Re: [PLUG] A Philosophy for Reliability: Lessons learned from 40 years of System Administration
or's account credentials 5. No production e-mail goes to the system administrator directly. They are all directed to a single, centrally administered alias or mailing list (e.g. "sysadmin") that can be easily changed as personnel change. 10. *Disaster recovery* - as much as budgets and time will permit, plan for disaster. Full disaster recovery plans and regular tests are ideal, but typically judged not financially feasible. Failing that, the following must be done at the very least: 1. Reliable back-ups that are adequate for complete recovery must be performed consistently and kept off-site 2. Documentation must be available to guide a competent technician through the overall back-up and restore process 3. The location of the back-ups and documentation must be known -- -------- Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Thursday meeting is on!
Michael is on vacation, and may have forgotten to send out an announcement. So, I'll do it myself. I don't think I have posting permissions on the announce list though, so perhaps someone who does could rebroadcast it there. And it would be good if someone could touch base with PSU, just to make sure they know we're coming. -Brian Portland Linux/Unix Group General Meeting Announcement Who: Brian Martin What: A Philosophy for Reliability: Lessons learned from 40 years of System Administration Where: PSU, 1930 SW 4th Ave. Room FAB 86-01 (Lower Level) When: Thursday, September 7th, 2017 at 7pm Why: The pursuit of technology freedom After spending 40 years being a System Administrator, frequent PLUG attendee Brian Martin will share what he's learned in his quest to be the best System Administrator he could be. While primarily targeted at system administration, many of his points are equally applicable to programmers, web developers, and anyone working in IT. Bring your questions and experiences for a vibrant discussion. Bio: Brian first laid hands on a computer in 1970. He earned his first money in IT ($5) in high school, and continued contract programming through college. After working for many years as a system programmer in government and private industry he began his own consulting company in 1994. He relocated to Portland in 1996 in the successful pursuit of love, and has been here ever since. He lives with his wife and and a pair of dogs on the west side. He enjoys eating out with friends, live performances of jazz, comedy, and Shakespeare, games of all kinds, and hopes to return to hiking and photography in retirement. Tim Bruce will be chairing the meeting. With Michael gone, Tim in the chair, and Brian speaking, it should truly be a case of the inmates running the asylum. Many will head to the Lucky Lab at 1945 NW Quimby St. after the meeting. Rideshares to the Lucky Lab available PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings. PLUG Page with information about all PLUG events:http://pdxlinux.org/ Follow PLUG on Twitter:http://twitter.com/pdxlinux See you there! Michael Dexter PLUG Volunteer ___ PLUG-announce mailing list plug-annou...@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug-announce Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Linux Widows Guide
> We are considering a project over the next year: > writing a "Linux Widow's Guide". Perhaps that title > is sexist; I have met many competent women Linux > adepts, but none with a non-techy husband depending > on Linux systems that she exclusively maintains. > "Linux Widow(er)s Guide" seems clunky and harder for > a librarian to catalog, but might actually sell better. Yes, in my opinion, "Linux Widow's Guide" is sexist. Also, it's unnecessarily narrow. Besides widows and widowers, what about new divorcées, or families whose in-house tech-support's reserve unit got called up for a free trip to Afghanistan. How about "Caring for your Linux system", possibly followed by "(when your tech-support person is gone)"? I'm actively not looking for projects right now. Check back with me in six months and we'll see. -B ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Open Source Licenses
> My suggestion: GPL v.3 or later. What about the so-called "viral" component of GPL? If someone take a script of mine and grows it into something bigger and better and amazing, I don't think I'm concerned about how they license it. As long as they don't restrict use of the original code or other people's ability to also grow that original code, I'm OK with them selling their new widget. -Brian ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Open Source Licenses
I think this is going to be the beginning of a long thread -- or else I'll get crickets. I have some BASH scripts, PERL scripts, PERL modules, sample configuration files, etc. that I want to publish. I know that there are those are on the list that have studied open source software licenses a lot more than I have. I'd like to get some help narrowing down the licenses I should consider. Here are my requirements: - Anyone should be able to have free, unrestricted use to the material for their own internal use, be those private or commercial. - No one should be able restrict others from using it. That is, they can't copyright or otherwise legally try to control it themselves. - I don't care if someone sells a work that includes my code (e.g. they build and sell file servers, and use my code inside as part of the larger operation). - I would prefer that people can't sell my code as-is, or with trivial modifications, but that may be splitting things too fine. - I'm not terribly concerned about attribution, except perhaps for the benefits of preventing people from selling the material when it is already available for free. There are probably other scenarios I haven't considered, and I'd be interested in being enlightened on those topics, too. Currently I'm leaning towards the 3-clause BSD license, but I'd like the input of people that know more about the topic. -B. -- Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Roundcube as an alternative...
On 04/11/2017 07:21 AM, plug-requ...@lists.pdxlinux.org wrote:
> Frustrated with Horde Webmail, I switched to RoundCube. Unfortunately,
> I am using in the clear port 25 smtp and in the clear port 143 imap.
> Can't figure out how to configure postfix and dovecot otherwise. Horde
> will probably work with in the clear imap and in the clear smtp, but
> this isn't acceptable if I access email remotely over the Internet.
You can certainly configure Postfix and RoundCube to use secure ports.
You probably need to leave port 25 open for inbound mail from other
organizations (unless this is a send-only mail server), but you don't
need tu use port 25 for to accept submission of outbound mail from you,
even if you're on the road at the time. Most sites configure port 587
for "submission" of outbound e-mail, and it's configured to require
encryption and a login. This is done in Postfix, as Dovecot doesn't get
involved in outbound mail except possibly for authentication. There's
more than one way to do it, but here's one implementation. I don't do
these all that often, but I think the basics are all here. Others can
chime in to correct anything I've missed.
1) Add the following to master.cf
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_reject_unlisted_sender=yes
-o
smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
2) Add the following to main.cf
smtpd_sasl_auth_enable =yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
3) Make any necessary adjustments to your firewall for port 587.
4) Add the necessary pieces to Dovecot to allow Postfix to authenticate
through it. See below. Or, use some other authentication mechanism to
check passwords.
That will take care of the sending side of things. You can also
configure Dovecot to accept encrypted IMAP (aka IMAP/S) connections,
typically on port 993, so you can pick up your mail securely. I find
the following items in my Dovecot configuration that are relevant.
Different distributions structure Dovecot configuration files
differently (some have everything in one file, others break things out
into separate files in various ways), but as long as all the pieces are
accounted for you should be fine. Again, others are encouraged to
correct me on anything I missed.
service imap-login {
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
}
ssl = yes
ssl_cert=
http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Firefox 'blank' opening page
Rich, > Apparently my firefox upgrades over the past couple of years did not > upgrade the UI. Hence, the issues I had a few weeks ago. Those issues were > fixed by letting firefox create a whole new subdirectory. > > Now, when I open firefox -- and the preference is for a blank page -- I > get this annoying "I'm so embarrassed I could not load the tabs you had open > when you killed me." I tell it to go away rather than restore outdated data. > > Is there a way to get a plain empty page instead of this 'helpful' one? That's not a helpful page, that an "Oops, I crashed last time" page. It says that firefox didn't shutdown normally. Still, it happens often enough that I turned it off. Here's how: 1. Enter a URL of "about:config" and press enter. 2. Accept responsibility for knowing what you're doing. 3. In the Search box, enter "crash" 4. Change the value of "browser.sessionstore.resume_from_crash" to false. 5. Close the about:config tab. That's it. -B. Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] PLUG Advanced Topics Volunteer?
On 03/20/2017 09:43 AM, plug-requ...@lists.pdxlinux.org wrote: > I could not possibly manage advanced topics because I know so little > about the subject. But I wanted to take a moment to thank Michael for > all he has done for PLUG! I heartily second JJJ's sentiment regarding Michael! -B ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Automating data entry
> A mail list subscriber used to spend his days manually entering financial > data from a spreadsheet to the bookkeeping software, with many split > transactions and multiple currencies and accounts. Then he discovered this > tool: <http://sikulix.com/>. > > With my superficial look at that web page I get the impression that it's > an enhanced 'expect' that might be useful to folks here. Interesting. I've done similar work in the MS world with AutoIT, but this looks like a multi-platform solution. Screen scraping and response is never pretty, but sometimes it's the only way. In those cases, tools like these can be invaluable. -- -------- Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] (OT) Backup Software Suggestions (Mark Phillips)
I also have used dirvish (dirvish.org) for years, both in my office and at my client sites. Depending on circumstances, I use a variety of storage solutions: - For small sites, I use a USB disk drive, which I automount when needed and dismount when it's idle. Of course, you could do the mounts by hand, too. I usually have 3 or more disks, which I rotate off-site on a regular basis. Rotation means a fire doesn't destroy your machine *and* its only back-up. It also gives you some coverage in case of a drive failure on your back-up drive. - For larger sites, I use a full size hard drive or a collection of drives in hot-swap SATA enclosures. I use the automounter the same, and rotate them out as needed. - For sites that have multiple locations, I have two dirvish installations at different locations. Each backs up the "other" site to local, RAID-ed hard disks, which just live there permanently. I've done full system restores from Dirvish. There are a few things Dirvish doesn't get on the back-ups, and most back-ups don't get these either. These include: - the boot sector - partition layouts - databases. Dirvish backs up database files, but they're probably not any good unless the database server was down at the time. You can use the preclient setting in dirvish to shut the database down, or if it can't come down then use its native utilities to back it up to a flat file, and let dirvish capture that. I have code that dumps a lot of key information about a system (like the partition layout) to the local disk on a weekly basis, and dirvish captures that. That gives me the info I need to, say, rebuild a trashed partition layout on an otherwise sound disk. Dirvish is a "pull" backup approach, in that it runs in one place but can pull data from multiple machines if that's of interest to you. An alternative from a few years back is duplicity. I'm not sure of the current state of it, so you'll have to see if it's still active, but I suspect it is. Duplicity is a push solution, in that it runs on the machine that is to be backed up, and stores the data on a remote machine. Duplicity is able to use cloud storage in addition to remote solutions. Push solutions are good when your storage is available to you, but you can't otherwise manage the remote machine (e.g. can't install your own software, set up cron jobs, etc.). They are fine for small set-ups of just a machine or two, but don't scale well because you have to install them individually on each machine that needs back-ups. You also have to monitor the job on each machine to make sure it's working. Pull solutions like dirvish can handle an arbitrary number of machines in a single run, assuming you have a large enough back-up window. Good luck. Back ups are worth the effort. They've saved me many times. -B. -- -------- Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Migrating LVM installation to larger drive
> I installed Ubuntu 16.04 64-bit onto a 500 GB drive, and would like to > migrate the entire installation to a larger drive. S As always, there's more than one way to do it. All of them start with making sure you have a backup in case things go horribly wrong. After that, here's what I'd do: 1) Shut down the system 2) Plug in the new drive, in addition to the old drive 3) Boot up a rescue CD/DVD/USB drive. Anything that can get you to a memory-based Linux prompt will do. CentOS/RedHat/Ubuntu installation DVDs all have a rescue system on them, as I imagine do most others. 4) Become root, and run "dd if=/dev/OLDDRIVE of=/dev/NEWDRIVE bs=5120", replacing OLDDRIVE and NEWDRIVE with the appropriate drives. You can use fdisk -l to see the drives and their sizes, to be sure the rescue system named the disks the way you expect. 5) Power down and remove the old drive. At that point you can boot and run on the new drive, but you don't have any more space yet. 6) Boot up from the hard disk and add a new partition on the new drive covering the added space. Depending on your system, you may need to reboot or run partprobe on the disk for the kernel to recognize the new partition. 7) Extend your volume group onto the new partition. If your volume group is called "system" and your new partition is /dev/sda7: vgextend system /dev/sda7. You know what partition you created, and you can enter "vgdisplay" to see your volume group name if you don't know it. Step 4 is the most delicate -- if you cross up your drives you'll overwrite your data, so make sure you get those right. After that, you're done. Your volume group uses space off of two (or more) partitions on the same disk, but it will happily spread logical volumes across them if it needs to, so that's not a problem. There are other approaches that involve making the original LVM partition bigger, but they're more involved without much benefit over this approach. -Brian Martin -- Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] System Admins in Burlington VT?
All, A former staff member for a client of mine has relocated to Burlington VT. His new employer needs a sysadmin to straighten out their network. Does anyone have any recommendations or anti-recommendations for that part of the country? -Brian -- Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Affordable colo/vps in Portland/Seattle area (Alexandre Bedard)
On 03/11/2016 12:00 PM, plug-requ...@lists.pdxlinux.org wrote:
> Hi!
>
> I've recently moved to Portland and am looking at relocating my
> personal server closer to home. I was wondering if anyone had
> recommendations for affordable colo or vps services in the area?
>
> Leaning more towards colo as most VPS services charge an arm and a
> leg for the amount of storage I have.
>
> Thanks,
>
> Alex
Welcome to Portland, Alex. I moved here 20 years ago, and just love it.
You might look at Atmosera
<https://www.atmosera.com/services/colocation/> (formerly EasyStreet) in
Tigard. They offer a "colo condo" option where you can rent a fraction
of a cabinet if you don't need the whole thing. The minimum rental unit
is a 6" or a little over 3U. I find them to be very professionally
operated (e.g. card-key + fingerprint required to access the colo area,
each rack individually and uniquely locked). I also like the fact that
they provide crash carts and a work area suitable for executing that
emergency motherboard replacement.
There are lots of other colo facilities, from the low end right up to
ViaWest
<https://www.viawest.com/data-centers/oregon/hillsboro-data-center> in
Hillsboro, one of the highest rated colo data centers in the country. I
found this site that mentions both of these and a variety of others in
the area, though I can't speak to the pedigree of the website:
http://www.datacentermap.com/usa/oregon/portland/
Good luck. Maybe I'll meet you at a PLUG meeting some time.
-Brian
Brian P. Martin, Chief Consultant
Martin Consulting Services, Inc.
Phone: 503-617-4500
E-mail: br...@martinconsulting.com
Web: www.martinconsulting.com
Blog: www.pdxsys.com
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Disk drive secure erase tools
Per our discussion at the AT meeting this evening, here's the link for the secure-erase device I passed around: http://www.cru-inc.com/products/wiebetech/wiebetech_drive_erazer_ultra/ And here's a link to an article describing how to accomplish the same thing via Linux commands. The process is a little hokey to my mind, but it's always worked for me: https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase -Brian -- Brian P. Martin, Chief Consultant Martin Consulting Services, Inc. Phone: 503-617-4500 E-mail: br...@martinconsulting.com ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
