Re: Virtual server host with reasonable mail policies?
On 2022-12-30 16:37, Benjamin Scott wrote: > FWIW, my DO VM can initiate TCP to 25 outbound on both IPv4 and IPv6. > It is likely grandfathered, however. They have a somewhat > vaguely-defined blocking policy: > > https://docs.digitalocean.com/support/why-is-smtp-blocked/ O... nice to know. Last time I'd checked -- when IPv6 suddenly was blocking my outbound -- it was an intentional block, with no intention to remove it. I guess times have changed. (The rationale was that, apparently, RBLs were blocking entire v6 subnets, so rather than maybe not be able to send email, they'd save everyone the unpleasantness of uncertainty, and simply block it entirely.) > FYI, this was fixed in Postfix at some point. I don't recall when. Good deal. > There seems to be an increasing trend of DO having their > ASNs/netblocks ending up on blacklists. Allegedly (according to the > blacklists) this is because DO doesn't police their customers closely > enough and/or respond to abuse reports in a good fashion. Huh. I did have to bounce the first IP I got some six(?) years ago, but been smooth sailing since. However, it's good to know it's not a DO priority. I'll keep my eyes open for bounced/bitbucketed e-mails. Indeed, right now, I'm waiting on a reply to an e-mail I sent to a guy who's usually really quick with replies. But it's also a holiday, basically, so I'm not getting exercise jumping to conclusions. > They also have an official position of very strongly discouraging > running email within their systems: Boo! Hiss! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
On 2022-12-30 17:04, Ted Roche wrote: > MS escalation and delisting is useless. I've had to hop IP addresses a > couple of times (which Linode support is awesome about!) but it's a > hassle. At this point, I don't want to abandon Linode after 15 years > of sterling service, but I may have to route outgoing email through > yet another (paid) service to get the mail delivered. I had this same problem with DO. I actually have not one, but _two_ VMs "out there," DO for $5/mo., and this other one -- I honestly don't even remember the vendor, but I can look if anyone's interested -- for something like 20 Euros a quarter or something. It's a relatively unknown vendor, I think, but the box is in Canada, so my latency isn't horrible, and it's got a big disk, so I can store stuffs there (e.g., my ~35 year-old mailbox is beginning to approach even the generous 25 GB on DO). It does my primary job -- secondary DNS -- just fine, as well as a few other things, but ALSO, by dint of, presumably, being relatively unknown, is where I've had Postfix route my MS-bound e-mail. It Just Works(tm). Assuming static IPs, I'd happily relay for either/both of you, if you're interested. And, yeah -- there are exactly zero guarantees that MS won't start rejecting e-mail from that host tomorrow, but so far, it's been ~5 years, and working fine. [Sidebar: I _think_ it's working fine. It's been a while since I've had need to mail an MS/outlook.com/hotmail.com/etc. address.] -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
On 2022-12-30 14:33, Benjamin Scott wrote: > Hi everybody! Hi back! I have a DO node, ad... well, it does most all that you mentioned. I'll respond to particulars in-line. > - Receive email directly (run an SMTP listener on TCP port 25) Yes. > - Send email directly (initiate outbound connections to TCP port 25) NOT IPv6 -- which is annoying AF. But IPv4 works fine. NOTE: if you have both enabled, and are using (at least) Postfix, IPv6 apparently gets the ball, first, and will block _all_ outbound e-mail until disabled. See again: annoying AF. > - Run a web server (HTTP/SSL listener on TCP ports 80 and 443) Yes. > - Run an SSH listener on a non-standard port (remote access) Yes. > - Run a DNS server on UDP and TCP port 53 (authoritative name server) Yes. > - Install and run arbitrary Linux software Yes. > - Fairly low CPU, disk, and RAM usage They've "recently" -- the past few years -- bumped their $5/mo. VM to 1 GB. 25 GB of disk, and one vCPU. Note that it's been a while since I set up my current VM, so these may have changed. > - Hand-holding software like "CPanel" is actively unwanted Not there (I don't think) unless you want it. > All I/we want the provider to do is: > - Provide some kind of UI for low-level VM maintenance Yes. >- Installation of operating system (canned images are fine) Yes. >- Recovery of OS when SSH can't be used Yes. > - Make sure the VM doesn't go down due to power or hardware fault Haven't _had_ it go down, ever, except I think twice: once for a proactive remediation against one of the nastier attacks, and once for proactive migration because some storage was failing. > - Make sure IP traffic keeps flowing ?? Not sure what you're looking for, here. > - Respond to abuse reports to keep reputation at least somewhat OK I generally go and do my own reputation maintenance by talking to RBLs directly. Are there providers that do that for you?? -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Book or online source on modern Linux system files and organization
On 2022-12-21 15:32, bruce.lab...@myfairpoint.net wrote: My laptop keyboard works, at least many of the keys, but some don't. I would wonder if this could mean your numlock is on -- either on your external keyboard, or your internal. Either way, I've seen numlock on laptops turn the right-hand side of the keyboard into a number pad, which can be really annoying to figure out. (This irrespective of OS.) -Ken___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
CRM?
Hey, all. My wife's taken a new(ish) job, and is the tech pubs manager at a company in upstate NY. (She's 100% WFH with occasional visits to company offices.) And they really need a way that "customers" -- both internal and for-real paying customers -- can interact with their documentation, access files, and file tickets. Salesforce is the biggie here in CRM-land, of course, but it costs a boatload, and, for what she, specifically, is doing, is likely overkill. If you've had exposure to a CRM solution, AND a vendor that can offer support, I'd be happy to pass suggestions on. Open Source is winning, but the key "feature" is someone who can hand-hold during install, and be available post-install. Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: ZFS vs btfrs
On 2022-02-24 12:42, Ian Kelling wrote: >> So what I do: >> >> * Create a copy on the destination host. >> * Snapshot it. >> * Mount the snapshot as my rsync backup destination. >> * And make a snapshot of _that_. > I'm confused by those bullets, I understand the general idea though. Sorry. It's been a Hell of a week. What I _should_ have written: * Create a copy, via rsync, on the destination host. This is my "origin" * Create a CoW snapshot of the origin -- giving snapshots datestamps * rsync to the new snapshot * create a (datestamped) snapshot of the newly-rsync'd-to snapshot * rsync to *that* * Rinse and repeat daily And, finally, delete -- or, rather, "btrfs sub del" -- whatever snapshots are outside of my retention period. -K ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: ZFS vs btfrs
On Thu, Feb 24, 2022, 11:55 Ken D'Ambrosio wrote: I use the btrfs-send (which, of course, is modeled after zfs-send)... except, I kinda don't. And this isn't a dig at btrfs (or ZFS), but just paranoia... On 2022-02-24 13:24, Bill Ricker wrote: SAN dutifully copied the block level writes to alternate site, so that panicked also. Oopsie. They had to restore Prod last backup onto UAT system (and recreate all logged transactions... a day of market!) to return to service. It was a bad week. I much prefer semantic (vs block/bit) replication. "Just because you're paranoid doesn't mean they're not out to get you." Dam. OK! I feel better about my belt-and-suspenders measures, now. ;-) -Ken___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: ZFS vs btfrs
On 2022-02-24 11:31, Ian Kelling wrote: > Chuck McAndrew writes: > >> I would add one feature about ZFS that is super useful and that is the >> ability to replicate datasets to a remote server. I don't know if >> btrfs has a >> similar feature, but the ability to have a backup server offsite and >> just setup a cron job to replicate it was awesome for DR. It makes >> backing up >> your snapshots very very easy. >> > > Yes, btrfs has this. I use it mostly through this tool: > https://github.com/digint/btrbk . I recommend it. I use the btrfs-send (which, of course, is modeled after zfs-send)... except, I kinda don't. And this isn't a dig at btrfs (or ZFS), but just paranoia: I'm afraid that, if there were corruption on the source FS, using a FS-specific/replicating tool to do the data transfer might bring over whatever corruption was on the source in the first place. So what I do: * Create a copy on the destination host. * Snapshot it. * Mount the snapshot as my rsync backup destination. * And make a snapshot of _that_. That way, I have two essentially identical CoW hierarchies, but that have "left" the source FS, and gone to the destination one. Not as efficient as sending CoW deltas, but it gives me a little more peace of mind. Yes, my scenario seems awfully unlikely, buut... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: ZFS vs btfrs
On 2022-02-23 11:25, Ben Scott wrote: > Hi all, > > Btfrs vs ZFS. I was wondering if others would like to share their > opinions on either or both? So... really, the two filesystems have a lot in in common. ZFS is absolutely more mature, especially WRT RAID (more below). But btrfs has some really nifty features, and with its arrival in Fedora, is getting the support it so badly needed. So, for me, the big win for btrfs is: alias clone='cp --reflink=always' Hey, presto! You just cloned your base 5 GB virtual image in under a second. You now have tow CoW "copies" of the exact same file, and unlike hard links, you are now free to munge them to your heart's content. NOW: the last time I checked for this on ZFS was sometime around the Sauron's revealing himself as a Dark Power, so maybe ZFS supports it now. And I totally know that ZFS supports lightweight snapshots (as does btrfs), but being able to clone a file -- or an entire hierarchy, such as all of my company's repos -- just so I can have a "play" hierarchy, and a not-play one is handy. Likewise, when editing video files, you can have the original and the tweaked one, with only the delta as additionally used storage. tl;dr: it's handy, especially for lots and lots of files in a hierarchy, or really big, related files. The bad: DO NOT DO RAID =~ /[56]/ ON btrfs. What I do is a ye-olde mdm RAID, and lay btrfs on top of that. Works the bomb. Doesn't give all the bells and whistles that a RAID-savvy FS would (e.g., only rebuilding places with data, instead of the entire volume), but I've had no problems. Last thing: Timeshift is really cool. I wrote my own scripts, but I admit, Timeshift gets 'er done. I assume, but do not know, that there's a similar utility that can make use of ZFS. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Have suggestions for a "roll your own file server"?
On 2021-05-26 12:13, Tom Buskey wrote: My Fedora /etc/fstab has spaces UUID=54103729-6e0a-4345-a2b8-8b8cded29ee1 /boot ext4 defaults1 2 I've had clients initiate rsync for security. I think the client initiation would offload the rsync compute from the server. For a home server, it's nice to just monitor the server instead of multiple clients. I'm not sure which you guys are considering client, and which server. I like to initiate from the thing I'm backing up *to*; that way, if the host being backed up is compromised, they won't have direct access to the backups, themselves, which, in the days of ransomware, seems like a valid concern. (I'd also lock down the host doing the backups pretty tightly.) $.02, -Ken Nice buiild On Wed, May 26, 2021 at 11:00 AM Bruce Labitt wrote: Finally back to this. Built a stack of metal plates that house my RPI4, a boot SSD, a 1TB RAID1 array, and both active and passive USB3 hubs. Machined parts so everything is bolted and clamped down. Have a PWM fan that cools the RPI4 proportional to load that runs under systemd. System boots from SSD. (No SD card.) It's kind of a brick sh!thouse, but it's sturdy. Have created the RAID1 device - or it will be finished in 45 minutes. It is still syncing. Now I'd like to add the md0 device to /etc/fstab. The example I see is with the device name. From https://www.tecmint.com/create-raid1-in-linux/ /dev/md0/mnt/raid1ext4defaults0 0 I've read it is better to use the UUID. Is the following the correct syntax? PARTUUID=my_complete_md0_UUID /mnt/raid1ext4defaults 0 0 where my_complete_md0_UUID comes from $ lsblk -o UUID /dev/md0 Does one need to use tabs in fstab, or are spaces ok? Once I figure this out - I have to figure out some rsync magic. Is it better for the server to initiate the rsync, or the remote devices? After all this I have to make another one. That shouldn't take as long as the first time! For some pictures of the hardware build see https://www.hobby-machinist.com/threads/an-rpi4-based-file-server.92273/#post-846939 On 3/10/21 8:49 PM, Bruce Labitt wrote: I'll take a look at that. Thanks for the link. On Wed, Mar 10, 2021 at 8:15 PM Marc Nozell (m...@nozell.com) wrote: Just to put a plug in for a colleague's work: https://perfectmediaserver.com/It covers everything from disk purchasing strategies, burn-in, filesystems (ZFS, SnapRAID, etc). He also hosts a podcast that folks here may find interesting: https://selfhosted.show/ -marc On Wed, Mar 10, 2021 at 8:08 PM wrote: OK: s/RPi4/some-other-cheap-computer-with-USB-3.x>/g Unless you build multiple Ethernet or WiFi or LTE modem connections your networking will still be the slowest thing. You do not need huge amounts of CPU power, or huge amounts of RAM. My basic point is that if you stick with simple RAID (like mirroring) but also set up a unit that is remote from your own home you could protect your own data from fire, flood and theft to a reasonable level and even protect your friend's data by backing up their data to your device. Add snapshots as suggested by Tom Buskey,perhaps encryption of file systems and data-streams and you can have a rather simple, server where you learn a lot by planning it out and setting it up rather than buying an "off the shelf" solution or simply using a "web backup". And good catch on the USB power supply. md On 03/10/2021 6:53 PM Joshua Judson Rosen wrote: I'm not sure about the Raspberry Pi 4, but up thru the raspi 3+ there are... problems, e.g.: Beware of USB on the raspi: there are some bugs in the silicon that pretty severely cripple performance when multiple `bulk' devices are used at simultaneously, sometimes to the point of making it unusable (e.g. if you want to use a better Wi-Fi adapter/antenna than the one built onto the board, and connect an LTE modem so that your raspi roam onto that if Wi-Fi becomes unavailable, throughput on whichever of those interfaces you're actually using can become abysmal). IIRC the issue is basically that the number of USB endpoints that can be assigned interrupts by the raspi controller is _incredibly small_; and it's common for high-throughput devices to have multiple endpoints per device-- sometimes even one USB device will have more endpoints that the raspi USB controller can handle. Also, `network fileserver with USB-attached hard drives' is kind of the `peak unfitness' for the raspberry pi. Specifically if you've got it attached to ethernet, the ethernet is attached through the same slow-ish USB bus as your HDDs. (the onboard Wi-Fi BTW is SDIO; so if you avoid using the onboard Wi-Fi, I guess you might also be able to make your µSD card faster...) ALSO: you'll really want to use an externally-powered USB hub for USB devices that are not totally trivial, because the raspi's µUSB power supp
Re: rsync question
On 2021-03-09 21:29, Bruce Labitt wrote: A maybe not so smart rsync question... If one uses rsync -avz src/bar /disk2will that copy over everything from src/bar and create a directory bar on disk2? What if src/bar has other users or root? In other words, does the -a mean that it will preserve ownership and links and copy to /disk2? Just don't know if I need sudo or not. I dumbly did a copy. Well, that didn't preserve permissions or attributes. So deleting that... Since I'm trying to back up 100's of GB, thought I'd ask. This is taking a long time, even with USB3 drives and nvme. The '-a' flag is one of the few flags that actually means the same thing for both rsync and cp -- and does much the same thing, too. You should be able to use cp -av /src/bar /disk2 and have it copy attributes/permissions. You need the "sudo" in there to preserve ownership, as non-root can't assign other users' ownerships to the files. The main reason I might recommend "cp" over "rsync" is simply because I find "cp" a little less confusing -- what "rsync" does can vary depending on whether or not there are trailing slashes and so forth, and I never quite remember which is which. But the best thing about rsync is that if it barfs in the middle, you just up-arrow, and it starts over from where you left off. As with "cp", if you want the ownerships preserved, don't forget the "sudo". Note that unless you're transiting a network, I'd leave the "-z" off, because it'll just slow you down (substantially). -Ken___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Access public IP from NAT.
Hey, all. So I finally yanked my Comcast modem ("for reasons," largely having to do with lack of static routes), and put in my own cable modem, a WAP, and a RasPi-4 that's doing routing/NAT. It all works great. But... I have services exposed that I want to access on the public IP. It works *great* from out there, but if I try to access the public IP from my NATted network, no dice. And, sadly, if there's one Linux place where there's a truck-sized hole in my knowledge, it's IP Tables. I've googled the Interwebs to no avail on what magic IPTables stuff would be needed to make it work. Here's my current script: root@ubuntu:/usr/local/bin# cat start-NAT.sh #!/bin/bash export PUBLIC=eth1 export PRIVATE=eth0 echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o $PUBLIC -j MASQUERADE iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $PRIVATE -o $PUBLIC -j ACCEPT = root@ubuntu:/usr/local/bin# cat start-port-forwarding.sh #!/bin/bash export PRIVATE=eth0 export PRIV_IP=192.168.10.1 export PUBLIC=eth1 export JELLYFIN=192.168.10.12 iptables -A FORWARD -i $PUBLIC -o $PRIVATE -p tcp --syn --dport 8096 -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $PRIVATE -o $PUBLIC -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -P FORWARD DROP iptables -t nat -A PREROUTING -i $PUBLIC -p tcp --dport 8096 -j DNAT --to-destination $JELLYFIN iptables -t nat -A POSTROUTING -o $PRIVATE -p tcp --dport 8096 -d $JELLYFIN -j SNAT --to-source $PRIV_IP = If anyone could be kind enough to let me know what extra magic(tm) I need to employ to get at my public IP from inside, I'd be most interested to hear. Thanks! -Ken___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: How was the get-together?
On 2020-02-24 14:57, Ben Scott wrote: > On Fri, Feb 21, 2020 at 10:00 AM Ken D'Ambrosio wrote: > Everyone was so devastated by your inability to attend, they all > left after learning of the news. The price of fame. >> Should we consider getting together again on a regular >> (probably quarterly) basis, maybe with an actual agenda, etc.? > > My personal opinion (and not that of any other person, organization, > or entity) has long been that regular meetings should come before > formal meetings. I'm somewhere in the middle: I've been to the Chelmsford Linux meetup, and they're nice people, etc., etc., but they never seem to actually have anything to talk about. Now, I don't want to scare people away with a desire for formality, but on the flipside, we're getting together "because Linux" and it might be nice to be able to have a way to further that. > So I would suggest picking a date and recurrence interval and > getting that going. Amen. > Perhaps at the next meeting, the question of topics of interest > could be the discussed. (See? Already the synthesis occurs.) Woot! > One concern I do have is: It is often difficult to hear and be heard > in a restaurant venue. It certainly was the other night. At the same > time, it seems like food and drink are an appealing aspect for many. Second, third and fourthed. I'm all ears. I might have a local locale (sorry) that fits the bill for food and a quiet room, but am not sure. I admit I'd prefer to have the two combined -- I liked the old GNHLUG meetings, but it was (if you will) Very Formal when we left Martha's proper and headed upstairs. I'd love to combine food with the ability to discuss stuff. Hmmm... we *did* have that Icinga/IPv6 discussion somewhere in Manchester, and that seemed to work. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
How was the get-together?
Hey, all. I'm deeply, deeply sorry I missed the fun. Tow truck finally got me to Amherst around 7:00, and I still had to walk home from the shop. But enough about me: I'm curious how things went! Was a good time had by all? Should we consider getting together again on a regular (probably quarterly) basis, maybe with an actual agenda, etc.? Curious for input, ideas, and so forth. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Reminder/RSVP -- meet *this Thursday* for chat & beer.
Some days... So! My clutch has gone to that junkyard in the sky, and it will take a miracle for me to make the meeting, being as I'm broken down on the side of the road in Billerica and the cops are gonna tow me for being in the wrong place. (Roadside said 90 minutes; given my situation, I have to agree with the cops.) The table is reserved for "Linux" (or however they interpreted that) and is for 15 -- which as of now is one fewer than RSVP'd, given my absence. Please accept my apologies... -Ken On 2020-02-18 15:17, Ken D'Ambrosio wrote: > Hey, all! Just a reminder that we're going to get together at > Martha's Exchange this Thursday at 6:00. Nothing formal, though > Maddog has threatened to bring a PiDP-11. (Note the add'l 'i' for > those wondering if he needs help with the handtrucks.) > > Trying to get a quick headcount so I know what to tell Martha's to set > aside for us. > > Looking forward to seeing whoever's able to show up! > > -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Reminder/RSVP -- meet *this Thursday* for chat & beer.
Hey, all! Just a reminder that we're going to get together at Martha's Exchange this Thursday at 6:00. Nothing formal, though Maddog has threatened to bring a PiDP-11. (Note the add'l 'i' for those wondering if he needs help with the handtrucks.) Trying to get a quick headcount so I know what to tell Martha's to set aside for us. Looking forward to seeing whoever's able to show up! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Nashua-area folks -- meet up?
On 2020-01-28 15:29, Ben Scott wrote: > On Tue, Jan 28, 2020 at 2:18 PM Ken D'Ambrosio wrote: >> > Should I send something to -announce and/or post it on the website? >> >> That sounds like an excellent idea! > > It seems there is a "Time" field in the announcement template. What > should I put there? "Time". I suppose we shouldn't be blocking out the whole day. I imagine 6:00 might be the way to fly... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Nashua-area folks -- meet up?
On 2020-01-28 14:08, Ben Scott wrote: > On Tue, Jan 21, 2020 at 1:23 PM Ken D'Ambrosio wrote: >>>> Maybe Thursday, the 20th of Feb.? (Safely after Valentine's...) > > Should I send something to -announce and/or post it on the website? That sounds like an excellent idea! "Make it so." (An allusion, of course, to the return of Picard. Something that seems completely appropriate to a Linux mailing list.) -K ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Nashua-area folks -- meet up?
Well, I'll take point on calling Martha's -- if, that is, enough people reply to warrant grabbing a bigger table. Anybody got a preferred time? It's heading toward Feb, and we should probably push it out far enough that there's a chance those that want to come can schedule for it. Maybe Thursday, the 20th of Feb.? (Safely after Valentine's...) -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Nashua-area folks -- meet up?
It's been brought to my attention by someone (*cough*Ben*cough*) that it's been a long, long time since we got together for Linux, grub and suds. While I think full-fledged meetings are probably not on the agenda (ha, ha), is there some interest out there? Maybe crash Martha's some evening? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: systemd and search domains.
On 2020-01-08 17:58, Joshua Judson Rosen wrote: >> Nutshell: clearly, it's time for >> a self-written inotify daemon and call it a day. >> Because it's stupid easy to prepend a line with my domain name every >> time the file changes, >> whereas I'm gettin' old trying to figure this out through a more >> elegant mechanism. > > Ha! An inotify monitor actually seems like a pretty elegant solution to > me! > (though maybe I should point out that I got some of my aesthetic sense > from growing up watching The Red Green Show...). I done did it. (Yeah, I use Ruby for my CLI stuffs; it's pretty much replaced Perl as my go-to for any systemy stuff. But this time, I decided not to make it a Ruby script and just threw in a -pie one-liner like the olden Perl days. It's not particularly pretty, but hey...) -- gozer # cat /usr/local/bin/dnssearch.sh #!/bin/bash # Prepends my domain to DNS search line in resolv.conf resolv="/run/systemd/resolve/stub-resolv.conf" while true do grep jots.org /run/systemd/resolve/stub-resolv.conf || \ echo "Prepending jots.org to domain search list" ruby -pi -e 'gsub(/search /, "search jots.org ")' "$resolv" inotifywait -e modify "$resolv" # Here and not at top to be sure fires once sleep 3 done -- gozer # cat /etc/systemd/system/dnssearch.service [Unit] Description=Date to file on-disk After=getty.target [Service] Type=simple User=root WorkingDirectory=/tmp ExecStart=/usr/local/bin/dnssearch.sh Restart=always [Install] WantedBy=multi-user.target -- gozer systems # systemctl status dnssearch ● dnssearch.service - Date to file on-disk Loaded: loaded (/etc/systemd/system/dnssearch.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2020-01-08 18:14:13 EST; 6min ago Main PID: 13429 (dnssearch.sh) Tasks: 2 (limit: 4915) CGroup: /system.slice/dnssearch.service ├─13429 /bin/bash /usr/local/bin/dnssearch.sh └─13700 inotifywait -e modify /run/systemd/resolve/stub-resolv.conf Jan 08 18:14:16 gozer dnssearch.sh[13429]: Watches established. Jan 08 18:14:28 gozer dnssearch.sh[13429]: /run/systemd/resolve/stub-resolv.conf MODIFY Jan 08 18:14:28 gozer dnssearch.sh[13429]: # configured search jots.org domains. Jan 08 18:14:28 gozer dnssearch.sh[13429]: search jots.org jots.org Jan 08 18:14:31 gozer dnssearch.sh[13429]: Setting up watches. Jan 08 18:14:31 gozer dnssearch.sh[13429]: Watches established. Jan 08 18:14:53 gozer dnssearch.sh[13429]: /run/systemd/resolve/stub-resolv.conf MODIFY Jan 08 18:14:53 gozer dnssearch.sh[13429]: Prepending jots.org to domain search list Jan 08 18:14:56 gozer dnssearch.sh[13429]: Setting up watches. Jan 08 18:14:56 gozer dnssearch.sh[13429]: Watches established. -- First prepend was when I fired up the service and my domain wasn't already in there; second was when I launched the VPN. > Watch out for the `inotify-handler writes and re-triggers itself > resulting in an infinitely-long "search" line' problem, > obviously? :) Yeah, I've stubbed my toe on that w-a-y back when inotify first came out. That, and just not firing too frequently should $stuff be happening, are the reasons for the three-second sleep. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: systemd and search domains.
On 2020-01-08 16:22, Dennis Straffin wrote: Newer Ubuntu systems use systemd-resolved which doesn't seem to support split-horizon dns (at least last time I looked). One solution is to go back to using dnsmasq. Wups. Meant to reply with this to all, earlier. Going to add verbiage for dnsmasq, too. == Welp. * I used to do the dnsmasq thing, and it works really well, but it's kind of a pain to set up all the DNS servers and stuff for internal use, and you occasionally get stuff wrong. It's a big enough win for VPN to be handling that that I think I'll let it continue doing it. * I tried Joshua's suggestion of openresolv, and it's got exactly what I want, and happily prepends the domain to resolv.conf... until the VPN (GlobalProtect) steps on it. * I did some systemd reading, and realized that there's a way to do this through systemd: edit /etc/systemd/resolved.conf. Which likewise gets stepped on by GlobalProtect * I tried Ted's idea, thinking maybe I hadn't looked closely enough at the network UI, and I was right: I hadn't! Except when I went to edit the entries, they echoed exactly what I'd done with /etc/systemd/resolved.conf. So it's probably fronting exactly that. I *think* I'd be able to make it work through OpenConnect, except that it seems OpenConnect isn't doing MFA (at least, with the GlobalProtect?) Nutshell: clearly, it's time for a self-written inotify daemon and call it a day. Because it's stupid easy to prepend a line with my domain name every time the file changes, whereas I'm gettin' old trying to figure this out through a more elegant mechanism. Thanks for suggestions, all! -Ken * Install dnsmasq: apt get install dnsmasq * Update /etc/NetworkManager/NetworkManager.conf: [main] ... dns=dnsmasq * Add a dnsmasq config file to /etc/NetworkManager/dnsmasq.d/foo.conf with your servers: server=/foo.bar/bar.baz/1.2.3.4 * Restart network manager: sudo service network-manager restart * You might have to stop and disable the dnsmasq and resolved units: sudo systemctl stop systemd-resolved dnsmasq sudo systemctl disable systemd-resolved dnsmasq * You might also have to link /etc/resolv.conf to the network manager generated one: sudo mv /etc/resolv.conf /etc/resolv.conf.orig sudo ln -s /run/NetworkManager/resolv.conf /etc/resolv.conf -Dennis On 1/8/20 2:37 PM, Ken D'Ambrosio wrote: Hey, all. When I fire up my VPN, it re-writes my /etc/resolv.conf. Shocker. But I *want* it to, because then all my DNS stuff is good for my company. But it's NOT good for my personal domain. I'd like to have that added to the search domains. I'm in Ubuntu; not sure if that matters. From my reading: * I can the search domains on a per-interface manner, but that seems hokey, and subject to issues if I use something (e.g., Bluetooth) to be my conduit to the 'Net. * /etc/resolv.conf shouldn't be manually modified as it'll just get overwritten (and I don't want to make it immutable because I want it to change depending on whether I'm using VPN or no) * /etc/dhclient/dhclient.conf (apparently) doesn't matter any more if you're running NetworkManager So, my question: is there an elegant, global way to set/append to my DNS domain search list? Or am I just gonna wind up writing a daemon to wham an resolv.conf in-place depending on the current network config? Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
systemd and search domains.
Hey, all. When I fire up my VPN, it re-writes my /etc/resolv.conf. Shocker. But I *want* it to, because then all my DNS stuff is good for my company. But it's NOT good for my personal domain. I'd like to have that added to the search domains. I'm in Ubuntu; not sure if that matters. From my reading: * I can the search domains on a per-interface manner, but that seems hokey, and subject to issues if I use something (e.g., Bluetooth) to be my conduit to the 'Net. * /etc/resolv.conf shouldn't be manually modified as it'll just get overwritten (and I don't want to make it immutable because I want it to change depending on whether I'm using VPN or no) * /etc/dhclient/dhclient.conf (apparently) doesn't matter any more if you're running NetworkManager So, my question: is there an elegant, global way to set/append to my DNS domain search list? Or am I just gonna wind up writing a daemon to wham an resolv.conf in-place depending on the current network config? Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: COBOL on HPUX
On 2020-01-06 22:44, R. Anthony Lomartire wrote: So I recently landed a job working in COBOL on HP-UX. It's been a trip! Oh, man. You just had to go there. Why, yes, as a matter of fact, I *do* have a COBOL on HP-UX story. I was working at a startup c. 2002, and we wanted to use the PointMan ERP system on our HP-UX hosts. (Linux wasn't yet an option for PointMan.) So I, a relative HP-UX neophyte, ordered COBOL for some thousands of dollars. I got, in a FedEx envelope: one (1) sheet of paper with one (1) serial number and a phone number to order more stuff. Period. I mean, silly me. For a couple of thousand bucks, I'd expected install media, release notes, some accompanying documentation. *SOMETHING* So I call the phone number and am like, "What in the world do I *do* with this??" They transfer me to another number. Which transfers me to another number. Which transfers me to another number. Who gives me a number they promise will be able to help. It's only after I hang up that I realize it's the first number I'd called -- the one on the piece of paper. At this point, I begin to doubt my sanity. Oh -- and did I mention the ERP system, itself, cost something north of $150K, and I had the CFO breathing down my neck to get it installed, like, yesterday? I finally find some poor woman who's at least, like, *heard* of COBOL. And she gets me to people who are willing to help me -- if I pay the $750 (? -- I think that's right) maintenance fee. So I do. And get connected with a very helpful engineer who explains the software is on the install media that *came with the system*; I just needed the serial number to activate it. "Except, oh, yeah, YOUR version of the install media has a bug, and COBOL won't install. I need to mail you a file." "So, you mean, even if I knew HP-UX super-duper well, I *STILL* wouldn't have been able to install it?" "Yeah, that about sums it up." Again: release notes. Errata. An fscking URL. ANYTHING. I wrote our HP rep a letter the likes of which I generally try not to write. He called me up and asked what he could do to make it right. I said that was impossible, but implored him not to screw over other customers. That's a top-five most-frustrating-thing ever. I sincerely hope that things have changed in the intervening time. -Ken This stuff is from before my time but it's been really interesting to learn. Have any of you folks worked with this stuff? We're looking to migrate away eventually, maybe anyone with experience there? I'd love to hear any stories about COBOL or old enterprise mainframe applications you've worked with. We're probably going to be hiring soon too if anyone would be interested in a similar gig. :) ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Runaway log...
On 2020-01-06 21:43, Joshua Judson Rosen wrote: > On 1/6/20 8:45 PM, Ken D'Ambrosio wrote: > > Buffered in journald, maybe? GNU bless you, good sir. Did the trick -- and a good thing, as it was still happily spamming away. Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Runaway log...
OK, guys. CentOS 7.1. I've got an OpenStack process that wigged out and was logging like crazy to /var/log/messages. So I killed it. FORTY FIVE MINUTES AGO. And still, log lines that must've been buffered... somewhere, are flying into the messages file. Gigabytes of them, e.g., Jan 6 20:42:56 sca1-drstack01 neutron-server[27127]: Exception RuntimeError: 'maxiException mum RuntimeErrorr: e'cmuaxrismuim roencu rdsieonp tdehp the xecxcddede wdhi lew cahlillien gc aal lPiyntgh oan Poybtjheocnt 'o in bject'> ignored Now, 27127 is dead, gone, not in the process table. Not a zombie, not nothing. I restarted the syslog... and the logging stopped for a few seconds, and then restarted. How in blazes do I find what's buffering the logs, and how do I flush it?! I've run into this once before and did *something*, but damned if I can remember what. All ears; my disk space is finite. (I've already truncated the file twice.) Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: SSH and domain wildcards.
On 2019-11-07 14:54, Bobby Casey wrote: On Wed, Nov 6, 2019 at 11:36 PM Joshua Judson Rosen wrote: i.e.: you just got the order backward :) So what you're trying to say is "Ken should read the fluffy manual"? The *next* time you manage to blow all the caps on your video card, buddy, go find someone *else* to help you troubleshoot.___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
SSH and domain wildcards.
OK. Feeling kinda dumb. So! === $ head -6 ~/.ssh/config Compression yes ForwardX11 yes User kdambrosio Host *.foo.com User ken === So I've got kdambrosio (my work username) as my default, however, when I try to log into bar.foo.com, it's not using "ken", it's using "kdambrosio". Can someone show me where I'm screwing up? Thank you kindly, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Edit over SSH.
Hi, all. In Emacs, it's trivially easy to open a file on a remote host: emacs /user@host:/path/to/file And while I *do* enjoy Emacs, I admit that some of the other IDE/editors I've seen look kind of nifty. But opening files via SSH is really, really handy -- to the point where I consider it a dealbreaker to not have it. I found Visual Code can do SSH, but you have to (at least, by my reading) set up per-host profiles, etc. Bleh. I know that vim can do it, but I'm just not a vim guy. I'm just not interested in doing some out-of-the-box thing like sshmount (or whatever it is). So, at the end of the day, anyone have an editor they enjoy where it's as easy to open a file over SSH as it is in Emacs? Thanks for any thoughts you might have... -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Multiple IPv4 addresses per NIC (w/o aliases, VLANs, etc.)
So, I didn't know this was "a thing." And, apparently, "ifconfig" doesn't know it, either. However, with "ip addr add", you can assign multiple IPv4 addresses to a given interface: methusalah # ifconfig tun0 tun0: flags=4305 mtu 1500 inet 192.168.23.50 netmask 255.255.255.255 destination 192.168.23.49 inet6 fe80::6d4d:9731:4512:1f75 prefixlen 64 scopeid 0x20 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 9 bytes 432 (432.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 methuselah FAQ # ip addr add 10.20.30.40/32 dev tun0 methuselah FAQ # ip addr show tun0 4: tun0: mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none inet 192.168.23.50 peer 192.168.23.49/32 scope global tun0 valid_lft forever preferred_lft forever inet 10.20.30.40/32 scope global tun0 valid_lft forever preferred_lft forever And yet ifconfig doesn't even show the new info. Note that this is dinstinct from "tun.0" or "tun:0" (VLAN and alias, respectively). Is the ability to have multiple v4 addresses against a given NIC a new feature? Is it somehow bogus? Maybe it's an extension of the way that v6 works, since v6 has always allowed multiple addresses/NIC -- perhaps aliases are deprecated? Just wondering if anyone else has noticed this... -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Russian incursion... to my bulletin board.
Hey, all. I belong to the last of a dying breed, a bulletin board. (No, we no longer do dialup; it's accepted telnet since '90 or so.) And it's currently under the purview of someone, though he hasn't been able to give it the attention it needs, so I think it's about to go to Digital Ocean. (Indeed, as I type this, it's offline -- which is responsible for the whole line of thinking for this e-mail.) Migration would normally be unremarkable, and not require an e-mail here, but... the damn Russian botnet problem (the one that brought Dyn down last year) has also caused us an issue. The current admin has largely mitigated it through blacklists, but I was wondering if there might be a more graceful approach. Issue: the botnet attempts to expand by searching for other embedded devices (generally, cameras)... by way of port 23. Telnet. At any given time, we may have a dozen bogus connections from botnets, all trying to log in as "admin". Of course, they fail, but they chew up ports, and seem to even have uncovered a bug in the BBS code, just by raw number of connections. Can anyone think of a way to act as a proxy and: * Accept a telnet connection * Offer a login prompt * Reject/close the connection if the username offered is "admin" * Forward on the connection/credentials and act as a proxy if it's literally anything else? I've taken a stab at it in Ruby, but seem to have issues understanding exactly how the telnet module works... Thanks kindly for any thoughts or insights, -Ken P.S. If/when it comes back up: telnet://bbs.iscabbs.com if you're that interested in logging in like it's 1993. Apologies to Prince. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: bandwidth capture question
Hey, Joshua. Honestly, you're "doing it wrong," for a few reasons. * Capturing *everything* would be huge -- almost certainly fill up your hard disk in relatively short order. * Wireshark isn't the thing to capture it with. If you want that, dump it using "tcpdump" (or its Windows equivalent), and then look at it later, with Wireshark. * But, as noted in the initial point, that gets big, VERY fast. Instead, I would recommend just watching metrics -- does Windows show byte counts on an interface? If so, monitor that minute-by-minute. Or -- probably an even better choice -- get some software that will monitor per-IP usage. Though others may have actual suggestions on software to use, as I don't. However, NONE of that will even work if you don't have a switch set up with port mirroring. Ethernet these days is switched, which means that simply plugging into the same switch will only show you broadcast traffic, not point-to-point traffic. So you'd miss out on something like 99% of the data. Given the scenario you mention (basically, "Comcast modem"), I think you'll probably need to pick up a smart Ethernet switch -- one that has port mirroring -- to even get started down this road. All of this is relatively non-trivial, but could probably be worked through if you're really trying to make it happen. -Ken On 2018-05-04 13:09, jsf wrote: > Hi friends, > > I am IT dir. at a small independent school in CT nowadays. I have a comcast > modem. my firewall plugs into a wired port in the comcast modem. I have an > old PC running windows 8.1. I have installed wireshark on the old PC. I > have plugged the old PC's network interface into another wired port on the > comcast modem. Ideally I would like to use wireshark to capture EVERYTHING > going across the modem - basically everything that is going in and out of the > connection between the modem and my firewall. I am at a loss w/r/t how to > set this up properly. > > a step-by-step how to, or even a quick shared screen session or phone call > would be appreciated. > > I am trying to get a sense regarding the schools' bandwidth usage.. we have > 150/25 over coax. i think performance is pretty good most of the time (we > are a small school).. but not everyone agrees with me. If we have too little > bandwidth (are hitting a max periodically) I'd like to know that. > > Thanks in advance for help with this and recommendations about anything else > I should put on this old PC to help with this exercise. > > best wishes, > > Joshua > -- > > [1] > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ Links: -- [1] http://www.linkedin.com/in/jfreeman___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Amusing "Wups."
I just told my daughter that there was another song, "Hello," that was popular before Adele's version. Shockingly, however, Alexa seemed unfamiliar with it when I told her, "Alexa, play 'Hello', by Dennis Ritchie." D'oh. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: ARP weirdness.
I'm guessing it was some sort of broadcast storm. Though a very confusing one -- if I unplugged the cable, it stopped. Plug it back in, and lo! Starts again. However, I finally gave up trying to supply the VLAN to the Linux box by way of a trunk, and just plugged the (still-tagged) interfaface straight in... and all was fine. So I guess I don't care (the box has, like, a zillion interfaces), but I'm still pretty darn confused by it. -Ken On 2017-11-10 18:48, Ben Scott wrote: > On Wed, Nov 8, 2017 at 4:49 PM, Ken D'Ambrosio <k...@jots.org> wrote: >> Ubuntu box acting as a router for some subnets. >> >> [192.168.200.12] <-1302 VLAN->[switch]<-1302 VLAN->switch<-1302 VLAN-> >> [router @ 192.168.200.1] > > So, to clarify, the Ubuntu box is at .1? What is .12? > > Can you give a concise description of what else is on the VLAN? > >> The link is getting utterly spammed with ARP requests for >> 192.168.200.12. > > How are you determining this? Packet sniffer? If so, where? > > Are these ARP requests originating from the .1 box? You have verified > this by MAC address of the sending system? If you unplug .1 to test, > does the flood stop? > > One thought that immediately occurs to me is a broadcast loop. Any > chance of a physical loop (e.g., cable plugged into two switch ports > on the same VLAN)? Are you running spanning tree any/everywhere? > > What are the switches? Any particular config applied to the VLANs, > beyond the VLAN itself? Any weird config applied to the switch in > general? > > -- Ben > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
ARP weirdness.
Hey, guys. Have an Ubuntu box acting as a router for some subnets. I have one VLAN, 1302, on which subnet 192.168.200.0/24 resides. The network looks a bit like this: [192.168.200.12] <-1302 VLAN->[switch]<-1302 VLAN->switch<-1302 VLAN-> [router @ 192.168.200.1] The link is getting utterly spammed with ARP requests for 192.168.200.12. Tens of thousands a second. AND it's also getting spammed (at a much reduced rate) with ARP responses. That, in-and-of itself is already pretty confusing. But what trumps it is the fact that the Linux box *already has 192.168.200.12 and the corresponding MAC in its local ARP table*. Thus precluding the need to even make ARP requests, much less tens of thousands a second. The box has been booted; it made no apparent difference. W. T. F. I'm kinda stumped on this, and would gladly accept any ideas... Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Is Amazon AWS/EBS snapshotting just LVM, or what?
I would say it's unlikely to be LVM, because LVM is content-ignorant; it snapshots the entire volume, which is inefficient, and when you're Amazon, you care a LOT about being efficient. Instead, I imagine they're using some content-aware CoW solution such as ZFS. But, whatever mechanism, I agree with your opinion: I doubt that their solution -- almost certainly CoW of some sort -- stands a chance of being more than even slightly impactful. $.02, YMMV and other assorted disclaimers, -Ken On 2017-09-28 13:16, Joshua Judson Rosen wrote: > I'm working on a project that uses Amazon AWS-provided VPS instances, > and the other guy on the project is telling me that "snapshotting > hourly may degrade performance", > and I'm trying to determine where that's actually true. My gut feeling > is that it sounds kind of bogus. > >> From the information I've been able to find about how Amazon's stuff >> works (either in terms > of how it's _implemented_ [for which I'm finding basically no insight] > or how it's _characterized_ > [in the engineering sense, not the literary sense]...), it really > sounds a _lot_ like Amazon > is just using LVM snapshots, e.g. from > <https://aws.amazon.com/ebs/faqs/>: > > "snapshots can be done in real time while the volume is attached and > in use. >However, snapshots only capture data that has been written to your > Amazon EBS volume, >which might exclude any data that has been locally cached by your > application or OS." > > "By design, an EBS Snapshot of an entire 16 TB volume should take no > longer than the time >it takes to snapshot an entire 1 TB volume. However, the actual time > taken to create >a snapshot depends on several factors including the amount of data > that has changed >since the last snapshot of the EBS volume." > > ... though I'm not entirely sure how to interpret that last bit about > "time taken to create a snapshot > depends on... the amount of data that has changed since the last > snapshot"; > the _first half of that statement_ reads as "creating a snapshot is > constant time", > which basically screams to me "copy-on-write just like LVM, and > they're probably implemented > in terms of LVM". > > Any insight here as to whether my gut is correct on this, or whether > I'm actually likely > to notice an impact from hourly snapshots of, say, a 200-GB volume? > How about a 1-TB volume? > > The only thing I'm seeing from Amazon that seems to _vaguely_ support > (maybe) the notion > that `snapshotting too often' would be something to worry about is > this bit from elsewhere > in that same FAQ page (under the heading of "performance", whereas the > others were > under the heading of "snapshots" and a subheading of "performance > consistency of my HDD-backed volumes": > > Another factor is taking a snapshot which will decrease expected > write performance > down to the baseline rate, until the snapshot completes. > > ... and, taken in the context of the previously-cited notes about > snapshots being > `not base on volume-size but maybe influenced by > changed-since-last-snapshot set size' > (and in the context of the explanations they give for HDD-backed vs. > SSD-backed storage), > I'm basically reading that as: > > `if you're using HDD-backed storage then it's because you care about > *throughput* >more than *response time* and are likely to be monitoring throughput, >and if you're monitoring throughput you may notice a *momentary dip > in throughput* >as the *HDDs* need to seek around to find the volume boundaries and > set up the COW records.' > > Even if you don't have any insight into what's actually happening > under the covers at Amazon, > does my reading of all of this sound right to you? > > And, perhaps more interestingly, are these same caveats from Amazon > generally applicable to LVM? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Ruby slow to launch (was L-o-n-g delay for rc.local in systemd on Ubuntu.)
Well, I don't know what was wrong with catting random data to /dev/random and /dev/urandom, but it didn't to diddly. "apt install haveged", howver, and I'm now booting in ~20 seconds instead of 3 - 5 minutes. (It adds entropy -- or, if you prefer, "entropy" -- by seeing how long certain things take to execute, and then doing it again, and again, and looking for deltas.) #winning Thanks, all... -Ken On 2017-08-08 15:18, Joshua Judson Rosen wrote: > On 08/08/2017 02:52 PM, Ken D'Ambrosio wrote: >> On 2017-08-08 14:43, Bill Freeman wrote: >>> I don't know, but getrandom() may well be using /dev/urandom (or a >>> related facility). And that, in turn, might be waiting to "collect >>> sufficient entropy". So some network traffic, keystrokes, whatever, >>> need to happen between boot time and the first random emission, or >>> that first "random" number becomes predictable. Since random numbers >>> are often used cryptographically, predictability is a bad thing. >> >> True, but there's debate about just *how* predictable, etc. Not a >> subject for this particular thread, but I'd be perfectly happy with >> udev >> almost-as-random. >> >>> As to why ruby is designed to require a random number before being >>> asked to do something dependent on such a random number is a question >>> for the ruby developers. >> >> Email already sent. :-) >> >>> Re-linking /dev/urandom will probably break lots of things. Maybe >>> run >>> your script in a chroot jail that has a different /dev/urandom could >>> work. >> >> Alas, no -- I'm doing various admin chores, and a chroot won't be >> helpful. >> >>> Is your script too complex to rewrite in bash? Not a general >>> solution, but as a workaround it has its appeal. >> >> *sigh* This is probably where I'm gonna wind up (or Perl, or Python). >> Except I've now written a good handful of scripts that people are >> waiting on, and it's gonna cause me physical pain to have to re-do >> them >> at this point. >> >> C'est la vie. I guess that's the way the Ruby crumbles... > > Instead of rewriting the whole thing, why not just seed the RNG > manually? > > Slightly relevant-looking discussion BTW: > > https://bugs.ruby-lang.org/issues/9569#note-56 > > ... mainly in that it points to the updated random(4) Linux man page, > which says: > >The /dev/random interface is considered a legacy > interface, and >/dev/urandom is preferred and sufficient in all use cases, > with the >exception of applications which require randomness during > early boot >time; for these applications, getrandom(2) must be used > instead, >because it will block until the entropy pool is initialized. > > So, there you go. "until the entropy pool is initialized" is apparently > about 3 minutes in your case ;) > > You should be able to explicitly seed Ruby's internal RNG, > or explicitly seed the system RNG by writing bytes into > /dev/random or /dev/urandom. > > If you want `instant good entropy' at boot, you can even store > some random data into a file at shutdown and then seed from that file > at boot (be sure to invalidate that cache before seeding from it > though, > to ensure that you don't use the same seed twice!). IIRC there are > some preexisting packages for this, and some distributions even do it > by default. > > If you write a systemd service, it looks like you can depend on > systemd-random-seed.service. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Ruby slow to launch (was L-o-n-g delay for rc.local in systemd on Ubuntu.)
On 2017-08-08 15:18, Joshua Judson Rosen wrote: >The /dev/random interface is considered a legacy > interface, and >/dev/urandom is preferred and sufficient in all use cases, > with the >exception of applications which require randomness during > early boot >time; for these applications, getrandom(2) must be used > instead, >because it will block until the entropy pool is initialized. > > So, there you go. "until the entropy pool is initialized" is apparently > about 3 minutes in your case ;) Yeah... getrandom() apparently pings /dev/urandom by default which, as per the getrandom manpage, blocks until it has entropy. Sounds like we've wound up at much the same place: I took some data off of /dev/random, stored it in a file, and am feeding that to /dev/urandom at boot time (and re-seeding the file after five minutes' uptime). Alas (because, you know, deadline), that doesn't seem to be working. Which is really, really annoying. I'm *still* blocking for three-to-five on getrandom(). I guess it's time to cut my losses and start this in a different language. I mean, most of the hard stuff was figuring out *how* to do things, but I admit, my Perl and Python have grown rusty as I've enjoyed my Ruby... -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Ruby slow to launch (was L-o-n-g delay for rc.local in systemd on Ubuntu.)
On 2017-08-08 14:43, Bill Freeman wrote: > I don't know, but getrandom() may well be using /dev/urandom (or a > related facility). And that, in turn, might be waiting to "collect > sufficient entropy". So some network traffic, keystrokes, whatever, > need to happen between boot time and the first random emission, or > that first "random" number becomes predictable. Since random numbers > are often used cryptographically, predictability is a bad thing. True, but there's debate about just *how* predictable, etc. Not a subject for this particular thread, but I'd be perfectly happy with udev almost-as-random. > As to why ruby is designed to require a random number before being > asked to do something dependent on such a random number is a question > for the ruby developers. Email already sent. :-) > Re-linking /dev/urandom will probably break lots of things. Maybe run > your script in a chroot jail that has a different /dev/urandom could > work. Alas, no -- I'm doing various admin chores, and a chroot won't be helpful. > Is your script too complex to rewrite in bash? Not a general > solution, but as a workaround it has its appeal. *sigh* This is probably where I'm gonna wind up (or Perl, or Python). Except I've now written a good handful of scripts that people are waiting on, and it's gonna cause me physical pain to have to re-do them at this point. C'est la vie. I guess that's the way the Ruby crumbles... -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Ruby slow to launch (was L-o-n-g delay for rc.local in systemd on Ubuntu.)
Well, I tried Tom's solution, and it made not a whit's worth of difference. Because, assuming my ignorance about systemd equated with slow boot time, I hadn't troubleshot further than that. Turns out that it's *Ruby's* fault. A command like this: ruby -e 'puts 1' is blocking for *THREE MINUTES OR MORE* on getrandom() for the first post-boot execution. (Subsequent ones run fine.) Which leads to all sorts of questions: * Why in the Hell do we care about getrandom() when we're printing an integer?? * Couldn't we just use /dev/urandom and be done with it? * So much etc. I love Ruby -- a lot -- but this is bash-my-head-against-the-monitor bad. Any suggestions? Simply renaming /dev/random to something else and doing "ln -s /dev/urandom /dev/random" doesn't seem to be doing the job. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
L-o-n-g delay for rc.local in systemd on Ubuntu.
Hey, all. I've got some stuff in my rc.local, and it takes *forever* to execute -- three+ minutes. (Note that the machine -- a virtual one -- is up in something like 20 seconds.) I *need* this stuff, which is lightweight in the extreme, to execute much more quickly than that. Anyone have any ideas on how to make that happen? Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux for time lapse and wifi?
On 2017-06-28 10:31, Richard Kolb II wrote: > Hello all, > > I'm looking into using a pine a64 running ubuntu mate to setup a time > lapse photo using a standard digital camera controlled over USB. I > haven't done a ton of research into it yet, but I wanted to see if > anyone else has done something similar and had some advice/opinions. I > was thinking of setting this up first as a way to capture an event > going on, and second as a wildlife/security camera. Well, I bought the Pinebook, and -- given its price, among other things -- seems like it would do a fine job using its webcam. But if you want high quality stuff, I suppose a "real" camera is the way to fly, and not a webcam (be it part of a Pinebook or something external). > I'm also thinking about using it as a wifi access point, the location > that it'll be installed, a remote house in Maine, will have a dsl > connection, but right now I don't have a wireless router, and since I > have this handy I thought I'd take advantage. I set up my RasPi 3 as a WAP, and I have to say, it just didn't work that well -- egregiously slow, and low power to boot. I guess the system is underpowered for the task, based on the reading I did. I'd have to recommend using a stock WAP to make that happen -- bet you could find one for $15 on Craigslist or something. $.02, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Need to copy a 200GB directory
200 GB on locally mounted filesystems just isn't all *THAT* much. I'm not quite sure how you'd use 'dd', but cp or rsync should do the trick just fine. Note that rsync has the added benefit of being able to, essentially, start from where you failed -- but I usually reserve that for network file transfers that take long enough I'm worried a brownout or something might interrupt it. $.02, -Ken On 2017-06-26 15:11, Charles Farinella wrote: > We need to copy a large (200+GB) directory from one filesystem to > another, both locally mounted. > > I'm unsure as to what I should use to do this, cp, rsync, dd? > > Any suggestions appreciated. > > Thanks. > > --charlie > > Charlie Farinella > Systems Administrator > Appropriate Solutions, Inc. > 1-603-924-6079 > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: What's the strategy for bad guys guessing a few ssh passwords?
"What's the point?" C'mon, Ted. You know better than that. The point is people with weak passwords. Remember the Dyn DDoS? That was brought on entirely by devices with default passwords. As is a RasPi attack I read about on Slashdot just this AM. Say 90% of servers/devices follow good security practices -- that still leaves 10% that are susceptible. I imagine even a 1% return would still get you a pretty sweet botnet. So, in my estimation at least, that is the point. $.02, -Ken On June 11, 2017 10:17:35 AM EDT, Ted Roche <tedro...@gmail.com> wrote: >For 36 hours now, one of my clients' servers has been logging ssh >login attempts from around the world, low volume, persistent, but more >frequent than usual. sshd is listening on a non-standard port, just to >minimize the garbage in the logs. > >A couple of attempts is normal; we've seen that for years. But this is >several each hour, and each hour an IP from a different country: >Belgium, Korea, Switzerland, Bangladesh, France, China, Germany, >Dallas, Greece. Usernames vary: root, mythtv, rheal, etc. > >There's several levels of defense in use: firewalls, intrusion >detection, log monitoring, etc, so each script gets a few guesses and >the IP is then rejected. > >In theory, the defenses should be sufficient, but I have a concern >that I'm missing their strategy here. It's not a DDOS, they are very >low volume. It will take them several millennia to guess enough >dictionary attack guesses to get through, so what's the point? > >-- >Ted Roche >Ted Roche & Associates, LLC >http://www.tedroche.com >___ >gnhlug-discuss mailing list >gnhlug-discuss@mail.gnhlug.org >http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Multiple default gateways.
Hey, all. This is something I've tried (and failed) to get working for time out of mind. Recently, I'd come to need it yet again -- this time in virtualland: I needed multiple NICs on the same VM able to respond to external queries, often off the same subnet. And I needed them responding via the NIC the query came in on. We'd been making this "work" by setting up lots of static host routes and stuff, but it still felt as hokey as it had in years past. Then someone on a BBS I'm on pasted this link: https://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/ I'd fooled around with policy based routing -- even bought a book! -- but it just never "clicked," and none of the examples I saw online (as, indeed, the page also proclaims) showed exactly how to do what I wanted to do. But now I have a VM with queries being responded to by the NIC the query comes in on. The stock default gateway still works for internally originated packets, but inbound packets are now "bound" to the NIC they come in on. And there was great rejoicing. (I just won $10 from myself that I've had hanging on my cube wall for two years.) Anyway... yeah. I'm happy. Thought others might find it useful, too. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Avahi/mdns resolution.
Yay, strace. I'm guessing people don't use Avahi for service discovery a whole bunch these days -- at least, on Ubuntu 16.04. (Which makes me wonder what people *do* use -- if anyone has a suggestion for service discovery on a network where *no* IPs are known in advance, I'm all ears.) Anyway: Strace output: connect(4, {sa_family=AF_LOCAL, sun_path="/var/run/avahi-daemon/socket"}, 110) = -1 EACCES (Permission denied) root@clients-1:~# ls -ald /var/run/avahi-daemon/ drwx-- 2 avahi avahi 80 Mar 27 05:35 /var/run/avahi-daemon/ root@clients-1:~# chmod 777 /var/run/avahi-daemon/ root@clients-1:~# ping kentest.local PING kentest.local (192.168.243.16) 56(84) bytes of data. 64 bytes from 192.168.243.16: icmp_seq=1 ttl=64 time=1.31 ms 64 bytes from 192.168.243.16: icmp_seq=2 ttl=64 time=0.742 ms Weird, I tells ya'. *wanders off to file a bug report* -Ken - On 2017-03-27 10:17, Ken D'Ambrosio wrote: > Hi, all. For service discovery on a cloud subnet, I'm trying to get > the > different VM's to resolve each other -- by strong preference, > seamlessly > -- via Avahi. And it works... kinda: > > root@clients-1:~# avahi-resolve -n -4 kentest.local > kentest.local 192.168.243.16 # This is a good thing > > > These, not so much good: > root@clients-1:~# ping kentest.local > ping: unknown host kentest.local > root@clients-1:~# host kentest.local > Host kentest.local not found: 3(NXDOMAIN) > > > Here's my pertinent nsswitch line: > hosts: files mdns4_minimal [NOTFOUND=return] dns > > > Since the daemon is clearly replying with correct info, I assume I'm > doing something wrong client-side (though as I've never done this > before, I guess it could still be a server-side issue). Any hints or > ideas? > > Thanks, > > -Ken > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Avahi/mdns resolution.
Hi, all. For service discovery on a cloud subnet, I'm trying to get the different VM's to resolve each other -- by strong preference, seamlessly -- via Avahi. And it works... kinda: root@clients-1:~# avahi-resolve -n -4 kentest.local kentest.local 192.168.243.16 # This is a good thing These, not so much good: root@clients-1:~# ping kentest.local ping: unknown host kentest.local root@clients-1:~# host kentest.local Host kentest.local not found: 3(NXDOMAIN) Here's my pertinent nsswitch line: hosts: files mdns4_minimal [NOTFOUND=return] dns Since the daemon is clearly replying with correct info, I assume I'm doing something wrong client-side (though as I've never done this before, I guess it could still be a server-side issue). Any hints or ideas? Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Traffic shaping.
On 2017-01-10 14:17, Joshua Judson Rosen wrote: > Well, that's the other thing that actually wasn't clear: > whether "an OpenVPN network" meant a multitude of OpenVPN clients > all connecting individually to a single server (N:1), > or a network that's being routed (or bridged) through a single > OpenVPN tunnel between local+remote OpenVPN nodes (1:1). > > If you need the N:1 case to work, I'll have to defer to > someone else who's actually familiar with QoS management. :\ And that's pretty much where I find myself. :) Thanks for kicking the tires!! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Traffic shaping.
On 2017-01-10 13:47, Joshua Judson Rosen wrote: > On 01/10/2017 01:28 PM, Ken D'Ambrosio wrote: >> Hey, all. I've got an OpenVPN network talking to a server at a remote >> site over the corporate WAN. (Reasons for this are complex, and I >> won't >> bore you with them, but please trust me that this setup was required >> "because IT.") Anyway, I'd like to throttle the bandwidth going both >> ways. Unfortunately, OpenVPN only throttles on the client side going >> one way, and not at all on the server side. > > Are you actually setting the OpenVPN shaper option on both the client > *and the server*, or only on the client? Apparently, irrelevant: it does not work on server: https://community.openvpn.net/openvpn/ticket/413 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Traffic shaping.
Hey, all. I've got an OpenVPN network talking to a server at a remote site over the corporate WAN. (Reasons for this are complex, and I won't bore you with them, but please trust me that this setup was required "because IT.") Anyway, I'd like to throttle the bandwidth going both ways. Unfortunately, OpenVPN only throttles on the client side going one way, and not at all on the server side. I'm trying to use "wondershaper", but it's failing miserably; if I set it to send at 4000 kpbs, it runs at 4000 kbps. If I set it to throttle at 4, my traffic suddenly jumps to 128000 kbps. "That's not right." Can someone give me the magic incantation for throttling egress on tun0? I've tried to pull from The Google, and have had spotty success (thus, the reason I'm trying wondershaper). Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Throttle everyone *except* one host.
Hey, all. I've got a geographically dispersed cloud -- the primary control nodes are in MA, but compute nodes in Ottawa and Texas. I'd like to throttle all traffic between the sites (said traffic goes through a single Linux host I'll call a "firewall," though "nexus" would be closer), EXCEPT for when they go to retrieve images, which reside on a single server. So, assuming (for simplicity's sake) that I have: | - compute1 | | - compute2 | - Ottawa/172.28.0.0/16 | - compute3 | | -- | eth0 | | | - Firewall | eth1 - 172.17.5.0/24 | -- | \ -- | control1 | | image | | control2 | | server | -- 172.17.5.9 172.17.5.10 172.17.5.8 how would I go about throttling all communications through the host (say, to 2 Mb/s), except for the image server? I'm afraid my iptables fu is not strong enough to figure this out with certitude -- which is something I'd really like to do, as someone's VM saturated our WAN uplink overnight, and I've got IT mad at me now, so playing whack-a-spike would be best to be avoided. Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Upstart issues with Ubuntu 14.04.
I believe Ubuntu is perhaps one of the lesser-used distros in GNHLUG land, but I'm hoping someone here might be able to offer some insight. I've got an Openstack install on Ubuntu 14.04 host systems, and after a hurricane-induced power outage over the weekend, one of our hosts won't boot -- it fails (seemingly) at loading an Openstack Neutron service. So, I figure I'll go into /etc/init.d/ and just chmod -x all the suspect services, see if it boots, and then manually load services. Not so much; that had zero apparent impact on the services loading. So then I did some reading up on Upstart, and found a whole bunch of places that the services *might* be loading from... none of which seemed to impact stuff. I currently have the host booted by some serious cheating (I pulled a disk, went to "manual repair mode" when it whined about not being able to mount devices, and loaded services from there -- it completely fails to boot single-user), but how in blazes do I: * See what services want to be loaded? * See *where* they get loaded? * Load them individually? I've found some of the services mentioned in /etc/init/, /etc/init.d/, /etc/systemd/system/multi-user.target.wants/, /lib/systemd/system/, /var/lib/systemd/deb-systemd-helper-enabled/ and /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ . I tried playing around with most (all?) of those locations, to no avail. Any insight into what I'm doing wrong would truly be most appreciated. Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: tech recruiters you like?
On 2016-09-01 14:39, Richard Kolb II wrote: > There's a GNHLUG jobs list? http://wiki.gnhlug.org/twiki2/bin/view/Www/MailingLists#Jobs_gnhlug_jobs > Richard Kolb II > > On Thu, Sep 1, 2016 at 2:27 PM, Ken D'Ambrosio <k...@jots.org> wrote: > > I've gotten one (1) job -- a contracting gig -- by way of a headhunter, clear > back in '91. Since then, I've left my name with a few headhunters, but have > gotten no good leads, and one headhunter flat-out tried to screw me over. (Or > lied. Or both.) Since I moved to NH in '93, I've gotten one job via Usenet, > and the remaining four by way of personal networking. I guess it's hard to > overstate just how important that is. One thing to consider is the GNHLUG > jobs list, which is how I got my most-recent[-1] job. > > -Ken > > On 2016-09-01 13:52, Arc Riley wrote: > My experience with recruiters is an extremely high signal:noise ratio. > Increasingly, recruiters (not company staff) are conducting phone interviews, > setting up on-site interviews themselves, and provide little to no > information on the actual position you're interviewing for. > I've had recruiters line up job interviews "that you're a perfect match for" > that turn out to be for .Net, Ruby, even one that was a windows sysadmin > position. I've also shown up for interviews which were not actually scheduled > (including Google, who flew me to NYC without actually scheduling the > interview) or shown up to find a waiting area full of applicants with staff > scrambling to conduct "speed dating" style 15 minute interviews. > After it all my recommendation is to mark any contact from a recruiter as > spam. To +1 previous advice on this thread, the best way to find a job is > going to meetups and making personal connections with employees. > > On Thu, Sep 1, 2016 at 11:41 AM, Richard Kolb II <richard.k...@gmail.com> > wrote: > > I would have to agree with the personal network comments. The last job that I > applied for, and got, was in 2003. I've had 3 jobs since then, and they've > all been through contacts from linkedin or a personal reference. > > Richard Kolb II > > On Wed, Aug 31, 2016 at 9:54 PM, Bill Ricker <bill.n1...@gmail.com> wrote: > The ones i liked retired. > > Outplacement firm i worked with most recently said % of jobs found > through personal network is growing. Getting hired as an internal > referral saves them the hassle of dealing with Monster or Zip or ... , > and is usually better per-screened by the referrer, for free. They > recommended strong use of LinkedIn to reconstruct who you used to know > so you can leverage their eyes and ears. > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] Links: -- [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: tech recruiters you like?
I've gotten one (1) job -- a contracting gig -- by way of a headhunter, clear back in '91. Since then, I've left my name with a few headhunters, but have gotten no good leads, and one headhunter flat-out tried to screw me over. (Or lied. Or both.) Since I moved to NH in '93, I've gotten one job via Usenet, and the remaining four by way of personal networking. I guess it's hard to overstate just how important that is. One thing to consider is the GNHLUG jobs list, which is how I got my most-recent[-1] job. -Ken On 2016-09-01 13:52, Arc Riley wrote: > My experience with recruiters is an extremely high signal:noise ratio. > Increasingly, recruiters (not company staff) are conducting phone interviews, > setting up on-site interviews themselves, and provide little to no > information on the actual position you're interviewing for. > > I've had recruiters line up job interviews "that you're a perfect match for" > that turn out to be for .Net, Ruby, even one that was a windows sysadmin > position. I've also shown up for interviews which were not actually scheduled > (including Google, who flew me to NYC without actually scheduling the > interview) or shown up to find a waiting area full of applicants with staff > scrambling to conduct "speed dating" style 15 minute interviews. > > After it all my recommendation is to mark any contact from a recruiter as > spam. To +1 previous advice on this thread, the best way to find a job is > going to meetups and making personal connections with employees. > > On Thu, Sep 1, 2016 at 11:41 AM, Richard Kolb II <richard.k...@gmail.com> > wrote: > > I would have to agree with the personal network comments. The last job that I > applied for, and got, was in 2003. I've had 3 jobs since then, and they've > all been through contacts from linkedin or a personal reference. > > Richard Kolb II > > On Wed, Aug 31, 2016 at 9:54 PM, Bill Ricker <bill.n1...@gmail.com> wrote: > The ones i liked retired. > > Outplacement firm i worked with most recently said % of jobs found > through personal network is growing. Getting hired as an internal > referral saves them the hassle of dealing with Monster or Zip or ... , > and is usually better per-screened by the referrer, for free. They > recommended strong use of LinkedIn to reconstruct who you used to know > so you can leverage their eyes and ears. > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] Links: -- [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
IPv6: it's probably about time I learned it.
But holy crow! Most of the books I find are either from Cisco (and, therefore, Cisco-centric), or at least a decade old, and I know that some things have changed along the road to actual adoption and implementation. Are there any resources that anyone can recommend -- electronic or dead tree -- that I should check out? Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Phone SPAM/SCAM
Since the Interwebs is never wrong, I tend to google phone numbers that annoy me. Here's the first hit for the one you gave: http://no-more-calls.com/276-258-0531/ Scam, indeed. On 2016-06-27 16:07, mad...@li.org wrote: > Hi, > > Received this on my answering machine. I do not know what type of > scam this is, but I called > the number using Skype and got what sounded like an East Indian voice > who asked for my "case number" and when I told them I did not have a > case number, they asked for my address > and zip code so they could tell me what they had been calling for. > > md > >> "Message. I need you or your retained attorney of records to return >> the call. >> The issue at hand is extremely time sensitive. My phone number is >> 276-258-0531. >> Do not disregard this message and do return the call. Now if you don't >> return >> the call and I don't hear from your attorney either then the only >> thing I can >> do is wish you a good luck as the situation totally unfolds on you. >> Goodbye." > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Amber screen?
f.lux appears to be abandonware; redshift totally did the job. I am so one of the cool kids now. (Get it? Get it?) Thanks for indulging me... -Ken On 2016-04-26 11:08, Dan Garthwaite wrote: > I'm a fan of f.lux and redshift (the linux equiv). > > Was he running vintage terminal emulator Cathode? > http://www.secretgeometry.com/apps/cathode/ [1] > > Looks like the glass screen of a VT420 (in my experience) and friends. > > https://www.jwz.org/images/cathode2.jpg [2] > > On Tue, Apr 26, 2016 at 10:53 AM, Ryan Stack <4kby...@zoho.com> wrote: > > Yes that's probably f.lux, it has OS X version. Great app. > > Sent using Zoho Mail [3] > > On Tue, 26 Apr 2016 07:45:21 -0700 Matt Minuti<matt.min...@gmail.com> > wrote > > My first thought was something like f.lux or twilight. Something to adjust > the color temperature. Is that about right? > On Apr 26, 2016 10:43 AM, "Ken D'Ambrosio" <k...@jots.org> wrote: > Okay, Stupid Geek Question Time. > > I'm at the Openstack Summit, and the room is awful dark. So I've got my > screen's backlighting down to minimum. But someone up a few rows -- > probably on a Mac, the heathen -- has his screen in WYSE/amber mode, as > far as I can tell. (Well, okay, so the stock WYSE didn't support > graphics. Work with me.) Anyway, that's really cool -- both from the > "wow, I love amber WYSE screens" perspective, and from a "let's not bug > the people sitting behind me" perspective. I've done some googling, and > haven't found anything of particular note, but I'm thinking if I could > somehow modify the color palette to just choose amber, I'd be in decent > shape. > > Anyone have any ideas on how to make this happen? Or should I give up > now and pay more attention to the keynote speaker? > > Thanks, > > -Ken > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] Links: -- [1] http://www.secretgeometry.com/apps/cathode/ [2] https://www.jwz.org/images/cathode2.jpg [3] https://www.zoho.com/mail/ [4] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Amber screen?
Okay, Stupid Geek Question Time. I'm at the Openstack Summit, and the room is awful dark. So I've got my screen's backlighting down to minimum. But someone up a few rows -- probably on a Mac, the heathen -- has his screen in WYSE/amber mode, as far as I can tell. (Well, okay, so the stock WYSE didn't support graphics. Work with me.) Anyway, that's really cool -- both from the "wow, I love amber WYSE screens" perspective, and from a "let's not bug the people sitting behind me" perspective. I've done some googling, and haven't found anything of particular note, but I'm thinking if I could somehow modify the color palette to just choose amber, I'd be in decent shape. Anyone have any ideas on how to make this happen? Or should I give up now and pay more attention to the keynote speaker? Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Mouse event problems
I've been bitten by bad mouse problems enough times that when I see symptoms like yours, it's pretty much my go-to. I had someone in England call me some time back, and could *NOT* figure out her problem. Finally had her wipe her machine and start over... and it was still there. Which is when I realized she was using an external, wireless mouse, and had her replace her batteries. D'oh. -Ken On 2016-03-29 15:25, Tyson Sawyer wrote: > On Mon, Mar 28, 2016 at 2:00 PM, Tyson Sawyer <ty...@j3.org> wrote: >> On Fri, Mar 25, 2016 at 1:44 PM, Ken D'Ambrosio <k...@jots.org> wrote: >>> That *VERY* much sounds like hardware. Like, a lot. >>> >>> 1) If it's a wireless mouse, change the batteries. >>> >>> If it's *not* wireless, disable the trackpad and switch to a >>> different >>> external mouse. Assuming the issue goes away (which I bet it will), >>> re-enable one, then the other, and see who's at fault. >> >> This is looking like the cause. > > I had originally considered and rejected that the problem was > hardware, and I think with good reason. > > ...the problem was hardware. I have replaced the track ball and the > problem is gone. > > Thanks! > Ty ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Mouse event problems
That *VERY* much sounds like hardware. Like, a lot. 1) If it's a wireless mouse, change the batteries. If it's *not* wireless, disable the trackpad and switch to a different external mouse. Assuming the issue goes away (which I bet it will), re-enable one, then the other, and see who's at fault. -Ken On 2016-03-25 11:37, Tyson Sawyer wrote: > I can't figure out what regexp to apply to the internet to find an > answer to this. I am running Mint Xfce 7.3 and it has been solid. > But the past few weeks I've run into a few problems that seemed to > come from nowhere. > > I'm finding that mouse events are getting messed up. The mouse > pointer and keyboard seem to always work. The mouse events do not. > Sometimes widgets do not respond to mouse-over or clicks. I've seen > occasional phantom responses in when I didn't click. I've seen > buttons "depress" when clicked, but there is no other response. It > will often start as specific windows or specific regions of windows > and or system menus. It quickly degrades to no mouse functionality > other than the pointer moving. I haven't seen that the track pad > behaves any different from the mouse. > > I can temporarily clear the problem by switching to a text console and > then back to X. > > I have tried different kernel versions, older and newer. The older > and current had been working fine. None of them work now. I've tried > a few varying from ~3.13 through 4.4.0. > > I tried installing Cinnamon to see if it was an Xfce thing, but the > behavior remained. > > I haven't found a error log that provides any hints. > > Any suggestions? If I can't clear this up, I'm going to have to try a > clean re-install which would be a major downer. > > Thanks! > Ty ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Boot-to-CLI distro?
Thanks for the suggestions, all. I tried to use the recommended SystemRescueCD, but the download was s-l-o-w... (for all I know, was my fault, but I didn't have 2+ hours to wait for it). Found this while googling for similar things: https://en.altlinux.org/Rescue [5] . Half the size, and downloaded in substantially less time (like, 15 minutes). Boots straight to console, but also has other options (e.g., memtest, rEFInd), and the console's a Debian variant, so I can apt-get to my heart's content. -Ken On 2016-02-17 14:45, Shawn O'Shea wrote: > +1 for system rescue cd. > > As far as other handy utility distros. If I'm just resizing a partition, I'll > do gparted live (Gui but goes straight to gparted partition editor) and if > imaging (backup/restore) then Clonezilla Live. > > http://gparted.org/livecd.php [1] > http://clonezilla.org/clonezilla-live.php [2] > > -Shawn > On Feb 17, 2016 2:15 PM, "Kyle Smith" <askr...@gmail.com> wrote: > > Check out SystemRescueCD[1], which I'm sure can be burned to a USB drive. > Boots to a shell and comes with a ton of recovery tools and scripts to assist > in getting a broken system operable. > > - Kyle > [1]: https://www.system-rescue-cd.org/SystemRescueCd_Homepage [3] > > On Wed, Feb 17, 2016 at 2:04 PM Ken D'Ambrosio <k...@jots.org> wrote: > > On 2016-02-17 13:49, Brian Chabot wrote: > In GRUB, boot to init 1, single user mode.' > > Which is great. If you catch it. And if it doesn't override you (as some live > install disks I've seen, do). Hell -- I'd be happy with the "rw > init=/bin/bash" bit for all I need, but even that, for example, isn't cutting > the mustard on one server I've got. I guess I could spin my own, but I > figured someone out there probably had a > stick-it-in-and-boot-to-CLI-no-interaction-needed option in their back > pocket. > > -Ken > > Brian Chabot > > On Wed, Feb 17, 2016 at 1:46 PM, Ken D'Ambrosio <k...@jots.org> wrote: > Hey, all. Many's the time I just want to go and fix something stupid -- > maybe wipe a disk, or edit a file -- and all I want is to be able to > stick in a USB stick and wind up at said CLI. But most distros these > days are GUI-based. And Ubuntu Server (say) boots to install, period, > which is an > extremely-stripped-down-to-the-point-of-useless-for-anything-other-than-install > CLI. > > Any middle ground someone could recommend? > > Thanks! > > -Ken > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [4] Links: -- [1] http://gparted.org/livecd.php [2] http://clonezilla.org/clonezilla-live.php [3] https://www.system-rescue-cd.org/SystemRescueCd_Homepage [4] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [5] https://en.altlinux.org/Rescue ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Boot-to-CLI distro?
On 2016-02-17 13:49, Brian Chabot wrote: > In GRUB, boot to init 1, single user mode.' Which is great. If you catch it. And if it doesn't override you (as some live install disks I've seen, do). Hell -- I'd be happy with the "rw init=/bin/bash" bit for all I need, but even that, for example, isn't cutting the mustard on one server I've got. I guess I could spin my own, but I figured someone out there probably had a stick-it-in-and-boot-to-CLI-no-interaction-needed option in their back pocket. -Ken > Brian Chabot > > On Wed, Feb 17, 2016 at 1:46 PM, Ken D'Ambrosio <k...@jots.org> wrote: > >> Hey, all. Many's the time I just want to go and fix something stupid -- >> maybe wipe a disk, or edit a file -- and all I want is to be able to >> stick in a USB stick and wind up at said CLI. But most distros these >> days are GUI-based. And Ubuntu Server (say) boots to install, period, >> which is an >> extremely-stripped-down-to-the-point-of-useless-for-anything-other-than-install >> CLI. >> >> Any middle ground someone could recommend? >> >> Thanks! >> >> -Ken >> ___ >> gnhlug-discuss mailing list >> gnhlug-discuss@mail.gnhlug.org >> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] Links: -- [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Boot-to-CLI distro?
Hey, all. Many's the time I just want to go and fix something stupid -- maybe wipe a disk, or edit a file -- and all I want is to be able to stick in a USB stick and wind up at said CLI. But most distros these days are GUI-based. And Ubuntu Server (say) boots to install, period, which is an extremely-stripped-down-to-the-point-of-useless-for-anything-other-than-install CLI. Any middle ground someone could recommend? Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
iptables confusion.
Every time I think I'm getting to the point where I might understand IP Tables, I do something that proves that, no, I really don't. Today's confusion: I want to set up a virtual NIC to do port forwarding. But first, I wanted to get the port forward part of the equation straight. So I wound up executing these commands: iptables -t nat -A PREROUTING -p tcp --dport 8774 -j DNAT --to 172.23.242.39:8774 iptables -A FORWARD -d 172.23.242.39 -p tcp --dport 8774 -j ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE Worked great. I then did an "ifconfig eth0:1 172.23.9.139 netmask 255.255.255.0" to see if I could telnet to port 8774 on it. I could. So then I did "iptables --flush", and it did. When I type "iptables --list", I now get: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Terrific. Pretty much what I expected. Telnetting to port 8774 on eth0 fails, as expected... but telnetting to port 8774 on the virtual works great. I even fired up Firefox to make sure, and youbetchya, it's interacting with the remote server. Why? -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
[Spam: found @jots.org] Re: [Spam: found @jots.org] Re: Some of you may be interested in signing an H-1B related petition
On 2016-01-26 17:36, David Hardy wrote: > I sincerely hope it's not just Disney that gets sued, however; plenty of > other corporate malefactors and government enablers. In other articles I read, it was clear that not only was Disney being sued, but so were the contracting firms, themselves. Ah, here we go: http://www.seattletimes.com/business/lawsuits-claim-disney-colluded-to-replace-us-workers-with-immigrants/ [8] (For some reason, the original story, at the Times, is now a borken link. Go figger.) -Ken > On Tue, Jan 26, 2016 at 5:28 PM, Greg Kettmann <g...@kettmann.com> wrote: > > I'm sure many of us read Slashdot. At any rate, perhaps there's hope from the > legal system. > > Disney IT Workers Allege Conspiracy In Layoffs, File Lawsuits [1] > dcblogs [2] writes with the latest in the laid off Disney IT worker saga [3]. > According to ComputerWorld: "Disney IT workers laid off a year ago this month > are now accusing the company and the outsourcing firms it hired of engaging > in a 'conspiracy to displace U.S. workers [4].' The allegations are part of > two lawsuits filed in federal court in Florida on Monday. Between 200 and 300 > Disney IT workers were laid off in January 2015. Some of the workers had to > train their foreign replacements -- workers on H-1B visas -- as a condition > of severance. The lawsuits represent what may be a new approach in the attack > on the use of H-1B workers to replace U.S. workers. They allege violations of > the Federal Racketeer Influenced and Corrupt Organizations Act (RICO), > claiming that the nature of the employment of the H-1B workers was > misrepresented, and that Disney and the contractors knew the ultimate intent > was to replace U.S. workers with lower paid H-1B > > On 1/26/2016 12:23 PM, Richard Kolb II wrote: > > I will sign that, I will also add that I am a SW Engineer with 16 years of > experience, I've been laid off twice in that least few years, both times my > job being outsourced to India. I also think that we're not going to get much > traction, for the same reasons that David mentioned. > > On a side note, my father was also working for IBM around the time they > started outsourcing his job he took an early retirement. > > Rich > > Richard Kolb II > > On Mon, Jan 25, 2016 at 11:46 PM, David Hardy <belovedbold...@gmail.com> > wrote: > > The malice-aforethought intent, in my opinion, is to actually put American > citizens out of work; I was laid off over two years ago from IBM and our jobs > were offshored to India and Slovakia. Unemployed ever since, other than > occasional contract and temp gigs, despite twenty years of solid IT > experience across multiple hw and sw platforms, most recently RHEL and > CentOS. > > And the government is evidently in bed with the corporations who engage in > this practice. Asking them to investigate is like unto asking the police to > investigate one of their seemingly endless brutality and/or civil rights > violations. > > "The petition is directed at U.S. Attorney General Loretta Lynch and asks her > to launch a formal investigation into the H-1B visa program." - See more at: > http://insight.ieeeusa.org/insight/content/policy/255071#sthash.SWgEL8YT.dpuf > [5] > > Somehow I don't feel confident that the AG's office will lift a finger for > us, other than the usual mealy-mouthed PR platitudes and corporate-written > bromides. > > Meanwhile they keep telling us how hard it is to find qualified American > workers to do these incredibly complex and intricate jobs. > > On Mon, Jan 25, 2016 at 11:57 AM, Bill Freeman <ke1g...@gmail.com> wrote: > > IEEE has an article here about abuse of the H-1B visa, putting citizens out > of work. It links to a petition asking the government to investigate. > > See the article here: > http://insight.ieeeusa.org/insight/content/policy/255071 [6] > > Bill > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [7] > > -- > > Sent from whatever machine I might be on right now. > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [7] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.orghttp://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [7] - [9] This email has been checked for viruses by Avast antivirus software. www.avast.com [9] ___ gnhlug-discuss mailing
Re: Bill Sconce
Oh, what terrible news! I still remember him for being a part of one of my daughter's high points: when she was six or so, she was completely fascinated with airplanes, so my wife -- ever the social organizer -- got a party for her down at a hanger at the Nashua airport, and the kids got to go up in pairs in a plane. Not having been aware of Bill's aviation angle, I was completely surprised to find him there, and we had a most enjoyable chat. An absolute blast was had by all; the kids loved all the plane stuff, and (I hope/think that) the staff enjoyed the kids with their wide-eyed awe. Thanks, Maddog, for keeping us in touch on this. He will be missed. -Ken On 2016-01-05 10:47, mad...@li.org wrote: > GNHLUG family, > > A couple of days ago I wrote to tell you that the prognosis for Bill > was looking better. Unfortunately that does not seem to be the case. > The prognosis is that Bill will never regain consciousness. Following > Bill's wishes, life support was removed and although Bill is breathing > on his own, the doctors feel death is near. > > Janet Levy, Bill's wife, has said her "good-byes" to him, as I feel we > all must start to do. > > If I hear anything about funeral services or requests from Janet I > will pass them on to you. > > Warmest regards, > > maddog > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
4K Linux video cards?
Hey, all. 4K TVs/monitors are really dropping in price. Monoprice has a 28 for $400... which really starts being tempting. But I have no idea what card to drive it with. I do *NOT* game; if it can move windows around, I'm rocking. If I can play TuxRacer, my video experience is complete. So: any suggestions on a card to get? The easier/more compatible it is with Linux, the happier I am. Cheap is nice, too, but compatible is really at the top of my list. Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Mailman update?
Hey! If we're getting the boot and going to do a migration, now might be the time to recommend a Mailman update. I've heard that Mailman 3.0 is a vast improvement (https://lwn.net/Articles/638090/); given that not five minutes ago it was suggested to me that the GNHLUG subscription page looks in need of a bit of updating, perhaps that's something that could be part of the migration? And, while I'm graciously tossing work Ben's way: * If there's anything I can do to help out, please lemme know, and * I'd be more than happy to kick in $50 or something to help pay for a virtual. Just lemme know who to cut the check out to. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
BIND t-shooting?
Okay, it's time for true confessions: I kinda suck at BIND; I'd been using other DNS servers for years, and JUST rolled out my own BIND on two different servers recently... and it's working great. But I also just got two *other* servers with BIND installed by Ubuntu. Doing local lookups fine on its own domain, but when it goes to do a query upstream against 8.8.8.8 (Google), it can take *FOREVER*. I've had repeated requests for yahoo.com fail for over two minutes; I haven't had any requests succeed in under 15 seconds. Any pointers on what I should be looking for? Afraid Google is kinda failing me. Thanks! -Ken P.S. A tcpdump shows me that the IPv4 reply is essentially instantaneous, but then -- even though I didn't ask for IPv6 -- the reply comes back much later. I've tried everything I can find to disable IPv6 (both in-kernel and in the named.conf file), to no avail. I don't know if this is relevant to my issue or not. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Self-signed cert and Pidgin.
Hey, all. I've got a cert that has two problems with it: 1) It's self-signed, and 2) Its associated with a hostname that's inaccessible externally; the *service* is accessible externally, but through port forwarding. To work around #2, I set up an /etc/hosts entry; based on what I understand about SSL (or *think* I understand; I'm pretty hazy on certain parts), that should be okay. But #1 seems to be an issue. When I try to fire up Pidgin, here's what I get: - Unable to validate certificate The certificate for foo.com could not be validated. The certificate chain presented is invalid. - I've googled until I'm blue in the face, tried to toggle the various features in the advanced tab in Pidgin's XMMP settings, tried to copy the PEM file everywhere and running various update-ca-certificates commands, etc., to no avail. (Truly, it astonishes me that there's no accept the damn cert, already feature, but not sure what's to be done about that.) Anyone have this issue? Any suggestions on a work-around? The surprising thing is that this is relatively new; my home machine works fine. I almost wonder if it's an Ubuntu feature, as my Mint system seems happy enough -- maybe something's been updated in SSL or somesuch, and it hasn't percolated to Mint yet. Though as I haven't done a new Mint install, even that's pure speculation on my part. Thanks for any insights... -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Web-based photo/video album?
Hey, all. It's the holidays, and I've decided it's time for me to get my family stuff organized. I've used Gallery (http://galleryproject.org/) before, but it looks like it's gone into moribund mode -- and, honesty, the format was great back in Web 1.0 days, but lacked the nifty interaction you get with newer stuff. I've seen some that look decent, but don't appear to support videos. Wondering if anyone had any suggestions of applications that support both? Thanks (and may TuxSanta be good to you), -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Stupid vanity question.
So. I recently underwent a technology refresh at work, and opted -- gad-zooks -- for a Mac, because it had substantially better specs (e.g., 16 GB RAM vs. 8 GB). Needless to say, I immediately installed Linux on it. I'm heading to Philly next week for a meeting, though, and would truly like to let it be unambiguously known that I'm running the premiere FOSS OS, and not OS X. Which brings me to stickers. Does anyone know of a store or somesuch where I could grab, say, a Tux sticker? Failing that, I'd be willing to settle for Debian, or one of its variants (Ubuntu, Mint). (Yeah, I've got some on order, but they ain't here yet.) Thanks for understanding my rather pitiful form of rebellion; back when I wore ties, I'd just wear my Tux tie and companion shirt (all hail Think Geek, c. 2000), and be done with it, but we're a fair bit less formal. -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
E-reader web-based back-end?
Hey, all. I'll admit it: I like to read. And while my Kobo is awesome, sometimes, I have books I acquired outside of the Kobo ecosystem. And it's annoying trying to read from one device to the other, and always having to find my page, copy files, etc. Is there a web-based back-end for non-DRM'd ebook reading? Shockingly (not), gooling e-reader Linux gets me lots of ways to read *from* Linux, but not to use Linux as a back-end. Thanks for any pointers! -Ken P.S. Looking for ebook, mobi and PDF support, if beggars have the option of being choosers. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Kicking the tires on Kubuntu...
Sooo... trying my hand at KDE for the first time in quite a while. And, actually, really liking it -- they even have the cube virtual desktop! Bt... one thing I don't like: when I get IMs in Telepathy, it doesn't automatically open a new tab. I get a *LOT* of IMs, so having a visual tell-tale of who's IM'd, instead of having to go through the notifications list, would be really helpful. Anyone know how to make that happen? Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: GRUB, ISO, and remote boot.
Got it all working... almost. I got the *boot* going just ducky, but then it turned out that there were menu options invoking kickstarter configurations, and that's when it went from a wouldn't it be a nifty little timesaver if... to I'll have to document the snot out of this and write support scripts, and we'll likely be deprecating the hardware soonish, anyway. So I'm dropping my effort. That being said, this page was invaluable: https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt (Which, of course, is also on-disk for anyone with the kernel source. Somewhat sadly, I haven't done a kernel compile since btrfs got added to mainline. All the features I want... are already in $DISTRO's kernel. No more kernel patches for UIDs 2^16; no more patches for ACLs; no more patches for Asterix hardware drivers, etc. I fondly remember driving home with my IBM Thinkpad 701C churning away on my pretty-much-daily kernel compile.) Thanks for the help, all! -Ken On 2014-10-24 11:38, Matt Minuti wrote: Perhaps you could take a look at how netinstall images work, for debian for instance. Or maybe you can take something out of this project: http://i.cs.hku.hk/~clwang/projects/slimwebpages/index.html [2] On Oct 24, 2014 9:34 AM, Tom Buskey t...@buskey.name wrote: You can create a custom kickstart that pulls everything over via NFS, FTP or HTTP maybe even iSCSI. But you'd need some kind of initial boot to get to that point. Either a DVD/USB/PXE that loads the initial part then mounts the rest over the net does the install. You might want to look at iPXE, coreboot and seabios. I've also seen stuff on creating a DHCP/DNS proxy for gPXE boots when you don't control the DHCP network in the OpenStack community. Maybe it was Foreman? On Thu, Oct 23, 2014 at 7:13 PM, Ben Scott dragonh...@gmail.com wrote: On Thu, Oct 23, 2014 at 6:58 PM, Ken D'Ambrosio k...@jots.org wrote: I know that GRUB can't, by itself, remote boot a live-boot ISO (it needs some help from the ISO, itself, which won't be the case, here). But I also am almost sure I can 1) Mount the ISO on a remote system (and export it) This is just NFS, and (I presume) well understood. 2) pull specific files from the ISO, and use them to create a GRUB entry, which then Generally speaking, GRUB loads a kernel (and optionally, an initrd) from image file(s) on disk, and then boots the kernel. If you can find the equivalent files somewhere in the ISO image, that should do it, I would think. 3) boots up with the files pulled from the ISO, then accesses the remote system's exported ISO for the final boot process. This may be tricky. Generically, what you're doing is just a diskless workstation, an idea several decades old in the nix world. You just mount your root filesystem over NFS and bam! -- you're off and running. However, the kernel provided by your live boot distribution may not be set-up to support an NFS root. If it doesn't, you'll likely have to rebuild the kernel and/or initrd -- a non-trivial task, I expect. Trying to make this happen so that I can access remote hosts over a terminal server and do remote installs without having to have someone lug around a DVD and drive. Is USB flash drive an option? It appears to be relatively easy to copy an ISO image file onto a USB flash drive, and then make the system boot from the USB flash drive, using the ISO image file as if it were an optical disc. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] Links: -- [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [2] http://i.cs.hku.hk/~clwang/projects/slimwebpages/index.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
GRUB, ISO, and remote boot.
I know that GRUB can't, by itself, remote boot a live-boot ISO (it needs some help from the ISO, itself, which won't be the case, here). But I also am almost sure I can 1) Mount the ISO on a remote system (and export it) 2) pull specific files from the ISO, and use them to create a GRUB entry, which then 3) boots up with the files pulled from the ISO, then accesses the remote system's exported ISO for the final boot process. Does anyone know which files need to be pulled for this, and/or how to create the corresponding GRUB entry? Trying to make this happen so that I can access remote hosts over a terminal server and do remote installs without having to have someone lug around a DVD and drive. Thanks! -Ken P.S. Yes, I know all about PXE (which I can't use -- not only doesn't the hardware support it, but I have no control over DHCP at the remote sites), and also nifty things like HP's iLO supporting virtual network-based media, which, alas, is *also* not applicable here. Wish that it were. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
DNS fun: forward for one domain?
Caveat: I'm a pretty good sysadmin, but DNS is one of my blind spots. If I use incorrect terminology, please try to read for intent. /whiney-assed attempt to explain this gaping hole in my knowledge Hi -- using BIND, I'm trying to forward DNS queries for one (internal) domain... well, internally. But it's not one I'm hosting, so I can't be the master for it. All other queries, I want handled normally. I've Googled/played around with various options parameters, but can't seem to find the right magic sauce sequence. Any pointers? Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Attention, graying geeks: Send me your BASIC memories, as the language turns 50 -- David Brooks
On 2014-04-10 22:52, Curt Howland wrote: On Thu, Apr 10, 2014 at 7:07 PM, David Hardy belovedbold...@gmail.com wrote: ...while blindfolded because IT security had it as a secret route. Too bad I don't live in Nashua. I learned basic from a book, Basic BASIC, a year before I had my first computer. I hear e-mail traverses regional boundaries. Of course, if submitted via RFC 6214's transport protocol, you'd better start soon... (I learned BASIC on an Atari 2600. No, really -- using one of these... OH MY GOD IT WAS WITH THIS EXACTLY: http://www.youtube.com/watch?v=SFo6nmVjCg4 . Truly, the Internet is an amazing invention. Of course, the keyboard doesn't have the alpha overlays I had, but you get the idea.) ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Btrfs -- awesome, or... well, awesome?
On 2014-03-26 09:46, Jerry Feldman wrote: currently mirrored under RAID1 to a single BTRFS volume in August when Fedora 21 is released. I'm just looking for a good reason NOT to use BTRFS. Honestly? If you're not anxious to roll with it, you might want to hold off a bit. SuSE has announced that they're going with it as their default FS for the next release, in November, and I have to imagine that there will be some shakeout after that occurs. http://www.phoronix.com/scan.php?page=news_itempx=MTYzNjA I *do* think it probably is more-or-less ready, but we all know what happens when something goes from a relatively small userbase to a suddenly much larger one. $.02, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux-friendly USB 802.11n
Gah. Someone pointed out to me that I goofed on the micro-URLization. Here's the *correct* tinyurl: http://tinyurl.com/l4guh9r And, just to be on the safe side, the not-tiny URL, stripped of the unnecessary extra stuff sites love to throw on: http://www.newegg.com/Product/Product.aspx?Item=N82E16833389004 Sadly, in the interim, they've bumped the price a penny, and there's now $4.99 in SH. (Or I read the page wrong -- always possible. I'd ordered several things together, so I wasn't paying as much attention to SH as I might have normally.) -Ken On 2014-03-16 08:36, virgins...@vfemail.net wrote: I'm looking for a Linux-friendly 802.11n (Wireless N) USB adapter. By Linux-friendly, I mean I'm looking for one that will work with in-kernel drivers (no separate module to compile install), without funky compatability layers (like NDIS wrapper), doesn't require extra firmware, and is free/open source. Funny you should ask. I was asking myself *the exact same question* last week. I bought myself one of these: http://hardkernel.com/main/main.php . And, while it does come pre-loaded with Ubuntu, I wasn't taking bets on proprietary drivers, etc., making the transition to ARM-land. I Googled around, to no (real) avail, and finally decided to take the plunge with the cheapest one I could find on NewEgg: . (My rationalization being two-fold: it was cheap, so no huge loss if it didn't work, and cheap usually means commoditized, so I was hoping it it would be a common, developed-for chipset.) I plugged it in, and lo! Immediately recognized. Very shortly thereafter, I was online. Until I saw your e-mail, though, I was content enough that it was working to not delve into whether I'd found the holy grail, or merely a reasonable facsimile. However, I just looked at my modules, and it's using usbnet and smsc95xx, both of which are in the stock Linux kernel, so I think it's the way to fly. $9.99 and free shipping, and it's yours. -Ken P.S. Of course, I make no guarantees as to whether or not it works for *YOU*, but it seems like a decent choice. Make sure you have smsc95xx.ko, and you're probably safe. Likewise, thus-far I've only used it in the same room as the WAP, so I can't swear as to its throughput, range, etc. /weaselly worded disclaimer ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Linux-friendly USB 802.11n
On 2014-03-16 08:36, virgins...@vfemail.net wrote: I'm looking for a Linux-friendly 802.11n (Wireless N) USB adapter. By Linux-friendly, I mean I'm looking for one that will work with in-kernel drivers (no separate module to compile install), without funky compatability layers (like NDIS wrapper), doesn't require extra firmware, and is free/open source. Funny you should ask. I was asking myself *the exact same question* last week. I bought myself one of these: http://hardkernel.com/main/main.php . And, while it does come pre-loaded with Ubuntu, I wasn't taking bets on proprietary drivers, etc., making the transition to ARM-land. I Googled around, to no (real) avail, and finally decided to take the plunge with the cheapest one I could find on NewEgg: http://tinyurl.sys.comcast.net/ruxhqD . (My rationalization being two-fold: it was cheap, so no huge loss if it didn't work, and cheap usually means commoditized, so I was hoping it it would be a common, developed-for chipset.) I plugged it in, and lo! Immediately recognized. Very shortly thereafter, I was online. Until I saw your e-mail, though, I was content enough that it was working to not delve into whether I'd found the holy grail, or merely a reasonable facsimile. However, I just looked at my modules, and it's using usbnet and smsc95xx, both of which are in the stock Linux kernel, so I think it's the way to fly. $9.99 and free shipping, and it's yours. -Ken P.S. Of course, I make no guarantees as to whether or not it works for *YOU*, but it seems like a decent choice. Make sure you have smsc95xx.ko, and you're probably safe. Likewise, thus-far I've only used it in the same room as the WAP, so I can't swear as to its throughput, range, etc. /weaselly worded disclaimer ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: su: cannot set user id: Resource temporarily unavailable
On 2014-03-10 10:05, Brian Chabot wrote: I'm trying to su to a user on a CentOS 6.4 x86_64 box and get the error in the subject: [user1@cent6.4box ~]$ sudo su - user2 su: cannot set user id: Resource temporarily unavailable [user1@cent6.4box ~]$ This is where, when desperate, I whip out strace: strace -s 1024 -f -o /tmp/sudo_strace.log sudo su - user2 This will generate a logfile with all the system calls made by the command; it takes some practice to parse strace output reliably, as there are a bunch of red herrings, e.g., 3490 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory) Which is another way of saying The file /etc/ld.so.preload doesn't exist -- though it may or may not be optional. I would dive into the bottom of the log file, then search backward for your error string; from that, I'd look backward for something that *isn't* a red herring. strace is a wonderful tool, but it's a bit like a sledgehammer for flyswatting, and I only break it out when I'm completely stumped. Good luck! -Ken The limits.conf file has the following entries: * soft nofile 10 * hard nofile 10 * soft nproc 8192 * hard nproc 32767 The current usage for pengine is: [user1@cent6.4box ~]$ ps -eLF | grep user2 | wc -l 1108 [user1@cent6.4box ~]$ lsof | grep user2 | wc -l 1558 [user1@cent6.4box ~]$ While these are the majority of the processes and files in use on the system, they are nowhere near the limits. I even increased the limits 10-fold and that has not worked. I'm kind of lost here. Usually the error indicates files or processes over the limit but here... not so much. Any ideas? Brian Chabot ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Btrfs -- awesome, or... well, awesome?
Okay, so my bias is showing a little. And, yeah, I've even lost data to it -- but that's kinda what happens when you play with alpha releases of filesystems. That being said, while nobody would be dumb enough to call it stable yet (stable filesystem is a journey, not a destination), it's a fair ways along that road. So Linux Weekly News (the *best* hard-Linux news site in existence, IMNSHO) did a series: http://lwn.net/Articles/576276/ Enjoy! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Linux Weekly News (was Btrfs -- awesome, or... well, awesome?)
On 2014-02-21 17:23, David Hardy wrote: Just subscribed [to LWN]; looks very good and very interesting. Thanks for the tip. The pleasure is mine. Every couple of years, I'd zip an e-mail off to the list reminding/informing folks of how cool LWN is. But maybe it's time for another go. Linux Weekly News started out back in '98 (or even earlier if you include their initial attempts at being a Red Hat support shop). It's pretty much run by Jon Corbet who, in addition to being a really good and entertaining writer, also is a kernel hacker. While I will never, not ever, be a kernel hacker, his weekly kernel column is my primary reason for subscribing -- indeed, it's where I first found out about btrfs, as well as any other of a huge number of things. That, and he digs in *deep*. He's also managed to hire on a handful of other folks who do a darn good job writing as well. I really enjoy his wry sense of humor and ability to slice through the latest kernel flamewar and show what's actually going on from a technological perspective. This isn't to say that LWN doesn't have other stuff to offer -- it does: weekly columns include security, distributions, development, and announcements. He also often gets the authors of new and exciting projects to author articles describing same. If the name Alan Cox rings a bell, here's a fun snippet I've enjoyed: http://linux.derkeiler.com/Mailing-Lists/Kernel/2007-08/msg01778.html -- look at his last paragraph. While LWN does charge for the current copy (at rates ranging from $3.50/week (the starving hacker rate) to $600/year (maniacal supporter)), in the spirit of FOSS, after a week, everything is free to read. Lastly, the signal:noise ratio in their forums is perhaps the best of any web-based forum with which I'm familiar. Bottom line: if you want solid, technical news about this list's favorite operating system, I can't recommend it strongly enough. Go check it out, and enjoy! http://www.lwn.net -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
USB video?
Hey, all. I'm considering getting a teeny little system (http://tinyurl.com/q4a6pv6) for home use to replace my laptop -- sadly, I find that 4 GB that's on my laptop just isn't cutting it these days, and I'll need to make the jump to 8 GB. (Isn't that 1024 times what I had on my first Slackware install? Sheesh.) Anyway, I really like the two monitor thing I have going with the laptop, and the one thing that the Intel box doesn't have is a VGA port. Does anyone have any experience with USB video adapters under *nix? Any suggestions? Thanks... ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: USB video?
On 2014-02-04 12:22, Brian St. Pierre wrote: [...] That listing shows HDMI and mini displayport. E... wow. Thanks! I've never even heard (or, at least, noticed) about displayport before; that's a new connector for me to file away. And, clearly, the optimal way to fly; I've always felt that video-over-USB was a pretty hack solution (though I suppose USB 3.0 might make it marginally less hack-ish). Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: SSH timeout on password challenge.
GAH. I googled for that to no avail. Should have just read the damn manpage. Thank you! Chris Linstid clins...@gmail.com wrote: Oops, forgot to reply to all. - Chris On Jan 27, 2014 10:44 AM, Chris Linstid clins...@gmail.com wrote: If I'm understanding this correctly, it sounds like you just want the ssh command to fail if you're presented with a password challenge? If that's the case, then you can just add -o PasswordAuthentication=no and the ssh call should fail when it can't use one of the other auth methods. - Chris On Jan 27, 2014 10:23 AM, Ken D'Ambrosio k...@jots.org wrote: Hey, all. I'm scripting stuff to a zillion (ballpark) servers, and ones that are up, but haven't been fully deployed (i.e., don't yet have ssh keys) password challenge me. While there *is* an ssh timeout option, it's my understanding that that's for when a connection fails to establish, NOT for when a password challenge happens. My script is using the timeout command: timeout 5 ssh -n $host 'blahblahblah' but that seems to not be doing the trick. Since my script *does* (eventually) e-mail out, I assume it's working... but I've been staring at it sitting at this one host password challenge for over 20 min., now. Even if it eventually times out, it ain't exactly optimal. Any bright ideas on how to do this gracefully? Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
SSH timeout on password challenge.
Hey, all. I'm scripting stuff to a zillion (ballpark) servers, and ones that are up, but haven't been fully deployed (i.e., don't yet have ssh keys) password challenge me. While there *is* an ssh timeout option, it's my understanding that that's for when a connection fails to establish, NOT for when a password challenge happens. My script is using the timeout command: timeout 5 ssh -n $host 'blahblahblah' but that seems to not be doing the trick. Since my script *does* (eventually) e-mail out, I assume it's working... but I've been staring at it sitting at this one host password challenge for over 20 min., now. Even if it eventually times out, it ain't exactly optimal. Any bright ideas on how to do this gracefully? Thanks! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: What are you doing for home NAS?
On 2013-12-30 09:41, John Abreau wrote: After trying FreeNAS, I'd no longer consider the consumer-level drives such the MyBook Live as serious options. I think this stance is a little overly cautious; there is data showing that consumer drives don't fail at rates significantly different than server-grade drives -- e.g., http://blog.backblaze.com/2013/12/04/enterprise-drive-reliability/ (though I also remember studies done on significantly larger datasets a couple years ago, but they aren't leaping at me from Google). What I *have* found to be troublesome is that some RAID solutions don't handle drives that spin down very well. For this reason, I tend to either go with server-grade drives, or really do my homework, and find drives that work with the solution (e.g., 3Ware has -- or, at least, had -- an approved hardware list that I find useful). But I think that, with a suitable amount of caution, there's money to be saved here without loss of functionality or increased risk of data loss. $.02, -Ken P.S. One thing I should add here, just from a hoo-boy-did-I-stub-my-toe perspective: as a rule, I usually have my arrays use just a letle bit less than the whole disk. I had a large RAID-5 array once, and one of the drives failed. I got it RMA'd *with the same model number* from the manufacturer... and it was one sector smaller. THAT was annoying. On Mon, Dec 30, 2013 at 9:05 AM, Mark Komarinski mkomarin...@wayga.org wrote: On 12/30/2013 1:00 AM, John Abreau wrote: I tried a couple cheaper options such as the WD MyBook Live network drive, but I wasn't really satisfied with them, They were slow to access, slow to spin up when inactive, and had serious performance issues when more than one process was accessing them over NFS, which was the only filesharing option I used. They contained just a single drive, which means no raid-1 safety net when the disk starts to go bad. After getting burned by non-NAS drives in a RAID 5 array, I'm going RAID 1 for home use from now on. Then I picked up an HP N40L mini cube server and installed FreeNAS on it, on a usb thumb drive that I plugged into the internal USB port on the motherboard. It was the first NAS I've tried at home that I was happy with.Performance is much better, even with multiple processes accessing the unit, and large file copies both to and from the unit seem to complete more quickly. Ooh. I forgot about that little guy. Replacement for is seems to be the N54L. Fits 4 drives, might just get 2x4TB and leave the other two for future expansion. I'm currently using two of the four drive slots with a pair of 2gb drives, configured with ZFS as a raid-1 mirror set. To properly support ZFS, I followed the recommendations in the HOWTO I found online and maxed out the RAM at 8 GB. It's been a couple years since I set it up, so I imagine there's a newer model available by now that will accept larger drives and more RAM. After trying FreeNAS, I'd no longer consider the Err, you cut off there... -Mark ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] -- John Abreau / Executive Director, Boston Linux Unix Email j...@blu.org / WWW http://www.abreau.net [2] / 2013 PGP-Key-ID 0x920063C6 2013 / ID 0x920063C6 / FP A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 2011 / ID 0x32A492D8 / FP 7834 AEC2 EFA3 565C A4B6 9BA4 0ACB AD85 32A4 92D8 Links: -- [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [2] http://www.abreau.net ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Mother of all xterms?
On 2013-05-23 16:36, Tom Buskey wrote: I think this is the 1st time I ever saw Low Ram use and emacs (Eight Megabytes And Constantly Swapping) in the same paragraph. From the JOKES file (or http://www.gnu.org/fun/jokes/ed-msg.html), one of my favorites: -- And ed doesn't waste space on my Timex Sinclair. Just look: -rwxr-xr-x 1 root 24 Oct 29 1929 /bin/ed -rwxr-xr-t 4 root 1310720 Jan 1 1970 /usr/ucb/vi -rwxr-xr-x 1 root 5.89824e37 Oct 22 1990 /usr/bin/emacs On Thu, May 23, 2013 at 4:11 PM, Bill Freeman ke1g...@gmail.com wrote: On Thu, May 23, 2013 at 3:58 PM, Tom Buskey t...@buskey.name wrote: Back in the day, running telnet inside emacs was faster than in xterm because of emacs' terminal optimization. Important when you shared a 56k link. Or 2400 baud modems. Honestly, I'm at the point I just want low ram use, scroll back lots of lines, emulate vt100 with line drawing and increase/shrink font size quickly. Oh, and installed on all the Unixen I use. Low RAM use? Then you want emacs. No matter how many terminals you need you only need one emacs. And you don't have to start any of those pesky vim instances either - you get file editing for free!!! Or are we talking PDP-11/20 class low RAM use? (Wink, wink, nudge, nudge.) ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ [1] Links: -- [1] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Mother of all xterms?
Hey, all -- I've gotten quite used to gnome-terminal and konsole, and they both work, but I admit I have a little bit of iterm2 (for the Mac) envy -- e.g., being able to search back through the log to a specific timestamp. Handy, that. So, my question, really, is is there a really cool terminal program out there with lots of bells and whistles? It'd be fun to kick the tires on something new. Thanks, -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: FREE - Dr. Dobbs 1980-1984 plus Volume 1 Number 2
Mememe! I love the old computer mags. Was woo sad when my dad tossed the old Computer Shoppers, and then a flood got my Amigaworlds and Micro Cornucopias. And Transactors, for that matter. I promise: I have moved somewhere far less likely to incur such unpleasant circumstances. Thanks, -Ken Michael ODonnell michael.odonn...@comcast.net wrote: Just unearthed some Dr. Dobbs magazines from the years 1980 thru 1984 (complete except for a handful of issues) and also Volume 1 Number 2 from 1976. Anybody want 'em? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Files, unliking, access, oh my.
Hey, all. For various esoteric reasons, I'm wondering if someone can tell me the answer to this question. If process A is reading from a file, and process B deletes it, process A can continue to read from it until... well, until it stops reading from it. Can that space that the file takes up be overwritten during this interim? Or does the OS hold the inode sacrosanct until both references AND processes are no longer making use of it? Or is it something else entirely, and I'm going down the wrong road? Thanks! -Ken -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: [OT] Corner cases in Ruby/Javascript (WAT!)
Yah -- I went to show this to someone teaching a JavaScript course, and in the course of googling, bumped into an interesting explanation of *why* the JavaScript acts the way it does: http://stackoverflow.com/questions/9032856/what-is-the-explanation-for-these-bizarre-javascript-behaviours-mentioned-in-the On 2013-02-18 08:18, Michael ODonnell wrote: For entertainment puprposes only: a brief (4:18) video poking fun at corner cases of some Ruby/Javascript operators/syntax - http://www.youtube.com/watch?v=D0EIZa5e9q4 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Authenticating users against AD *without* joining the domain?
Ben said: Can you explain what you're after in a little more details, please? E.g., are you wanting users to be able to SSH in, type a username and password for an AD account, and have those checked against a Domain Controller? *sigh* Yeah, I realized (much) later that I wasn't descriptive enough. That's *exactly* what I'm looking to do -- basically, I see it like this: if they can bind to the AD server with the credentials (via LDAP, which is woo feasible), then I want to let them in. And, yes, all via ssh. -Ken Or... what? :) -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Green screen.
Good evening, all. I must be getting responsible or something, but I'm getting roped in to the Amherst PTA's Math and Science Night activity. (Except that this year, it's gonna be in the day.) This year's theme looks as if it's going to be weather, and a really solid idea for a fun activity was the proverbial TV weatherman green screen. I have to imagine this would be feasible with Linux -- anyone have any suggestions on leads to hunt down? Thanks! -Ken -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Authenticating users against AD *without* joining the domain?
Hey, all. At my new employer, it basically takes an act of God to get a Linux box to join the domain. I'd be just plain happy if I could use an AD server to let users authenticate against LDAP, and then log in. Any idea how to make that happen? Worst-case, I'm thinking of doing some sort of Apache/LDAP thing, but if anyone's got any bright ideas, I'm all ears. Thanks, -Ken -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Chromebook -- wow?
So, as I'd mentioned, I've been enjoying my little quad-core ARM board. And when my wife and I decided my six-year-old should have her own computer (for games and even homework), I thought that would be the perfect thing -- except that it's an ARM. So I set it up, and was rather pleased, until I tried to do Adobe Flash. No-go. The particular ARM variant (I don't remember the nomenclature) has no Flash client, and none is expected. Since the vast majority of kids' sites require Flash, this was a show-stopper. So we bit the bullet, and decided to get a laptop. We both independently thought about the Chromebook -- the first time I'd seriously considered buying one. But it's perfect for her: very unlikely to get viruses, does all the sites she needs, and don't need anything local to talk about. We went with the Acer -- the Samsung looks a bit spiffier, and has an SSD for crazy fast boots, but 320 GB disk and a physical ethernet port pushed me over for the Acer. It looked an awful lot like an old Acer I'd had that I'd finally given up on because I couldn't upgrade to more than 4 GB. I seemed to recall hearing something about installing Ubuntu on the Chromebook, so I googled. And wow! You'll be violating your warranty, but for $200 and an hour's worth of your time, it looks like you can get a really nice Ubuntu laptop: * 320 GB * 2 GB RAM expandable to *16 GB* -- HOLY THE SMOKES (two DIMM sockets) * 11.6 screen * 3 lbs. weight * Dual-core 64-bit Celeron The big caveats are that the RAM upgrade will void your warranty, and you have to go through some hoops[1] to do an install -- you have to put the machine into developer mode, and, apparently, deal with a boot-time warning that slows down your boot process. But for a system with those specs, for *$200*... well, I just might give it a go. If anyone else has gone down this road, I'd be interested in hearing about the experience. -Ken 1: http://liliputing.com/2012/11/how-to-install-ubuntu-12-04-on-the-199-acer-c7-chromebook.html and http://chromeos-cr48.blogspot.com/2012/04/chrubuntu-1204-now-with-double-bits.html offer a solid look at what's needed. -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Chromebook -- wow?
So, as I'd mentioned, I've been enjoying my little quad-core ARM board. And when my wife and I decided my six-year-old should have her own computer (for games and even homework), I thought that would be the perfect thing -- except that it's an ARM. So I set it up, and was rather pleased, until I tried to do Adobe Flash. No-go. The particular ARM variant (I don't remember the nomenclature) has no Flash client, and none is expected. Since the vast majority of kids' sites require Flash, this was a show-stopper. So we bit the bullet, and decided to get a laptop. We both independently thought about the Chromebook -- the first time I'd seriously considered buying one. But it's perfect for her: very unlikely to get viruses, does all the sites she needs, and don't need anything local to talk about. We went with the Acer -- the Samsung looks a bit spiffier, and has an SSD for crazy fast boots, but 320 GB disk and a physical ethernet port pushed me over for the Acer. It looked an awful lot like an old Acer I'd had that I'd finally given up on because I couldn't upgrade to more than 4 GB. I seemed to recall hearing something about installing Ubuntu on the Chromebook, so I googled. And wow! You'll be violating your warranty, but for $200 and an hour's worth of your time, it looks like you can get a really nice Ubuntu laptop: * 320 GB * 2 GB RAM expandable to *16 GB* -- HOLY THE SMOKES (two DIMM sockets) * 11.6 screen * 3 lbs. weight * Dual-core 64-bit Celeron The big caveats are that the RAM upgrade will void your warranty, and you have to go through some hoops[1] to do an install -- you have to put the machine into developer mode, and, apparently, deal with a boot-time warning that slows down your boot process. But for a system with those specs... well, I just might give it a go. If anyone else has gone down this road, I'd be interested in hearing about the experience. -Ken 1: The steps involved don't seem particularly arduous -- certainly not on par with rooting a phone. The following are two sites that offer up a fair bit of detail; the second one is, I believe, the developer's site, itself, but I like the intro the first site gives. * http://liliputing.com/2012/11/how-to-install-ubuntu-12-04-on-the-199-acer-c7-chromebook.html * http://chromeos-cr48.blogspot.com/2012/04/chrubuntu-1204-now-with-double-bits.html -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Windows 8 (or, more likely, UEFI) warning.
Hey, all. I was at a friend's house the other day, and there were some issues with their WiFi router. Alas, I hadn't brought my computer (I know, I know...), so I asked to borrow one of theirs, with the thought of booting up to Linux. (For whatever reason, Windows was having a hard time contacting the router; Linux had been proven a week prior not to have said issue.) The first laptop that came to hand was a new Dell with Winders 8 and UEFI. I was a little worried -- but what's more passive than booting from a USB key? Apparently, the answer to that question is *not* booting from one at all. Wouldn't boot to Linux. Well, okay. Let's try Windows 8. Wouldn't boot to *Windows*. First it tried to do a repair of some sort -- failed miserably. Then it wouldn't get further than the Dell splash screen. Eventually wound up disabling UEFI secure boot, which allowed it to go into Windows -- whereupon I gave it back to the by-now very nervous laptop owner, and let the damn WiFi be. Bottom line -- I think we, as Linux weenies, are gonna have to play with damn UEFI and get a feel for it. Is it uniform across vendors? Can I always go for the disable secure boot option (which would, presumably, allow me to boot Linux)? Has anyone with a newer laptop had any similar experiences? -Ken -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com/links/en/frams.html ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/