date:20181203

On Mon, 3 Dec 2018 18:46:13 +0100
Alessandro Selli  wrote:

> On 03/12/18 at 18:19, Tomasz Kundera wrote:
> > On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny  > > wrote:
> >
> > On Sun, 2 Dec 2018 14:28:25 +0100
> > Tomasz Kundera  > > wrote:
> >
> > > You can still use NIS if you don't need the power (and
> > complexity) of
> > > samba.
> > >
> >
> > NIS is a bit outdated and Samba isn't that complex from a Linux
> > point of view.
> >
> >
> > It is outdated because?
> 
> 
>   It's unencrypted, hard to firewall, unsecure by design.
> 
> 
> > It works, at least in simple cases.
> 
> 
>   Yeah, sure, even rsh works (sometimes), still it's a very outdated
> protocol.
> 
> 
> > The choice depends on your needs. Samba is not needed everywhere and
> > yes, it is more complex then a simple NIS installation.
> 
> 
>   My experience differs.  NIS relies on a number of RPC services,
> local and netwide settings (nisdomainname vs. fqdn), server- and
> client-side commands, files and related DBs that the first time I
> could get it to work I uncorked the finest sparkling wine I had and
> rushed to set everything I had done in virtual stone:
> 
> http://alessandro.route-add.net/Unixalia/configurare_NIS.html (in
> Italian, sorry).
> 
> 
>   A few years later, my first Samba installations were not as painful
> and time-consuming, it's all in one config file (well, two with
> smbpasswd), but maybe that's because I was not using it from Windows
> PCs.
> 
> 
> > I do not suggest that samba is a bad choice. It depends on the needs
> > as I have written above.
> 
> 
>   I suggest to stay away from NIS except in a few cases:
> 
>  1. it was already setup and configured by someone else and it's
> working; 2. it's operating in a secure, non critical environment;
>  3. people in the organization are already familiar with it (ie,
> they're all grey-haired or bald and gray-bearded or look like Yoda);
>  4. long-term support is not an issue.
> 
> 
>   In all other instances, run LDAP and/or Samba instead.

To be honest (did I say I was biased ?) I would go with a Samba AD
domain, the provision does it all for you. You end up with a
centralised server that runs a KDC, dns server and LDAP, all you have
to provide is users & groups. It provide native authentication for
Windows PCs and can very easily be used for Unix clients.

Rowland

> 
> 

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

On 03/12/18 at 18:19, Tomasz Kundera wrote:
> On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny  > wrote:
>
> On Sun, 2 Dec 2018 14:28:25 +0100
> Tomasz Kundera mailto:tnkund...@gmail.com>>
> wrote:
>
> > You can still use NIS if you don't need the power (and
> complexity) of
> > samba.
> >
>
> NIS is a bit outdated and Samba isn't that complex from a Linux point
> of view.
>
>
> It is outdated because?

  It's unencrypted, hard to firewall, unsecure by design.

> It works, at least in simple cases.

  Yeah, sure, even rsh works (sometimes), still it's a very outdated
protocol.

> The choice depends on your needs. Samba is not needed everywhere and
> yes, it is more complex then a simple NIS installation.

  My experience differs.  NIS relies on a number of RPC services, local
and netwide settings (nisdomainname vs. fqdn), server- and client-side
commands, files and related DBs that the first time I could get it to
work I uncorked the finest sparkling wine I had and rushed to set
everything I had done in virtual stone:

http://alessandro.route-add.net/Unixalia/configurare_NIS.html (in
Italian, sorry).

  A few years later, my first Samba installations were not as painful
and time-consuming, it's all in one config file (well, two with
smbpasswd), but maybe that's because I was not using it from Windows PCs.

> I do not suggest that samba is a bad choice. It depends on the needs
> as I have written above.

  I suggest to stay away from NIS except in a few cases:

 1. it was already setup and configured by someone else and it's working;
 2. it's operating in a secure, non critical environment;
 3. people in the organization are already familiar with it (ie, they're
all grey-haired or bald and gray-bearded or look like Yoda);
 4. long-term support is not an issue.

  In all other instances, run LDAP and/or Samba instead.

-- 
Alessandro Selli 
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE

signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

On Mon, 3 Dec 2018 18:19:04 +0100
Tomasz Kundera  wrote:

> On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny  wrote:
> 
> > On Sun, 2 Dec 2018 14:28:25 +0100
> > Tomasz Kundera  wrote:
> >
> > > You can still use NIS if you don't need the power (and
> > > complexity) of samba.
> > >
> >
> > NIS is a bit outdated and Samba isn't that complex from a Linux
> > point of view.
> >
> 
> It is outdated because? It works, at least in simple cases. The choice
> depends on your needs. Samba is not needed everywhere and yes, it is
> more complex then a simple NIS installation.
> I do not suggest that samba is a bad choice. It depends on the needs
> as I have written above.
> 

I did say I am biased, but from my point of view, NIS, whilst it works,
is limited to what Samba provides, mainly because it can include what
is virtually a NIS server.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Tomasz Kundera

On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny  wrote:

> On Sun, 2 Dec 2018 14:28:25 +0100
> Tomasz Kundera  wrote:
>
> > You can still use NIS if you don't need the power (and complexity) of
> > samba.
> >
>
> NIS is a bit outdated and Samba isn't that complex from a Linux point
> of view.
>

It is outdated because? It works, at least in simple cases. The choice
depends on your needs. Samba is not needed everywhere and yes, it is more
complex then a simple NIS installation.
I do not suggest that samba is a bad choice. It depends on the needs as I
have written above.

-- 
Tomasz Kundera
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] systemd killed the NIS star [was: Re: Request for comments - training room]

On 03/12/18 at 14:51, Bruce Ferrell wrote:
> On 12/3/18 5:22 AM, g4sra wrote:
>> >From my perspective, this topic has had some very interesting
>> contributions. Thank you all whom have contributed.
>>
>> To pick out just one as an example, I had considered NIS\YP to be (or
>> rather didn't consider because) all but defunct, and not taken it's
>> simplicity and reliability over other methods into consideration.
>
> NIS/YP is especially interesting for me as something long unused.


  Sorry to bring you these sorry news, people, but Dr. Nikolaus Klepp is
right: NIS really has kicked the bucket:


https://tracker.debian.org/news/1001786/nis-removed-from-testing/


  nis REMOVED from testing


News for package nis 

  * *From*: Debian testing watch 

  * *To*:  
  * *Date*: Thu, 08 Nov 2018 04:39:20 +
  * *Subject*: nis REMOVED from testing

FYI: The status of the nis source package
in Debian's testing distribution has changed.

  Previous version: 3.17.1-3
  Current version:  (not in testing)
  Hint: 
Bug #834298: nis: Can't ypbind



  Interesting read:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834298


From: Elimar Riesebieter 
To: Mark Brown 
Cc: 834...@bugs.debian.org
Subject: Re: nis: Can't ypbind
Date: Tue, 16 Aug 2016 13:52:35 +0200


control reopen +1

* Mark Brown  [2016-08-16 12:11 +0100]:

> On Sun, Aug 14, 2016 at 12:02:06PM +0200, Elimar Riesebieter wrote:
> 
> > since 3.17-35 I can't bind to my nisserver anymore. Downgrading to
> > 3.17-34 succeeded. Please notice:
> 
> This appears to be some change that's systemd related, AFAICT it works
> fine outside of systemd but gets killed when running inside systemd.
> I'm assuming that the dbus integration was causing systemd to notice
> that it was still running.

My server is a sysvinit system. Can't bind from either a sysvinit
Desktop nor a systemd Desktop the sysvinit server. Nevertheless why
don't we update to ypbind-mt-1.38?

Elimar



-- 
Alessandro Selli 
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

On Mon, 3 Dec 2018 15:35:12 +0100
"Dr. Nikolaus Klepp"  wrote:

> Am Montag, 3. Dezember 2018 schrieb Simon Hobson:
> > Dr. Nikolaus Klepp  wrote:
> > 
> > > Hm ... on devuan mailinglist asking for trainingroom setup for
> > > 600 active user? I don't think server nor clients are M$-based,
> > > but I could be wrong here :-)
> > 
> > Windoze isn't the only GUI desktop around ;-)
> 
> Is user mangement a desktop problem or a OS problem?
> 

Neither, it isn't really a problem, but if it is a problem, it is a
server problem.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

On Mon, 3 Dec 2018 15:25:14 +0100
"Dr. Nikolaus Klepp"  wrote:

> Am Montag, 3. Dezember 2018 schrieb Rowland Penny:
> > On Mon, 3 Dec 2018 14:58:24 +0100
> > [...]
> > > > No it doesn't, but then neither does Linux ;-)
> > > > If you really wanted this, I am sure it is scriptable
> > > > As for which to use, an NFS or SMB mounted /home , most people
> > > > seem to use NFS.
> > > 
> > > You can do it with sshd on the server side :-)
> > > 
> > 
> > I get the distinct feeling we are talking GUI desktops here.
> 
> Hm ... on devuan mailinglist asking for trainingroom setup for 600
> active user? I don't think server nor clients are M$-based, but I
> could be wrong here :-)
>

The clients do not have to be M$-based, I am typing this on a Unix
Domain Member ;-)

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

Am Montag, 3. Dezember 2018 schrieb Simon Hobson:
> Dr. Nikolaus Klepp  wrote:
> 
> > Hm ... on devuan mailinglist asking for trainingroom setup for 600 active 
> > user? I don't think server nor clients are M$-based, but I could be wrong 
> > here :-)
> 
> Windoze isn't the only GUI desktop around ;-)

Is user mangement a desktop problem or a OS problem?

> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Simon Hobson

Dr. Nikolaus Klepp  wrote:

> Hm ... on devuan mailinglist asking for trainingroom setup for 600 active 
> user? I don't think server nor clients are M$-based, but I could be wrong 
> here :-)

Windoze isn't the only GUI desktop around ;-)

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Simon Hobson

Bruce Ferrell  wrote:

> I've found that AD is VERY sensitive to time differences, even in a pure 
> windows environment.  How Windows admins tolerate it I have yet to figure out.

AIUI the DEFAULT in a Windoze network is that all the Domain Controllers are 
also time servers (not NTP, MS's own creation) and the master DC takes on the 
role of root time server. Domain joined PCs will sync their time from the DCs. 
That way, the whole domain *should* normally stay in sync - ie it will be 
internally consistent but not necessarily correct wrt real wallclock time. For 
the times to stay correct, the master DC needs to be configured to use an 
external time reference.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

Am Montag, 3. Dezember 2018 schrieb Rowland Penny:
> On Mon, 3 Dec 2018 14:58:24 +0100
> [...]
> > > No it doesn't, but then neither does Linux ;-)
> > > If you really wanted this, I am sure it is scriptable
> > > As for which to use, an NFS or SMB mounted /home , most people seem
> > > to use NFS.
> > 
> > You can do it with sshd on the server side :-)
> > 
> 
> I get the distinct feeling we are talking GUI desktops here.

Hm ... on devuan mailinglist asking for trainingroom setup for 600 active user? 
I don't think server nor clients are M$-based, but I could be wrong here :-)

> 
> Rowland
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

On Mon, 3 Dec 2018 14:58:24 +0100
"Dr. Nikolaus Klepp"  wrote:

> Am Montag, 3. Dezember 2018 schrieb Rowland Penny:
> > On Mon, 3 Dec 2018 13:22:40 +
> > g4sra  wrote:
> > 
> > > From my perspective, this topic has had some very interesting
> > > contributions. Thank you all whom have contributed.
> > > 
> > > To pick out just one as an example, I had considered NIS\YP to be
> > > (or rather didn't consider because) all but defunct, and not
> > > taken it's simplicity and reliability over other methods into
> > > consideration.
> > 
> > NIS is, to all intents and purposes, defunct
> >  
> > > 
> > > > Would have saved a bit of speculation and discussion had these
> > > > details been provided earlier :-/
> > > Intentional, only the available hardware and purpose is set in
> > > stone. Too many details too early stifles creativity, the
> > > 'speculation' promoted 'discussion' and raised some points that
> > > would probably not have been made otherwise. ;)
> > > 
> > > 
> > > So far I am getting
> > > 
> > > Active Directory, supported by PAM or SSSD on the Client
> > > workstation to control console login.
> > 
> > You do not need sssd, it only really duplicates winbind (it even
> > uses some winbind code) and what winbind doesn't do that sssd does
> > is easily done by other methods e.g. Sudo
> > 
> > > 
> > > Either /home mounted from the sever over NFS, or individual User
> > > [home] shares over SMB. Sever directory of Training Software
> > > mounted\shared similarly.
> > > 
> > > Which yields
> > > 
> > > Single point of User account management on the server.
> > > Server resources restricted to 30 max simultaneous Users.
> > > Regular backup of the sever provides protection against all User
> > > data loss. Single point (well subdirectories, easy to script) for
> > > review of Trainee progress by management.
> > > 
> > > Hmm, can AD prevent simultaneous single User login on multiple
> > > clients ? Somehow I have never needed AD, so lack experience with
> > > it.
> > 
> > No it doesn't, but then neither does Linux ;-)
> > If you really wanted this, I am sure it is scriptable
> > As for which to use, an NFS or SMB mounted /home , most people seem
> > to use NFS.
> 
> You can do it with sshd on the server side :-)
> 

I get the distinct feeling we are talking GUI desktops here.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

On Mon, 3 Dec 2018 05:51:30 -0800
Bruce Ferrell  wrote:

> On 12/3/18 5:22 AM, g4sra wrote:
> > >From my perspective, this topic has had some very interesting
> > contributions. Thank you all whom have contributed.
> >
> > To pick out just one as an example, I had considered NIS\YP to be
> > (or rather didn't consider because) all but defunct, and not taken
> > it's simplicity and reliability over other methods into
> > consideration.
> 
> NIS/YP is especially interesting for me as something long unused.
> 
> At one point in my career I had to restore a plant that use a semi
> centralized NIS/YP.  I got the bright idea of putting a YP slave on
> the all the hosts and syncing those to the master.
> 
> It took me a week but I found that upstream had a bug in the slave
> scripts such that they would never sync.  The bug didn't exist in
> sunos or solaris so it was unique to Linux.
> 
> I've found that AD is VERY sensitive to time differences, even in a
> pure windows environment.  How Windows admins tolerate it I have yet
> to figure out.

They don't, they run time servers.

> 
> The pam module, oddjob makes it somewhat better, but a bit weird.

I think you mean the red-hat pam module oddjob, its pam-mkhomedir on
Devuan

> 
> The stated use of AD for resource access might be better served by
> full on Samba 4, but AD and GPOs can perform that kind of limiting

No, sorry, but I don't understand that last statement.
If you mean you can do most of them via GPO's, well no, you cannot, not
on Linux anyway.

> 
> PXE boot is well known for the type of lab/classroom environment...
> Long ago, I used bootp for doing mass installs/reinstalls of OS/2.
> It was pretty well documented in the IBM Redbooks.

Ah, the good old days ;-)

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread wirelessduck

> On 4 Dec 2018, at 00:51, Bruce Ferrell  wrote:
> 
> I've found that AD is VERY sensitive to time differences, even in a pure 
> windows environment.  How Windows admins tolerate it I have yet to figure out.

That would be from Kerberos? That’s a requirement regardless of using AD or MIT 
Kerberos. The solution is NTP everywhere, talking back to the Domain 
Controllers as local time servers.

—Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

Am Montag, 3. Dezember 2018 schrieb Rowland Penny:
> On Mon, 3 Dec 2018 13:22:40 +
> g4sra  wrote:
> 
> > From my perspective, this topic has had some very interesting
> > contributions. Thank you all whom have contributed.
> > 
> > To pick out just one as an example, I had considered NIS\YP to be (or
> > rather didn't consider because) all but defunct, and not taken it's
> > simplicity and reliability over other methods into consideration.
> 
> NIS is, to all intents and purposes, defunct
>  
> > 
> > > Would have saved a bit of speculation and discussion had these
> > > details been provided earlier :-/
> > Intentional, only the available hardware and purpose is set in stone.
> > Too many details too early stifles creativity, the 'speculation'
> > promoted 'discussion' and raised some points that would probably not
> > have been made otherwise. ;)
> > 
> > 
> > So far I am getting
> > 
> > Active Directory, supported by PAM or SSSD on the Client workstation
> > to control console login.
> 
> You do not need sssd, it only really duplicates winbind (it even uses
> some winbind code) and what winbind doesn't do that sssd does is easily
> done by other methods e.g. Sudo
> 
> > 
> > Either /home mounted from the sever over NFS, or individual User
> > [home] shares over SMB. Sever directory of Training Software
> > mounted\shared similarly.
> > 
> > Which yields
> > 
> > Single point of User account management on the server.
> > Server resources restricted to 30 max simultaneous Users.
> > Regular backup of the sever provides protection against all User data
> > loss. Single point (well subdirectories, easy to script) for review
> > of Trainee progress by management.
> > 
> > Hmm, can AD prevent simultaneous single User login on multiple
> > clients ? Somehow I have never needed AD, so lack experience with it.
> 
> No it doesn't, but then neither does Linux ;-)
> If you really wanted this, I am sure it is scriptable
> As for which to use, an NFS or SMB mounted /home , most people seem to
> use NFS.

You can do it with sshd on the server side :-)


> 
> > 
> > Interestingly little mention of workstation BOOTP, NFS Root, Cloning
> > On Boot. Manually applying CCR's in each training room of 28+
> > workstations is going to be a pita. No one mentioned the likes of
> > Puppet, Ansible, ClusterSSH etc.
> > 
> 
> This is probably down to the very little information you provided, I
> also have no idea what 'Creedence Clearwater Revival' has to do with
> anything we are discussing ;-)
> 
> Just what do you require ?
> Just what hardware will you have ?
> 
> Rowland
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Bruce Ferrell


On 12/3/18 5:22 AM, g4sra wrote:

>From my perspective, this topic has had some very interesting
contributions. Thank you all whom have contributed.

To pick out just one as an example, I had considered NIS\YP to be (or
rather didn't consider because) all but defunct, and not taken it's
simplicity and reliability over other methods into consideration.


NIS/YP is especially interesting for me as something long unused.

At one point in my career I had to restore a plant that use a semi centralized NIS/YP.  I got the bright idea of putting a YP slave on the all the hosts and syncing those to the 
master.


It took me a week but I found that upstream had a bug in the slave scripts such 
that they would never sync.  The bug didn't exist in sunos or solaris so it was 
unique to Linux.

I've found that AD is VERY sensitive to time differences, even in a pure 
windows environment.  How Windows admins tolerate it I have yet to figure out.

The pam module, oddjob makes it somewhat better, but a bit weird.

The stated use of AD for resource access might be better served by full on 
Samba 4, but AD and GPOs can perform that kind of limiting

PXE boot is well known for the type of lab/classroom environment... Long ago, I used bootp for doing mass installs/reinstalls of OS/2.  It was pretty well documented in the IBM 
Redbooks.




___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

On Mon, 3 Dec 2018 13:22:40 +
g4sra  wrote:

> From my perspective, this topic has had some very interesting
> contributions. Thank you all whom have contributed.
> 
> To pick out just one as an example, I had considered NIS\YP to be (or
> rather didn't consider because) all but defunct, and not taken it's
> simplicity and reliability over other methods into consideration.

NIS is, to all intents and purposes, defunct
 
> 
> > Would have saved a bit of speculation and discussion had these
> > details been provided earlier :-/
> Intentional, only the available hardware and purpose is set in stone.
> Too many details too early stifles creativity, the 'speculation'
> promoted 'discussion' and raised some points that would probably not
> have been made otherwise. ;)
> 
> 
> So far I am getting
> 
> Active Directory, supported by PAM or SSSD on the Client workstation
> to control console login.

You do not need sssd, it only really duplicates winbind (it even uses
some winbind code) and what winbind doesn't do that sssd does is easily
done by other methods e.g. Sudo

> 
> Either /home mounted from the sever over NFS, or individual User
> [home] shares over SMB. Sever directory of Training Software
> mounted\shared similarly.
> 
> Which yields
> 
> Single point of User account management on the server.
> Server resources restricted to 30 max simultaneous Users.
> Regular backup of the sever provides protection against all User data
> loss. Single point (well subdirectories, easy to script) for review
> of Trainee progress by management.
> 
> Hmm, can AD prevent simultaneous single User login on multiple
> clients ? Somehow I have never needed AD, so lack experience with it.

No it doesn't, but then neither does Linux ;-)
If you really wanted this, I am sure it is scriptable
As for which to use, an NFS or SMB mounted /home , most people seem to
use NFS.

> 
> Interestingly little mention of workstation BOOTP, NFS Root, Cloning
> On Boot. Manually applying CCR's in each training room of 28+
> workstations is going to be a pita. No one mentioned the likes of
> Puppet, Ansible, ClusterSSH etc.
> 

This is probably down to the very little information you provided, I
also have no idea what 'Creedence Clearwater Revival' has to do with
anything we are discussing ;-)

Just what do you require ?
Just what hardware will you have ?

Rowland


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

From my perspective, this topic has had some very interesting
contributions. Thank you all whom have contributed.

To pick out just one as an example, I had considered NIS\YP to be (or
rather didn't consider because) all but defunct, and not taken it's
simplicity and reliability over other methods into consideration.

> Would have saved a bit of speculation and discussion had these details been 
> provided earlier :-/
Intentional, only the available hardware and purpose is set in stone.
Too many details too early stifles creativity, the 'speculation'
promoted 'discussion' and raised some points that would probably not
have been made otherwise. ;)


So far I am getting

Active Directory, supported by PAM or SSSD on the Client workstation to
control console login.

Either /home mounted from the sever over NFS, or individual User [home]
shares over SMB. Sever directory of Training Software mounted\shared
similarly.

Which yields

Single point of User account management on the server.
Server resources restricted to 30 max simultaneous Users.
Regular backup of the sever provides protection against all User data loss.
Single point (well subdirectories, easy to script) for review of Trainee
progress by management.

Hmm, can AD prevent simultaneous single User login on multiple clients ?
Somehow I have never needed AD, so lack experience with it.

Interestingly little mention of workstation BOOTP, NFS Root, Cloning On
Boot. Manually applying CCR's in each training room of 28+ workstations
is going to be a pita. No one mentioned the likes of Puppet, Ansible,
ClusterSSH etc.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch

2018-12-03 Thread Didier Kryn


Le 03/12/2018 à 10:49, g4sra a écrit :

Has anyone here have actual practical experience of using LFS to build
anything moderate (or larger).


    I've tried it, I tink it was a version with Musl. Anyway, this is, 
IMHO, essentially didactic as well as a proof that Linux *can* be built 
from scratch. It takes such a long effort to developpers of this 
"distro" to make it work that it is always very outdated. It does not 
give you so much more freedom than other distros except if you decide to 
take cross roads, but then, you're on your own with no guaranty that it 
works out of the box. And don't think of any thing like upgrades; just 
wait a few years for the next release and build another outdated OS (-:


        Didier


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch

2018-12-03 Thread Bruce Ferrell


On 12/3/18 3:52 AM, g4sra wrote:

I've not used LFS.  I've talked to many people who have.

Thank you for the reply, but you do not quite fit the demographic I was
looking for.


Well, maybe *I* fit your demographic then...

In my 40 year career, I've worked IBM systems, Mainframe and desktop, Oracle and other large DB systems by a number of vendors and just about every *IX variant that has existed at 
one time or another.


I am WELL aware of LWN. It IS well respected, curated and run by a well known Linux kernel developer.  I can't say I always agree with what is to said there, but I respect his work 
and the people writing there... And I take the time to investigate before deciding what can be dismissed.


I've also used LFS just to see what it could teach me and use it as a training tool for hands on teaching Linux, not distro, fundamentals. For this later purpose, it's extremely 
useful.  As a method of setting up and running production systems, not so much... One may as well run Arch for the build time required.


I'd STRONGLY suggest that you might get a lot from the hands on aspects of LFS 
and perhaps have less need of opinions other than your own.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread Bruce Ferrell

On 12/3/18 3:24 AM, Steve Litt wrote:

On Sun, 2 Dec 2018 11:10:20 -0800
Bruce Ferrell wrote:

Yeah, this IS one of the issues around flash/SSD storage... They run
fast and wear out faster.

The preceding sentence is true but it's not the whole truth. If one
uses SSD the way they would spinning rust, that being run it 80% to 90%
full, with lots of writes, and expects years of service, one will
likely be disappointed. But there are many situations in which SSD has
sufficient lifetime.

Let me start with my setup:

=
[root@mydesk mnt]# mount | grep sda
/dev/sda1 on / type ext4 (rw,noatime)
[root@mydesk mnt]# df -h /
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 220G 29G 181G 14% /
[root@mydesk mnt]# mount | grep "/dev/sd"
/dev/sda1 on / type ext4 (rw,noatime)
/dev/sdb1 on /boot type ext4 (rw,noatime)
/dev/sdb7 on /tmp type ext4 (rw,noatime)
/dev/sdb6 on /var type ext4 (rw,noatime)
/dev/sdb8 on /run type ext4 (rw,noatime)
/dev/sdc9 on /home type ext4 (rw,noatime)
/dev/sdc1 on /s type ext4 (rw,noatime)
/dev/sdc2 on /d type ext4 (rw,noatime)
/dev/sdc4 on /classic/a type ext4 (rw,noatime)
/dev/sdc5 on /classic/b type ext4 (rw,noatime)
/dev/sdc6 on /classic/c type ext4 (rw,noatime)
/dev/sdc7 on /home/slitt/mail/Maildir type ext4 (rw,noatime)
/dev/sdc8 on /scratch type ext4 (rw,noatime)
/dev/sdc3 on /inst type ext4 (rw,noatime)
[root@mydesk mnt]#
=

* Everything likely to have multitudes of writes under normal operating
conditions is mounted spinning rust.

* Only 1/5 of the SSD is used, so what few writes there are are
distributed across lots of space.

* I delete unneeded stuff and fstrim / every few days, so the SSD
doesn't fill up with erased stuff.

* I expect only 4 years life from any drive, spinning rust or SSD. At
least half of my disks have blown up within 4 years: That's life. My
SSD is currently 4 years old.

The OP's situation differs from mine in one major factor: He has no
spinning rust to offload writes to. So he'll use all the great
suggestions in the thread: noatime, put /tmp and logs in RAM
filesystems, fstrim early and often, and load it exclusively with files
it's meant to handle (I think the OP wanted an mp3 juke box).

Some people suggested using a USB thumb drive for temp and often
written files. This is a great idea because you can buy a 64GB thumb
drive for about $20.00 to $30.00 USD, and just throw it away when it
breaks. Keep the music on the SSD for speed and reliability, but if the
music player software happens to write to /tmp, that's on the thumb
drive that gets replaced every couple years.

An internal 1TB SSD can be had for under $150. External for less than
$200. If you buy 1TB and be sure to use only 100GB, follow all the tips
and fstrim every few days, this SSD should last for years. If we assume
that each song is 5MB, you can hold 20,000 songs in 100GB. If for some
reason you need to store more than 100GB, well, that's what spinning
rust is for: Add one.

So it's true, SSDs run fast and wear out faster, but the wear out
faster part is only if you use them the same way you use spinning rust.

SteveT

Steve Litt
December 2018 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Everything you say is true Steve... Except for one teeny tiny little thing.

In general people, even engineers, tend to expect storage to behave like storage and not
require "special" handling.

At a job I was at a couple of years back, the decision was made to swap SSD for spinning rust in an appliance application that was sold to customers for it's high speed. The use
case was extreme high speed read/write. It worked REALLY well for that and we got a big boost in perfomance. After a couple of years in the field, we started to see significantly
disk higher failure rates than we had with spinning rust... And the customers noticed. Yeah, Oops!

To contrast that, I have 10K rpm spinning rust that has been in use
continuously for over a decade, and isn't unusual to see that kind of longevity.

Flash based storage CAN be made to behave, but even then, it will still wear out significantly faster than spinning rust. Generally the failure tends to be catastrophic unless
utilities to monitor block sparing are used on a regular and on going basis to tell when the unit is approaching that failure point so it can be swapped out before failure. Those
utilities tend to be specific to the storage, so it's not like "just run smartmon".

Maybe someday there will be more generalized utilities for that type of
thing... Not so now.

For now, I know running a Farrari in traffic is a bad idea. They just don't like that.
So I choose a vehicle best suited to the work load, not the

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.


Il 03/12/18 12:53, Alessandro Selli ha scritto:
> On 03/12/18 at 11:30, Edward Bartolo wrote:
>> Running "update-rc.d rsyslog disable 2" resulted in error messages
>> like the following:
>>
>> ERROR MESSAGE:
>> insserv: warning: current start runlevel(s) A of script 'rsyslog'
>> overrides LSB defaults B
>>
>> There were four lines with similar text but with A and B as follows:
>> a) A = (3 4 5); B = (2 3 4 5)
>> b) A = (0 1 2 6); B= (0 1 6)
>> c) A = (3 4 5); B = (2 3 4 5)
>> d) A = (0 1 2 6); B = (0 1 6)
>>
>> Is this Ok?
>
>   Yes, they're just warnings (I take the line "ERROR MESSAGE:" line is
> not from the output of update-rc.d).
>
>
>   On my system, for instance:
>
>
> [root@wkstn02 ~]# ls /etc/rc?.d/???atd
> /etc/rc0.d/K01atd  /etc/rc2.d/S03atd  /etc/rc4.d/S03atd  /etc/rc6.d/K01atd
> /etc/rc1.d/K01atd  /etc/rc3.d/S03atd  /etc/rc5.d/S03atd
> [root@wkstn02 ~]# update-rc.d atd disable 2 3
>  * service atd removed from runlevel default
> insserv: warning: current start runlevel(s) (4 5) of script `atd' overrides 
> LSB defaults (2 3 4 5).
> insserv: warning: current stop runlevel(s) (0 1 2 3 6) of script `atd' 
> overrides LSB defaults (0 1 6).
> insserv: warning: script 'savecache' missing LSB tags and overrides
> [root@wkstn02 ~]# ls /etc/rc?.d/???wdm
> /etc/rc0.d/K01wdm  /etc/rc2.d/S04wdm  /etc/rc4.d/S04wdm  /etc/rc6.d/K01wdm
> /etc/rc1.d/K01wdm  /etc/rc3.d/S04wdm  /etc/rc5.d/S04wdm
> [root@wkstn02 ~]# 
>
>
> Please note that the service atd was disabled on runlevels 2 and 3 only.


  Sorry, I issued the wrong command:


[root@wkstn02 ~]# ls /etc/rc?.d/???atd
[root@wkstn02 ~]# 
/etc/rc0.d/K01atd  /etc/rc2.d/K01atd  /etc/rc4.d/S03atd  /etc/rc6.d/K01atd
/etc/rc1.d/K01atd  /etc/rc3.d/K01atd  /etc/rc5.d/S03atd
[root@wkstn02 ~]# 


  To put everything like before:


[root@wkstn02 ~]# update-rc.d atd enable 2 3
 * service atd added to runlevel default
insserv: warning: script 'savecache' missing LSB tags and overrides
[root@wkstn02 ~]# ls /etc/rc?.d/???atd
/etc/rc0.d/K01atd  /etc/rc2.d/S03atd  /etc/rc4.d/S03atd  /etc/rc6.d/K01atd
/etc/rc1.d/K01atd  /etc/rc3.d/S03atd  /etc/rc5.d/S03atd
[root@wkstn02 ~]# 



  Bye,



-- 
Alessandro Selli 
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

On 03/12/18 at 11:30, Edward Bartolo wrote:
> Running "update-rc.d rsyslog disable 2" resulted in error messages
> like the following:
>
> ERROR MESSAGE:
> insserv: warning: current start runlevel(s) A of script 'rsyslog'
> overrides LSB defaults B
>
> There were four lines with similar text but with A and B as follows:
> a) A = (3 4 5); B = (2 3 4 5)
> b) A = (0 1 2 6); B= (0 1 6)
> c) A = (3 4 5); B = (2 3 4 5)
> d) A = (0 1 2 6); B = (0 1 6)
>
> Is this Ok?

  Yes, they're just warnings (I take the line "ERROR MESSAGE:" line is
not from the output of update-rc.d).

  On my system, for instance:

[root@wkstn02 ~]# ls /etc/rc?.d/???atd
/etc/rc0.d/K01atd  /etc/rc2.d/S03atd  /etc/rc4.d/S03atd  /etc/rc6.d/K01atd
/etc/rc1.d/K01atd  /etc/rc3.d/S03atd  /etc/rc5.d/S03atd
[root@wkstn02 ~]# update-rc.d atd disable 2 3
 * service atd removed from runlevel default
insserv: warning: current start runlevel(s) (4 5) of script `atd' overrides LSB 
defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 6) of script `atd' 
overrides LSB defaults (0 1 6).
insserv: warning: script 'savecache' missing LSB tags and overrides
[root@wkstn02 ~]# ls /etc/rc?.d/???wdm
/etc/rc0.d/K01wdm  /etc/rc2.d/S04wdm  /etc/rc4.d/S04wdm  /etc/rc6.d/K01wdm
/etc/rc1.d/K01wdm  /etc/rc3.d/S04wdm  /etc/rc5.d/S04wdm
[root@wkstn02 ~]# 

Please note that the service atd was disabled on runlevels 2 and 3 only.

Running:

update-rc.d atd disable 

would disable atd on all runlevels.

-- 
Alessandro Selli 
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE

signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch


> I've not used LFS.  I've talked to many people who have.
Thank you for the reply, but you do not quite fit the demographic I was
looking for.
> If your experience with it and its
> associated book is like that of pretty much everyone I've discussed it
> with, once you are done with that learning experience, you will in no
> way want to build significant systems on it, and will have a renewed
> appreciation for distributions where you aren't building everything from
> scratch.
The relaying of others opinion is useful, however I would prefer to hear
it from the horses mouth.

As for WWW sources I don't have the time to vet the credentials of every
individual who has written (bull$hitted) about some topic or other.
I wouldn't trust a technical journalist to be able to get the definition
of the terms 'hack' or 'dongle' correct, let alone get their head around
a distro like LFS.

> Credible reviews:
> https://lwn.net/Articles/85865/
> http://www.tuxmachines.org/node/1715
> http://www.tuxmachines.org/node/2482
> http://www.tuxmachines.org/node/2521
Not a website I am familiar with.

I will accept your statement of "Credible reviews" and follow up, thank you.

> And, um, those weren't difficult to find.  
Not difficult if you already know where to look. Not enough needles and
too large a haystack.

I did not come to Linux as a 'FOSS developer', 'hobbyist' or a 'Windows
debunker' but from an professional enterprise position with Business
Enterprise Sources such as IBM, Oracle etc with such companies as the
source of reference (no good for LFS, and not agenda free). I 'know
different' from others, which is why I am asking 'others' here (such as
yourself) for their opinion, because it has value to me.

>I think you'll be better off
> if you do some basic research rather than expect the Internet to do your
> thinking for you.
I do the thinking, the internet provides the data source to research :)

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch

2018-12-03 Thread Steve Litt

On Mon, 3 Dec 2018 09:49:06 +
g4sra  wrote:

> No I am not trying to start a Distro flame war, I am seeking facts not
> opinions.
> 
> As someone has already pointed out on this mailing list Linux Distros
> in general are taking away the freedom to customise (in particular
> for a specific User case). 

Why are they doing this? DIY people aren't demanding that any distro
solve their problems: They only ask that controls and test points
aren't covered with epoxy. That seems reasonable to me, and when I find
a distro that covers its controls and test points in epoxy, I have to
ask "why?"

> I get that maintenance is an issue, but
> only because software growth has become disproportionate. if there
> wasn't so mush software < require software to manage it all and there would be even less
> software, just look at the number of different software build systems
> there are.

Is it my imagination, or is the preceding paragraph a no-op?

> 
> The all important mantra has been forgotten and lost:
> 
> Do one thing! do it well!

In addition, play nicely with others.

> 
> I have already hit issues in Devuan that have been inherited from
> Debian. The initramfs\initrd should (and used to) do one thing and do
> it well. It is now so convolutely complex you can do away with the
> root filesystem altogether.
> 
> I understand that there are not enough Devuan developers to fix
> everything. I was pondering whether LFS will suit the corner cases
> which even Devuan cannot reach.

You can build a car from a kit. This is wonderful for the person who
treats it as a hobby and has the time to do this, but it's not a
solution for someone who needs transportation.

Building Linux From Scratch all the way up to the point where you can,
for instance, run a business on it, would take sufficient time to call
it a hobby. It's not a replacement for any practical Linux.

SteveT

Steve Litt 
December 2018 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread ael

On Mon, Dec 03, 2018 at 06:24:15AM -0500, Steve Litt wrote:
>  
> 
> Some people suggested using a USB thumb drive for temp and often
> written files. This is a great idea because you can buy a 64GB thumb
> drive for about $20.00 to $30.00 USD, and just throw it away when it
> breaks. Keep the music on the SSD for speed and reliability, but if the
> music player software happens to write to /tmp, that's on the thumb
> drive that gets replaced every couple years.

My calculations show that USB thumb drives are now very poor value.
The cost/bit for USB drives is now higher than for commodity SSD
sata drives, but with far lower performance and endurance.
Given that a USB-to-sata converter cable can be had for less than £5,
just use a a SSD instead. Of course, you really want USB 3 at least,
but even on USB 2, it probably still makes some sense.

ael

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch

2018-12-03 Thread Arnt Karlsen

On Mon, 3 Dec 2018 11:12:11 +0100, KatolaZ wrote in message 
<20181203101211.r7bp2l4nnid7b...@katolaz.homeunix.net>:

> On Mon, Dec 03, 2018 at 09:49:06AM +, g4sra wrote:
> 
> [cut]
> 
> > Has anyone here have actual practical experience of using LFS to
> > build anything moderate (or larger). If so, how much work did it
> > take and was the effort worth it in the long run, were there any
> > shortcomings ?  
> 
> I have used LFS several times in the last 20 years. In most of the
> cases, just to cross-compile for another machine for which any other
> distro would have been just too much. LFS is a great way of learning
> how a Linux system works under the hood. Once you learn stuff from
> LFS, you can customise almost anything in almost any distro for almost
> any personal use case.
> 
> However, I think LFS it's not a particularly good solution for
> everyday use, but this depends a lot on what is your definition of
> "everyday use". You'd probably better suited with something like
> gentoo or Slackware, maybe (but they are both using initramfs in their
> default installs, AFAIK :P). Or learn from LFS and continue using
> Devuan with your personal tweaks :)


..but maybe we can use LFS to shanghai people into Devuan by hijacking 
their LiveCD?: http://www.linuxfromscratch.org/livecd/ "needs" a fix, 
LFS moved on without it: http://www.linuxfromscratch.org/news.html even 
mentions a systemd version of the book, "LFS-systemd"...

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread Lars Noodén

On 12/3/18 1:16 PM, Edward Bartolo wrote:
> Nevermind, I found that prepending a symlink with a 'K' in /etc/rcN.d
> is to disable that script.

See "man update-rc.d" for the official tool for that.

/Lars

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread Steve Litt

On Sun, 2 Dec 2018 11:10:20 -0800
Bruce Ferrell  wrote:

> Yeah, this IS one of the issues around flash/SSD storage... They run
> fast and wear out faster.

The preceding sentence is true but it's not the whole truth. If one
uses SSD the way they would spinning rust, that being run it 80% to 90%
full, with lots of writes, and expects years of service, one will
likely be disappointed. But there are many situations in which SSD has
sufficient lifetime.

Let me start with my setup:

=
[root@mydesk mnt]# mount | grep sda
/dev/sda1 on / type ext4 (rw,noatime)
[root@mydesk mnt]# df -h /
Filesystem  Size  Used Avail Use% Mounted on
/dev/sda1   220G   29G  181G  14% /
[root@mydesk mnt]# mount | grep "/dev/sd"
/dev/sda1 on / type ext4 (rw,noatime)
/dev/sdb1 on /boot type ext4 (rw,noatime)
/dev/sdb7 on /tmp type ext4 (rw,noatime)
/dev/sdb6 on /var type ext4 (rw,noatime)
/dev/sdb8 on /run type ext4 (rw,noatime)
/dev/sdc9 on /home type ext4 (rw,noatime)
/dev/sdc1 on /s type ext4 (rw,noatime)
/dev/sdc2 on /d type ext4 (rw,noatime)
/dev/sdc4 on /classic/a type ext4 (rw,noatime)
/dev/sdc5 on /classic/b type ext4 (rw,noatime)
/dev/sdc6 on /classic/c type ext4 (rw,noatime)
/dev/sdc7 on /home/slitt/mail/Maildir type ext4 (rw,noatime)
/dev/sdc8 on /scratch type ext4 (rw,noatime)
/dev/sdc3 on /inst type ext4 (rw,noatime)
[root@mydesk mnt]#
=

* Everything likely to have multitudes of writes under normal operating
conditions is mounted spinning rust.

* Only 1/5 of the SSD is used, so what few writes there are are
  distributed across lots of space.

* I delete unneeded stuff and fstrim / every few days, so the SSD
  doesn't fill up with erased stuff.

* I expect only 4 years life from any drive, spinning rust or SSD. At
  least half of my disks have blown up within 4 years: That's life. My
  SSD is currently 4 years old.

The OP's situation differs from mine in one major factor: He has no
spinning rust to offload writes to. So he'll use all the great
suggestions in the thread: noatime, put /tmp and logs in RAM
filesystems, fstrim early and often, and load it exclusively with files
it's meant to handle (I think the OP wanted an mp3 juke box).

Some people suggested using a USB thumb drive for temp and often
written files. This is a great idea because you can buy a 64GB thumb
drive for about $20.00 to $30.00 USD, and just throw it away when it
breaks. Keep the music on the SSD for speed and reliability, but if the
music player software happens to write to /tmp, that's on the thumb
drive that gets replaced every couple years.

An internal 1TB SSD can be had for under $150. External for less than
$200. If you buy 1TB and be sure to use only 100GB, follow all the tips
and fstrim every few days, this SSD should last for years. If we assume
that each song is 5MB, you can hold 20,000 songs in 100GB. If for some
reason you need to store more than 100GB, well, that's what spinning
rust is for: Add one.

So it's true, SSDs run fast and wear out faster, but the wear out
faster part is only if you use them the same way you use spinning rust.

SteveT

Steve Litt 
December 2018 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread Edward Bartolo

Nevermind, I found that prepending a symlink with a 'K' in /etc/rcN.d
is to disable that script.

Thanks everyone, especially Dr Klepp.

-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)
If you cannot make abstructions about details you do not understand
the concepts underlying them.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch

2018-12-03 Thread Nate Bargmann

I went through the LFS book and installation about ten years ago and did
not keep it around as my daily driver.  One soon learns the benefits of
a binary distribution and the teams that provide just needed things like
security updates that are integrated with the rest of the system.  After
using Debian for almost ten years at the time, that was an eye opening
experience.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: http://www.n0nb.us  GPG key: D55A8819  GitHub: N0NB


signature.asc
Description: PGP signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch

2018-12-03 Thread Nate Bargmann

* On 2018 03 Dec 04:10 -0600, KatolaZ wrote:
> However, I think LFS it's not a particularly good solution for
> everyday use, but this depends a lot on what is your definition of
> "everyday use". You'd probably better suited with something like
> gentoo or Slackware, maybe (but they are both using initramfs in their
> default installs, AFAIK :P). Or learn from LFS and continue using
> Devuan with your personal tweaks :)

As there are extra steps involved with using a "generic" kernel,
i.e. one that uses an initrd, by default Slackware installs the "huge"
kernel with most everything compiled in.  Using the generic kernel in
Slackware is a deliberate admin choice all the way from building the
initrd itself (even though a helper script is supplied) to configuring
/etc/lilo.conf.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: http://www.n0nb.us  GPG key: D55A8819  GitHub: N0NB

signature.asc
Description: PGP signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread Edward Bartolo

Running "update-rc.d rsyslog disable 2" resulted in error messages
like the following:

ERROR MESSAGE:
insserv: warning: current start runlevel(s) A of script 'rsyslog'
overrides LSB defaults B

There were four lines with similar text but with A and B as follows:
a) A = (3 4 5); B = (2 3 4 5)
b) A = (0 1 2 6); B= (0 1 6)
c) A = (3 4 5); B = (2 3 4 5)
d) A = (0 1 2 6); B = (0 1 6)

Is this Ok?

Inspecting /etc/rcN.d, I found the rsyslog links are now prepended with a K.

Thanks for your helpful replies.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Simon Hobson

g4sra  wrote:

> To clarify some points raised.
> 
> 1) Approx 200 trainees each year, the full course is three years long (but 
> class size will be 30 maximum at any one session). By year 3... 600 Users. 
> After year 3 the trainees details may be purged and resources reclaimed so 
> the server will never have to support more than 600 accounts.
> 
> 2) The trainees progress is stored in a .subdirectory of their home directory 
> by the (annoyingly) proprietary closed source training software.
> 
> 3) The trainees cannot be guaranteed to be sat in the same seat at every 
> training session. In fact, must move to one of the few workstations with a 
> joystick\graphical tablet for specific lessons.

OK those 3 pretty well mandate centralised user management - Samba AD, NIS, 
whatever. Items 2&3 pretty well mandates using a central file server mounted at 
each user workstation for the users' files.
For file sharing, there are pros and cons for different methods. NFS has the 
advantage of allowing a single mount that works for all users - the 
security/permissions management is done by the client system which in this case 
is a machine you manage and can trust (as long as it's been reasonably well 
secured against "inquisitive" users. Samba needs a mount/user and 
security/permissions is handled by the server. A bit of "6 of one, half a dozen 
of the other".

> 4) A downed workstation must be easily replaced without loss of trainees work.

Home directory & files in server, plus automatic rebuild for workstations - box 
ticked.

Would have saved a bit of speculation and discussion had these details been 
provided earlier :-/

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

On 03/12/18 at 10:50, Adam Borowski wrote:
> On Mon, Dec 03, 2018 at 10:33:44AM +0100, Alessandro Selli wrote:
>> On 03/12/18 at 10:05, Adam Borowski wrote:
>>> realtime greatly reduces atime writes, but it's still too much.
>>   I wouldn't say so.  Since relatime updates atime only relative to the
>> present ctime and mtime, it's only changed when one of those two is
>> changed.  That is, updating atime does not require a separate write
>> operation.
> That was the original design -- but alas, it was later changed so the atime
> is updated at least once a day.


  My experience is inconsistent with what you write:


[alessandro@wkstn02 ~]$ mount | grep ' on /home '
/dev/mapper/part6_crypt_home on /home type ext4 (rw,relatime,nobarrier)
[alessandro@wkstn02 ~]$ stat .xsession-errors.old
  File: .xsession-errors.old
  Size: 47036242Blocks: 91880  IO Block: 4096   regular file
Device: fd02h/64770dInode: 655383  Links: 1
Access: (0600/-rw---)  Uid: ( 1000/ alessandro)   Gid: ( 1000/ alessandro)
Access: 2018-07-06 13:22:22.312846358 +0200
Modify: 2018-07-06 13:08:36.392798307 +0200
Change: 2018-07-06 13:22:17.149512721 +0200
 Birth: -
[alessandro@wkstn02 ~]$ date
Mon Dec  3 11:18:47 CET 2018
[alessandro@wkstn02 ~]$ uname -r
4.19.5.wkstn02-0
[alessandro@wkstn02 ~]$ 
 

[...]

> Every inode has to be updated.


  Only when it has to be updated.  That is, only when attributes or data
must be.



-- 
Alessandro Selli 
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread Rick Moen

Quoting Alessandro Selli (alessandrose...@linux.com):

>   Good idea.

Well, in the name of international amity

# touch NIENTE_E_MONTATO_QUI
# chattr +i NIENTE_E_MONTATO_QUI

;->

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch

2018-12-03 Thread KatolaZ

On Mon, Dec 03, 2018 at 09:49:06AM +, g4sra wrote:

[cut]

> Has anyone here have actual practical experience of using LFS to build
> anything moderate (or larger). If so, how much work did it take and was
> the effort worth it in the long run, were there any shortcomings ?

I have used LFS several times in the last 20 years. In most of the
cases, just to cross-compile for another machine for which any other
distro would have been just too much. LFS is a great way of learning
how a Linux system works under the hood. Once you learn stuff from
LFS, you can customise almost anything in almost any distro for almost
any personal use case.

However, I think LFS it's not a particularly good solution for
everyday use, but this depends a lot on what is your definition of
"everyday use". You'd probably better suited with something like
gentoo or Slackware, maybe (but they are both using initramfs in their
default installs, AFAIK :P). Or learn from LFS and continue using
Devuan with your personal tweaks :)

My2Cents

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]

signature.asc
Description: PGP signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC - Linux From Scratch

2018-12-03 Thread Rick Moen

Quoting g4sra (g4...@yahoo.co.uk):

> I was pondering whether LFS will suit the corner cases which
> even Devuan cannot reach.
[...]
> Has anyone here have actual practical experience of using LFS to build
> anything moderate (or larger). If so, how much work did it take and was
> the effort worth it in the long run, were there any shortcomings ?

I've not used LFS.  I've talked to many people who have.

LFS is an exceptionl learning experience, for those who'd like to
understand the Linux-based implementtion of the *ix architecture at a
very fine, nuts-and-bolts level.  If your experience with it and its
associated book is like that of pretty much everyone I've discussed it
with, once you are done with that learning experience, you will in no
way want to build significant systems on it, and will have a renewed
appreciation for distributions where you aren't building everything from
scratch.

Credible reviews:
https://lwn.net/Articles/85865/
http://www.tuxmachines.org/node/1715
http://www.tuxmachines.org/node/2482
http://www.tuxmachines.org/node/2521

And, um, those weren't difficult to find.  I think you'll be better off
if you do some basic research rather than expect the Internet to do your
thinking for you.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread Adam Borowski

On Mon, Dec 03, 2018 at 10:33:44AM +0100, Alessandro Selli wrote:
> On 03/12/18 at 10:05, Adam Borowski wrote:
> > realtime greatly reduces atime writes, but it's still too much.
> 
>   I wouldn't say so.  Since relatime updates atime only relative to the
> present ctime and mtime, it's only changed when one of those two is
> changed.  That is, updating atime does not require a separate write
> operation.

That was the original design -- but alas, it was later changed so the atime
is updated at least once a day.

> >  Case in
> > point: it's the likely culprit for wasting the SD card that started this
> > thread (on a mostly-read load).
> 
> 
> if that filesystem was mounted with the relatime option (or with no
> option at all, since relatime is the default), then it's very unlikely
> it caused any more writes that if it was fully disabled.

You still rewrite every inode once per day.

> >  And, update frequency of 1/day happens to
> > match the typical backup schedule, making it ruin snapshots just the same
> > as strictatime would.
> 
>   Uh?  How can atime "ruin snapshots"?

Every inode has to be updated.  That causes a lot of metadata churn, and
even takes significant space.  Changing this single number tends to cost
far more than a page worth of space -- usual snapshot tools (btrfs, lvm,
etc) CoW more than just the inode.  Thus, for some common loads we're
looking at 5% wasted disk space just for atimes.

> > So it's time to kill the nasty thing.
> 
>   If only it was any nasty.


Some folks say systemd isn't nasty.



Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Ivan was a worldly man: born in St. Petersburg, raised in
⢿⡄⠘⠷⠚⠋⠀ Petrograd, lived most of his life in Leningrad, then returned
⠈⠳⣄ to the city of his birth to die.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] RFC - Linux From Scratch

No I am not trying to start a Distro flame war, I am seeking facts not
opinions.

As someone has already pointed out on this mailing list Linux Distros in
general are taking away the freedom to customise (in particular for a
specific User case). I get that maintenance is an issue, but only
because software growth has become disproportionate. if there wasn't so
mush software

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

On 03/12/18 at 10:05, Adam Borowski wrote:
> realtime greatly reduces atime writes, but it's still too much.


  I wouldn't say so.  Since relatime updates atime only relative to the
present ctime and mtime, it's only changed when one of those two is
changed.  That is, updating atime does not require a separate write
operation.  For this reason:


>  Case in
> point: it's the likely culprit for wasting the SD card that started this
> thread (on a mostly-read load).


if that filesystem was mounted with the relatime option (or with no
option at all, since relatime is the default), then it's very unlikely
it caused any more writes that if it was fully disabled.


>  And, update frequency of 1/day happens to
> match the typical backup schedule, making it ruin snapshots just the same
> as strictatime would.


  Uh?  How can atime "ruin snapshots"?


> So it's time to kill the nasty thing.


  If only it was any nasty.



-- 
Alessandro Selli 
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.


http://hacks.slashdirt.org/sw/flashybrid/

Someone with non-systemd will have to suck it and see.
That someone will be me if no-one else has done it by Valentines Day.


On 02/12/2018 23:11, Alessandro Selli wrote:
> OnIl 02/12/18 at 22:58, g4sra wrote:
>> I have found flashybrid extremely beneficial in the past, on switching
>> from Debian to Devuan Ascii it appears not to be in the repository, is
>> it in Beowulf ?. I am not aware of any dependencies it has on 
>> systemd.
> 
> 
>   It was removed from Debian on January 2017:
> 
> https://tracker.debian.org/pkg/flashybrid
> 
> 
>   Looks like development upstream stopped 11 years ago:
> 
> https://github.com/elcuco/flashybrid
> 
> Latest commit 2a0d291
> 
> on 23 Sep 2007
> 
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan for Raspberry Pi fried SD CARD.

2018-12-03 Thread Adam Borowski

On Mon, Dec 03, 2018 at 02:05:29PM +1100, Erik Christiansen wrote:
> On 03.12.18 00:47, Adam Borowski wrote:
> > On Sun, Dec 02, 2018 at 11:53:39PM +0100, Alessandro Selli wrote:
> > > On 02/12/18 at 17:23, Adam Borowski wrote:
> > > > You'd want to set noatime on every machine
> > > > you control.
> > > 
> > > 
> > >   Some mail servers and clients do use it to determine if a mail was
> > > read after it arrived.  In this case, it'd be better to have it set on 
> > > /var.
> 
> TL;DR: Use relatime there, as noatime will break mutt.

Hmm...
https://gitlab.com/muttmua/mutt/commit/489a1c394c29e4b12b705b62da413f322406326f
https://github.com/neomutt/neomutt/commit/816095bfdb72caafd8845e8fb28cbc8c6afc114f

> > That's no more.  And, let me clarify: atime was used for mail:
> > * only with mbox (Maildir never suffered from this issue)
> > * only on the local machine
> > * only by the shell to say "You have new mail." vs "You have mail."
> >   -- not even by the mail client
> 
> Not true, according to the on-line manual for my current mutt
> installation:
> 
> » Other possible causes of Mutt not detecting new mail in these folders
> are backup tools (updating access times) or filesystems mounted without
> access time update support (for Linux systems, see the relatime
> option).«

In the very post you're responding to, I started with "That's no more.".

> > So the whole effort gave you just a single word in a message, that many
> > people even didn't notice.
> > 
> > And, popular local mail clients are already patched to update atime
> > explicitly.
> > 
> > Ie, atime for mail is an ex-reason.
> 
> A fine assertion, but wiser is to check the facts.

And even wiser to actually change things you don't like. :)

> It would seem then, that noatime will break mutt, but relatime is OK,
> and is now the default. IIUC.

realtime greatly reduces atime writes, but it's still too much.  Case in
point: it's the likely culprit for wasting the SD card that started this
thread (on a mostly-read load).  And, update frequency of 1/day happens to
match the typical backup schedule, making it ruin snapshots just the same
as strictatime would.

So it's time to kill the nasty thing.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Ivan was a wordly man: born in St. Petersburg, raised in
⢿⡄⠘⠷⠚⠋⠀ Petrograd, lived most of his life in Leningrad, then returned
⠈⠳⣄ to the city of his birth to die.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room