[ghe]

Depends on what you're trying to do.

I run a small domain on a T1 without pictures or audio, so I'm using a
Raspberry Pi 3 as a server. Quite a bit faster than the old PDP-11s the
'Net started out with, and significantly less expensive. And smaller.

My domain used to be a lot larger, but still a T1 and very little
video/audio. I used the bottom-of-the-line Dell servers back then, and
bought my own RAM (Dell gets a lot for a RAM stick). The biggest
advantage to the Dell servers, aside from the reliability of the
components (over 15 years, I never had one fail), was that they could be
bought without the Windows tax.

If you're looking to do a full blown Google level server on a 10G
connection, advice there is above my pay scale...

-- 
Glenn English

Re: Changing nameservers - WAS "Which resolv.conf file?"

[ghe]

On 7/31/19 2:52 PM, Pascal Hambourg wrote:

> Without resolvconf, the DHCP client would have completely overwritten
> resolv.conf instead of just adding one line. With resolvconf, at least
> you can have some control over resolv.conf.

OK. vi gives me all the control I need over resolv.conf. I understand
that some people need and think the world of resolvconf. I don't see any
need for it at all for the computers here.

-- 
Glenn English

Re: Changing nameservers - WAS "Which resolv.conf file?"

[ghe]

On 7/31/19 1:20 PM, Greg Wooledge wrote:

> I still feel like you're missing the big picture here.  resolvconf isn't
> the thing that's modifying your /etc/resolv.conf file.  

It's the thing (that was) modifying my resolv.conf.

I have 2 Enet connections: a reliable T1 and a reasonably fast WiFi. I
have a shell script to bring up WiFi, and modify the routing table a
little, for downloads and stuff.

The WiFi server (DHCP) was always changing my DNS server to something I
didn't want -- when I'd cat resolv.conf, there was always a line at the
top saying the file had been created by resolvconf.

At first I kept a resolv file as I wanted it to be in /etc, and the
script just copied it over resolvconf's creation. Then I just deleted
the resolvconf file, and quit having problems.

It's quite possible I just didn't have something configured correctly,
but I did figure out a way to keep somebody from scribbling on my DNS
config. And there's nothing on my computers that changes it.

-- 
Glenn English