[PLUG] Where can one buy a DB25 connector locally?

[Tyrell Jentink]

With both RadioShack and Incredible Universe Fry's
Electronics closed, where do we buy cool things?

I'm after a pair of DB25 connectors... Heck, breakout boards would be super
cool, and Amazon has such beasts. I would probably be satisfied cutting a
DB25 Male to Female "Parallel" extension cable for it's connectors, if I
could even find one of those locally. Seems like an easy request, surely
the Portland Metro area has *something...*

Can I really not pay cash for a simple DB25 cable anymore? Aren't they
still used in telecom somewhere? And maybe some business machines? It just
doesn't strike me as a "dead" connector...

Re: [PLUG] Connecting to Multnomah County Library's ezproxy portal

[Tyrell Jentink]

I have performed two more tests...

1) I fired up my CentOS Stream workstation... It does NOT have a problem
loading the page.
2) I fired up Fedora in a VirtualBox VM back on my laptop... It DOES work
when I put it on a bridged network, it does NOT work when I put it on a NAT
network. I tried disabling the Windows Defender Firewall, but that had no
effect.

Suggesting that it's a Windows NAT bug of some sort, I suppose - A bug that
only triggers in some very specific combination of transparent proxy on the
library side, firewall and NAT at the gateway, and the Windows firewall
itself... Maybe one introduced in a relatively recent Windows Update, as
this DID work for us a few weeks ago. It's gotta be a VERY specific bug,
cuz no one is writing about it online... None of the combinations of words
I have tried have brought up anything directly describing my problems.

I suppose I'm stuck advising my housemates to use VMs, VPNs, or alternative
network connections, and then cross my fingers and hope it works itself out
in a future Windows update... I had really hoped there was something
obvious I hadn't tried...

On Sun, Mar 14, 2021 at 6:51 PM Russell Senior 
wrote:

> Have you tried a REAL linux? You could live-boot Ubuntu or something,
> which could eliminate windows as the problem. If you still have the
> problem, then it sort of narrows it down to your gateway device.
>
> On Sun, Mar 14, 2021 at 6:40 PM Tyrell Jentink  wrote:
> >
> > OK, I have tried a couple more things, and have more symptoms:
> >
> > First, I tried using the upstream "curl for windows" (instead of the one
> in
> > cygwin), and got a more familiar output, but no new success:
> > >
> > > *   Trying 205.173.218.15:443...
> > > * Connected to proxy.multcolib.org (205.173.218.15) port 443 (#0)
> > > * ALPN, offering h2
> > > * ALPN, offering http/1.1
> > > * successfully set certificate verify locations:
> > > *  CAfile: C:\Users\tyrell.WIN\Downloads\curl-7.75.0_4-win64-mingw
> > > (1)\curl-7.75.0-win64-mingw\bin\curl-ca-bundle.crt
> > > *  CApath: none
> > > * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> > > * Operation timed out after 300250 milliseconds with 0 out of 0 bytes
> > > received
> > > * Closing connection 0
> > > curl: (28) Operation timed out after 300250 milliseconds with 0 out of
> 0
> > > bytes received
> > >
> >
> > Then, just out of curiosity, I installed Firefox on Fedora for WSL (And
> > opened up Cygwin-X), opened  https://proxy.multcolib.org/login, and it
> > loaded just fine...  So now I suspect it's a Windows problem after all -
> > Maybe a specific Windows-with-Ubiquiti problem...  But I don't even know
> > what to call this error to search for it...
> >
> > To review:
> >
> >- On Windows directly, I can ping proxy.multcolib.org, but I can't
> >complete a TLS handshake in a browser (I tried Firefox, Chrome, and
> Edge)
> >or in curl (I tried both the Cygwin version of curl as well as the
> upstream
> >"Official curl for Windows" version)
> >- However, on Windows Subsystem for Linux, I am able to ping
> >proxy.multcolib.org and I can curl the page
> >https://proxy.multcolib.org/login from either Ubuntu or Fedora;
> >Additionally, on Firefox on Fedora on WSL, I can load the page in a
> >browser.
> >- This is the same laptop... So the same physical network card, the
> same
> >physical network, the same VLAN... It SHOULD even be the Windows
> driver
> >talking to the hardware...
> >- My Ubiquiti firewall isn't logging any dropped packets when I tell
> it
> >to log "Invalid State" packets... So it wouldn't SEEM to be
> Ubiquiti...
> >- It COULD be Windows? It seems to be affecting ALL of our Windows
> >laptops...  But Windows is ONLY having problems with this one site...
> >- AND, Windows isn't having problems at all when it's direct connected
> >to the internet, either directly to the Ziply WAN cable or through my
> >Android phone's hotspot...
> >- Android seemed to initially have some very similar problems as well,
> >but as soon as the page loads over Mobile, it caches whatever is
> failing,
> >so the failure becomes unproducable after just one success...
> >
> > I remain at a total loss...  This just doesn't make sense to me...
> >
> > On Sun, Mar 14, 2021 at 1:09 PM Tyrell Jentink 
> wrote:
> >
> > > OK, I'm simply trying to log in to view historical Oregonian articles,
> at
> > > the resource listed here:
> > > https://multcolib.org

Re: [PLUG] Connecting to Multnomah County Library's ezproxy portal

[Tyrell Jentink]

OK, I have tried a couple more things, and have more symptoms:

First, I tried using the upstream "curl for windows" (instead of the one in
cygwin), and got a more familiar output, but no new success:
>
> *   Trying 205.173.218.15:443...
> * Connected to proxy.multcolib.org (205.173.218.15) port 443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * successfully set certificate verify locations:
> *  CAfile: C:\Users\tyrell.WIN\Downloads\curl-7.75.0_4-win64-mingw
> (1)\curl-7.75.0-win64-mingw\bin\curl-ca-bundle.crt
> *  CApath: none
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * Operation timed out after 300250 milliseconds with 0 out of 0 bytes
> received
> * Closing connection 0
> curl: (28) Operation timed out after 300250 milliseconds with 0 out of 0
> bytes received
>

Then, just out of curiosity, I installed Firefox on Fedora for WSL (And
opened up Cygwin-X), opened  https://proxy.multcolib.org/login, and it
loaded just fine...  So now I suspect it's a Windows problem after all -
Maybe a specific Windows-with-Ubiquiti problem...  But I don't even know
what to call this error to search for it...

To review:

   - On Windows directly, I can ping proxy.multcolib.org, but I can't
   complete a TLS handshake in a browser (I tried Firefox, Chrome, and Edge)
   or in curl (I tried both the Cygwin version of curl as well as the upstream
   "Official curl for Windows" version)
   - However, on Windows Subsystem for Linux, I am able to ping
   proxy.multcolib.org and I can curl the page
   https://proxy.multcolib.org/login from either Ubuntu or Fedora;
   Additionally, on Firefox on Fedora on WSL, I can load the page in a
   browser.
   - This is the same laptop... So the same physical network card, the same
   physical network, the same VLAN... It SHOULD even be the Windows driver
   talking to the hardware...
   - My Ubiquiti firewall isn't logging any dropped packets when I tell it
   to log "Invalid State" packets... So it wouldn't SEEM to be Ubiquiti...
   - It COULD be Windows? It seems to be affecting ALL of our Windows
   laptops...  But Windows is ONLY having problems with this one site...
   - AND, Windows isn't having problems at all when it's direct connected
   to the internet, either directly to the Ziply WAN cable or through my
   Android phone's hotspot...
   - Android seemed to initially have some very similar problems as well,
   but as soon as the page loads over Mobile, it caches whatever is failing,
   so the failure becomes unproducable after just one success...

I remain at a total loss...  This just doesn't make sense to me...

On Sun, Mar 14, 2021 at 1:09 PM Tyrell Jentink  wrote:

> OK, I'm simply trying to log in to view historical Oregonian articles, at
> the resource listed here:
> https://multcolib.org/resource/historical-oregonian-1861-1987
> Specifically, the link goes to https://proxy.multcolib.org, and there in
> lies my problems.
>
> The below detailed tests were conducted on my laptop, which is running WSL
> on Windows 10, but the problems were first noticed on a different Windows
> computer... I SUPPOSE it's possible these problems are Windows-only? But I
> don't think the evidence is suggesting that... I'm using a Ubiquiti Dream
> Machine as my router and firewall; It's running Linux and IPTables "Under
> The Hood," but it abstracts everything into a web GUI. It *SEEMS* like my
> Ubiquiti firewall is detecting certain TLS handshakes as "invalid state,"
> but that doesn't make sense, does it?
>
> First, I seem to have no problem loading https://proxy.multcolib.org on
> my phone using the mobile network, so I conclude there is no problem on
> THEIR side... But I can't load that page same page on my phone on WiFi, so
> I am fairly certain it's not an OS specific problem, either... (However,
> once the page is cached, it reloads just fine regardless of connection...
> Does the TLS handshake get cached somehow? As some critical bit *IS*
> getting cached, and flushing the cache on phones is less simple than on a
> PC, reproducing results on phones is hit-or-miss)
>
> Second, I seem to have no problem loading https://proxy.multcolib.org on
> my laptop when it's connected to my phone's hotspot, or even when plugged
> directly into my Ziply internet... My laptop is running Windows, further
> supporting the hypothesis that it's not OS dependent. However, it won't
> load over my WiFi, so I suppose we are narrowing it to my router and
> firewall...  I don't have any drop rules in the firewall, aside from the
> default "Drop Invalid State" rule...
>
> But here's where it gets weird...  I CAN ping the URL from any host I have
> tried it, so it's not blocking the path outright... I can also curl the
> page from curl on Fedora on WSL and curl on Ubuntu on W

[PLUG] Connecting to Multnomah County Library's ezproxy portal

[Tyrell Jentink]

O, on to the firewall: I'm using a Ubiquiti Dream Machine (UDM). I have a
bunch of VLANs, one of which is isolated from the LAN and provides a direct
connection to the internet, without my local DNS messing with things...
Lots of firewall rules exist to bridge the local VLANs together, and to
prevent any of them from accessing the isolated VLAN... But the observed
problems exist on both the "regular" LAN and that isolated LAN... So I
suspect it's an inbound WAN rule? But I don't have any inbound WAN rules,
just the defaults...

I did get it to work for a bit last night by adding a higher priority
"Allow All" rule, possibly set to match only "Invalid" states... But I was
wholly uncomfortable with that approach, and removed the rule... This
morning, I was unable to reproduce that success... Which is too bad, as I
would have liked to try "Allowing All" from just the libary's IP...

Anyway...  Conclusion, when connected to my home LAN, I can access The
Entire Internet, but not this Multnomah County Library resource... It fails
TLS handshake...  But it works just fine in curl on WSL.  What gives?

I'm more than willing to redo any tests anyone might suggest... This is
striking me as magnificantly weird.

-- 
Tyrell Jentink
tyrell.jentink.net
___
PLUG: https://pdxlinux.org
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Whether to host one's own email these days?

[Tyrell Jentink]

I have been a GMail user since the beginning... I sometimes brag that I
have a "Second-Tier-Invite GMail account," cuz I got my invite from someone
who got their invite directly from a Google employee... One could call me a
fanboy. Of course, in those days, we knew damn well that webmail was
expensive, and that we were paying for it with our data, and I'm not sure
how any of that comes as a surprise to anyone now... Or how it's a bad
thing; Aren't targeted ads a GOOD thing?

I am also grandfathered into a free Google Suite account... Of course, it
doesn't have ALL the features of even the cheapest paid accounts... And I
might be tempted to start paying the $6 a month eventually to get some of
the domain management features I'm missing. At that juncture, I will become
annoyed that I'm paying with my data AND $6...

But my very biggest annoyance with gmail, and it's so annoying to me that
it makes all of the aforementioned completely irrelevant to me until it's
fixed, is the fact that we can't merge our accounts together; Sure, you can
add aliases to Google Suite accounts all day... No limits. But can you
permanently merge two gmail accounts into the same account? Or permanently
alias a Gmail account into a GSuite account? Or... OK, I'll give you that
those were slightly niche-y ideas, so how about merely changing your Gmail
address name from a maiden name to a married name? Approximately half the
population will change their names in their lifetime, and using the
first.l...@gmail.com format leads to... Messes.

Is all of that enough to justify me running my own email server? So far,
no... And I'm not sure how that would even help - My whole household is
Google users, none of us are abandoning our Gmails. On the other hand, both
my wife and I are running around with pre- and post-married-life GMail
accounts, neither of which can ever TRULY be abandoned for OAuth reasons,
and that can't be Good for Google...

Look at me: Worried about what's "Good" and "Bad" for Google... :P

On Sun, Sep 20, 2020, 15:54 Bill Barry  wrote:

> On Sun, Sep 20, 2020 at 5:31 PM Rich Shepard 
> wrote:
> >
> > On Sun, 20 Sep 2020, Eric House wrote:
> >
> > > And so the question: what are those of you who have the expertise to
> run
> > > an email server doing? Do you handle your own mail, or do you pay a
> > > service to do it for you? If the former, what are the leading choices
> on a
> > > Debian server? If the latter, services to be recommended?
> >
> > Eric,
> >
> > I don't know how you connect to the 'Net; that might affect your
> decision.
> > I, too, started with Aracnet and stayed with SpiritOne until it was
> > unceremoniously destroyed. Now I have ZiplyFiber (a rather ugly name in
> my
> > opinion and the third iteration of Verizon -> Frontier Comm ->
> ZiplyFiber).
> >
> > Anywho, I've been running postfix here since 1997 with all these guys. It
> > supports both my business and personal domain email accounts (my business
> > web site is hosted at nearlyfreespeech.net, but they don't support
> e-mail).
> > I've had no issues with it and I keep it upgraded as Wietse releases bug
> > fixes and the occasional new feature.
> >
> > I'm a happy camper running my own MTA because I control the filters that
> > reject most of the crap.
> >
> > HTH,
> >
> > Rich
> >
> >
> Does running your own email server completely stop Google from
> scraping your email? Your email is received by people that might be
> using Gmail. The $6 per month is annoying though.
>
> Bill
> ___
> PLUG: https://pdxlinux.org
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG: https://pdxlinux.org
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Ad free Plex?

[Tyrell Jentink]

I have a Lifetime Plex Pass. I would not go so far as to say Plex is
perfect; It makes some odd user interface decisions, it pushes it's
internal features in an ad-like way, it's players are buggy and crash in
indescript ways, the developers aggressively develop new features but never
revisit old bugs. In short, I REALLY wish it was open source...

But it is indeed ad free.

On Fri, Jul 24, 2020, 12:50 Michael Rasmussen  wrote:

> Can I subscribe to Plex to get an ad-free experience? I really hate
> having a movie interrupted by an ad. Is this possible in Plex?
>
> --
>   Michael Rasmussen, Portland Oregon
> Be Appropriate && Follow Your Curiosity
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Is a Linux Distro compromised?

[Tyrell Jentink]

>
> So there's no "chain of custody",  for lack of a better term, digital
> signature where one could look at the kernel running on a Linux system and
> trace it back to the original Linux kernel that was released?
>
No there's not; Not only that, in many cases, it's NOT the "real" kernel as
published by The Linux Foundation: Red Hat and Debian, at least and for
sure, maintain their own patch sets for the kernel; They do publish them,
of course, because the license requires it, but the resulting binary is
definitely not what was running in a Linux Foundation test server.

When dealing with binaries, though, you are placing trust in the developers
who built the distribution and the build environment, to have done so in a
trustworthy manner.

If you want more verification, you have to get the source code directly
from a trustworthy source, and compile it yourself.

If you want more verification than that, you have to actually read that
source code before compiling it.

 If you want "proof" from the developers, they need to do so in the sense
and form of a mathematical proof; That the specifications are implimented
correctly, that the code is compiled correctly, that the compiler is
working correctly, that the binary is what the source code defined, that
nothing was added or removed along the way. As far as I know, there is only
one kernel to have done so: seL4 ( http://sel4.systems/ ), but I'm not
nearly nerd enough to justify why one would care.
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Any Ubiquiti Experts Out There?

[Tyrell Jentink]

Should have looked this up before I hit 'send':
http://www.broadband-hamnet.org/hsmm-mesh-forums/view-postlist/forum-794/topic-794-emergency-power-and-poe-for-ubiquiti.html

In short: The spec (For the M2, NOT the HP... I didn't look that far) says
a minimum of 10.5v; So, get a passive injector, and run off 12v.

On Sun, Jun 30, 2019, 08:30 Tyrell Jentink  wrote:

> "Double the amperage" is nonsense... These power supplies are
> constant-voltage, the amperage is merely reporting how much current is
> available. Go into any Radio Shack and they will tell you
> that you need to match the voltage of the power supply, and EXCEED the
> Amperage <>Oh, wait
>
> The problem is that there is a TON of PoE equipment out there that doesn't
> follow 802.11af...
>
> I'm not an expert in Ubiquity expert, but there are also a ton of Amateur
> Radio operators out there using Bullet M2-HPs on field deployable
> networks... How are they powering them?
>
>
> On Sun, Jun 30, 2019, 07:02 Louis Kowolowski 
> wrote:
>
>> You’re going to be looking at double the amperage if you cut the voltage
>> in half in order to maintain the same wattage. Simply cutting the voltage
>> in half w/o changing the amperage will result in half the power. I doubt
>> that the equipment will work properly at half the power, or with double the
>> amperage.
>>
>>
>>
>> > On Jun 30, 2019, at 8:16 AM, Michael Barnes 
>> wrote:
>> >
>> > I'm considering using some Ubiquity radios (Ubiquiti BULLET-M2-HP) for a
>> > field deployable network. They say they use PoE to power the units.
>> > However, the PoE specs say 48V, while the Bullet data sheet says says
>> max
>> > 24V. Ubiquiti has their own PoE power inserters, but they run off 120V
>> and
>> > I need this system to run off 12V. When I look for 12V PoE inserters,
>> they
>> > are for IP cameras that run from 12V and don't follow the actual PoE
>> > standard 802.3af.
>> >
>> > So, will I be able to power an Ubiquiti Bullet from 12V?
>> >
>> > Thanks,
>> > Michael
>> > ___
>> > PLUG mailing list
>> > PLUG@pdxlinux.org
>> > http://lists.pdxlinux.org/mailman/listinfo/plug
>>
>> --
>> Louis Kowolowskilou...@cryptomonkeys.org
>> <mailto:lou...@cryptomonkeys.org>
>> Cryptomonkeys:
>> http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>
>>
>> Making life more interesting for people since 1977
>>
>> ___
>> PLUG mailing list
>> PLUG@pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Any Ubiquiti Experts Out There?

[Tyrell Jentink]

"Double the amperage" is nonsense... These power supplies are
constant-voltage, the amperage is merely reporting how much current is
available. Go into any Radio Shack and they will tell you
that you need to match the voltage of the power supply, and EXCEED the
Amperage <>Oh, wait

The problem is that there is a TON of PoE equipment out there that doesn't
follow 802.11af...

I'm not an expert in Ubiquity expert, but there are also a ton of Amateur
Radio operators out there using Bullet M2-HPs on field deployable
networks... How are they powering them?


On Sun, Jun 30, 2019, 07:02 Louis Kowolowski 
wrote:

> You’re going to be looking at double the amperage if you cut the voltage
> in half in order to maintain the same wattage. Simply cutting the voltage
> in half w/o changing the amperage will result in half the power. I doubt
> that the equipment will work properly at half the power, or with double the
> amperage.
>
>
>
> > On Jun 30, 2019, at 8:16 AM, Michael Barnes 
> wrote:
> >
> > I'm considering using some Ubiquity radios (Ubiquiti BULLET-M2-HP) for a
> > field deployable network. They say they use PoE to power the units.
> > However, the PoE specs say 48V, while the Bullet data sheet says says max
> > 24V. Ubiquiti has their own PoE power inserters, but they run off 120V
> and
> > I need this system to run off 12V. When I look for 12V PoE inserters,
> they
> > are for IP cameras that run from 12V and don't follow the actual PoE
> > standard 802.3af.
> >
> > So, will I be able to power an Ubiquiti Bullet from 12V?
> >
> > Thanks,
> > Michael
> > ___
> > PLUG mailing list
> > PLUG@pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
>
> --
> Louis Kowolowskilou...@cryptomonkeys.org
> 
> Cryptomonkeys:
> http://www.cryptomonkeys.com/ 
>
> Making life more interesting for people since 1977
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] SSD Advice Needed

[Tyrell Jentink]

For your purposes, it probably doesn't ultimately matter much... You aren't
running a Data center, you aren't archiving emails, you aren't filing
taxes. Get a cheap one, do sensible backups.

Samsung Evo 960 series drives are consistently getting excellent reviews in
the blogs for best general purpose SSDs... But they are generally a bit
more expensive than what people have been suggesting... Probably lends
itself to the point that "Even cheap ones are good enough."

For what it's worth... My laptop is currently sporting a 500GB Evo 960 SATA
SSD, and it's performing very well.

On Sat, May 18, 2019, 11:04 Michael Barnes  wrote:

> On Sat, May 18, 2019 at 10:07 AM Dave Lien W7DAL 
> wrote:
>
> > Michael-
> >
> > I use $20 SSDs from Newegg and they work fine for general use. SSDs are
> > direct replacements for mechanical drives. For a low budget you can just
> > duct tape them in place if needed. Not a problem. You will be amazed at
> > how much faster they are.  Good luck.
> >
> > -Dave
> >
> >
> >
> Looked at Newegg. They have a huge selection of KingDian SSDs. Never heard
> of KingDian. Are they any good? Many options I have no idea what is what.
> That's what I get being out of the hardware game for over 10 years. No idea
> what TLC or MLC or any of the other options are. Suggestions appreciated.
>
> Michael
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Controlling resolv.conf...

[Tyrell Jentink]

On Mon, Mar 11, 2019, 13:44  wrote:

I have Spectrum cable where the ethernet connection to the modem receives a
dynamic ip address from Spectrum along with wrong name servers.

This is correct for resolv.conf:
search roch.robinson-west.com
nameserver 127.0.0.1

resolv.conf get's overwritten though by the modem...


No, not "by the modem," but rather "From the modem," or more specifically,
"From the DHCP server in the modem."

The distinction is that your machine does not and should not let any device
untrusted by you to access your machine, especially not the modem.

So, instead, Network Manager (Or, more specifically, DHCPd) is asking the
DHCP server for it's host configuration, and it's using it.

To be clear, Spectrum isn't "Forcing" these settings on you, your machine
is asking for them. This, however, is not what you intended for it to do.

I'm on a Debian Linux system. I need to ignore the nameserver settings from
Spectrum and the Spectrum search line.
Something called resolvconf will allow me to do this???


I don't know about resolvconf, and have never used it before...

When I want a client host to use DHCP to get an IP addresses but NOT DNS or
any other settings,  I configure NetworkManager to "Use DHCP Address Only."

Details on that method and two other approaches are available here:
https://askubuntu.com/questions/623940/network-manager-how-to-stop-nm-updating-etc-resolv-conf

Another thing I'm wondering about is what the proper firewall settings are
to allow clients on my RFC 1918 network to use
the proxy on my server. I'm also wondering about the legality of sslbump
and what people who have deployed this can tell
me about enabling https support in squid?


You are overthinking this... There is no legal problem with you doing
anything you want to any packet inside your network... It's your network...
You can do anything you want...

You can even use Penetration Testing software to "Hack" your own network...
That's what "Penetration Testers" and "Ethical Hackers" do. Sometimes, big
companies even pay people to try and hack their Network. Network security
is big money. It's only illegal if you trespass, or if you steal something,
or you go somewhere you aren't supposed to...

The internet is like the real world... Don't do things that are illegal in
the real world, and you will be OK.

For example... It's probably legal to open your wife or daughter's mail...
It's probably not mail fraud or anything, I mean, you are living at the
address on the label, and you are probably legal proxy enough to avoid
trouble... Mail Fraud doesn't even apply to the internet, so opening your
family's internet packets is doubly legal.


What you are trying to achieve is a "Transparent Proxy;" The "proper" way
of doing it is to NOT do a Transparent Proxy, and instead configure each
client to use the proxy as appropriate; Maybe block un-proxied access to
the WAN at the firewall, but DON'T do a outbound port redirect to the
proxy. The reason this is is correct is that you, as system admin, really
have no business breaking SSL... Even for your family. It's kinda like
reading your daughter's diary... It's not that it's illegal, one may even
be able to justify it to themselves... But it's kinda just not very polite.

Theoretically, I could have a list of https sites that are allowed and
disallow all others and not have a legal problem.


Again, you don't have a "Legal" problem at all... Just an ethical one.

But your wrong about how one whitelists and blacklists at the firewall: You
can't do it by URL, you have to do it by IP address... Some Enterprise
Layer 7 firewalls try to emulate that effect by tracking sessions by IP,
Port, and DNS Lookup, but it's not available on Linux or FreeBSD firewalls,
and it's far from foolproof... Let's postulate that two popular domains are
both hosted by AWS, and have the same IP... How would the firewall track
both sessions? Thus why only Enterprise routers have the feature...

With google pushing web sites
to go https, it's not just banks and credit unions using it anymore. Even
google search is https. Uge!


This isn't Google being evil... This is Google telling web admins that
protecting their customers privacy is not optional, and isn't acceptable...
This is a GOOD thing, and to advocate for poor security merely because you
want to control what your family can and can't see on the internet is...
Well, confusing.

This is a nightmare for anyone who wants their
Internet connection content filtered. Content filtering by it's very nature
requires a man in the middle. The https protocol is supposed to guarantee
that there isn't a man in the middle. Some countries evidently will
prosecute you if you filter https connections. If I'm a business owner or a
home owner
running a network at home, what am I supposed to do?


If your a small business, and you want to monitor and control your
employees, you could start by hiring trustworthy employees, and then
statically configure their browsers 

Re: [PLUG] large format (>=13 x >=20-inches) flatbed scanners?

[Tyrell Jentink]

I don't have an answer, but I am interested in the community's response.

I would be very tempted to join a makerspace that had a large format
flatbed scanner, a large format vinyl plotter/cutter, and a large format
pen plotter (I do Geographic Information Systems as a hobby, so i'd be
interested in even larger sizes... Up to 36" or 42" even... Not stuff a
hobbyist can afford). If they also focused on the industrial fabric and
sewing stuff, my wife would be a member, too... I haven't traditionally had
luck in finding maker spaces that have either, although I suspect a club
could find a common set of equipment that benefits both groups... If such
groups even exist 

On Wed, Jan 30, 2019, 16:54 Russell Senior  Here's a fragment, for reference:
>
>   https://personaltelco.net/~russell/ascii-detail-2019-01-29-16-46-56.png
>
> On Wed, Jan 30, 2019 at 4:51 PM Russell Senior 
> wrote:
>
> > Optical distortion. I want to digitize the pen plotting so it could be
> > reproduced.
> >
> > On Wed, Jan 30, 2019, 16:22 W7DAL  wrote:
> >
> >> How about taking a photograph?
> >>
> >> Sent from my iPad
> >>
> >> > On Jan 30, 2019, at 3:24 PM, Russell Senior <
> russ...@personaltelco.net>
> >> wrote:
> >> >
> >> > I have a poster, an ASCII CODING CHART, from Milne Computer Center at
> >> OSU
> >> > that's been on my wall for 30+ years. It was originally produced with
> a
> >> pen
> >> > plotter and has some nice font effects.  I'd like to get it scanned. I
> >> > tried on my flatbed scanner, but the working surface is too small and
> I
> >> > need 6 scans to get it all (I realize I could do it in 4 with a
> >> different
> >> > orientation), and stitching it together is *not perfect*.  I am aiming
> >> for
> >> > perfect.
> >> >
> >> > Does anyone have a large format scanner that can do at least 13x20
> >> inches?
> >> > I'd like 1200 dpi, but even 300 would be an improvement over my bodge
> >> job
> >> > of stitchery.  Or, do you know of a place I could reasonably get it
> >> done?
> >> > My initial searches suggest local commercial options are quite
> >> expensive,
> >> > like on the order of $50, which is moderately ridiculous, but maybe I
> >> > haven't found the right people yet.
> >> >
> >> > Also, does anyone have an HP pen plotter?
> >> >
> >> > Thanks!
> >> >
> >> > --
> >> > Russell Senior
> >> > russ...@personaltelco.net
> >> > ___
> >> > PLUG mailing list
> >> > PLUG@pdxlinux.org
> >> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >>
> >> ___
> >> PLUG mailing list
> >> PLUG@pdxlinux.org
> >> http://lists.pdxlinux.org/mailman/listinfo/plug
> >>
> >
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Android chrome and safety warning...

[Tyrell Jentink]

I think he's talking about this:
https://support.google.com/chrome/answer/3220216?co=GENIE.Platform%3DDesktop=en

I also think the risk is overstated... But I'm also a sipper of the Google
cool-aid.

On Tue, Jan 15, 2019, 07:39 Bill Weiss  Michael Christopher Robinson(mich...@robinson-west.com)@Tue, Jan 15, 2019
> at 07:08:24AM -0600:
> > I had an ill advised browsing session on my Android smart phone.  I was
> > looking for porn sites and we'll leave it at that.  Little did I know,
> > Chrome has a list builtin of sites that can track you and most porn
> > sites request to be on that list.  This list by the way doesn't clear
> > if you clear cache and cookies.  The reason I'm mentioning this is to
> > warn others that you can get texted the next day because of Chrome's
> > internal list which is potentially very dangerous.
>
> Do you have a reference on this? That seems like a non-feature, but there
> are some browser things that would look a lot like that that you can clear
> somehow.
>
> --
> Bill Weiss
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] TLDR++, a tool to search, study, and practice Linux commands on the fly...

[Tyrell Jentink]

On Sat, Jan 5, 2019, 13:24 Mike C. https://github.com/tldr-pages/tldr/blob/master/README.md

On Sat, Jan 5, 2019, 11:54 Ben Koenig https://distrowatch.com/dwres-mobile.php?resource=man-pages, and while that
doesn't speak one way or the other to your accusations, I suppose it speaks
to my priorities...

> As a LINUX user, should I trust documenation made possible by competing
> > platforms?
>

I suppose that's the nature of the debate that led to Git, isn't it... I
suppose I ultimately agree with Linus Torvolds on that one: If a tool is
good for you, use it.

--
Tyrell Jentink
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Copying all partitions of a drive to single partition/directory?

[Tyrell Jentink]

Your original question seemed to imply you wanted to maintain the partition
layout for some reason. If you do, disk images are the correct way to do
it... But, as others have said, you might not actually have meant to ask
for that...

If what you want is the files, not the partitions, you can use 'cp -a,' or
even 'rsync -a'.

IF you want the partitions, that's what a disk image is for. Disk images
are generally read only, but they are mountable.

I have used disk images in a lot of ways...
Related to your use case, I have used disk images to create "Archives" of
machine states; In other words, I can use that image to restore my full
disk back to it's current system state. Or, I can simply mount the "Old"
system into my new file system and copy a file out if I need it. Those will
typically be treated as "Read Only," after all, it's an archive.

I have also used disk images in virtual machines... They are really just
text files, mounted as loop devices and partitioned and formatted like a
block device... You can use them in any way you can use a block device,
including writing to it.

Heck, I have entire services running in disk images that are shared over
iSCSI... I mean, complex scenarios can be constructed with these things.

> The standard tool for taking a disk image is 'dd.' Man page:
> > http://man7.org/linux/man-pages/man1/dd.1.html
>
> That's where I started ;/
>

Then you have what you need...

> Theoretically, you can simply image the entire drive, partitions and all
> > intact exactly as they are presently, although I've never done it that
> > way... I have always imaged partitions directly... But I don't see why
> > either method would be "wrong," as long as you know how to mount the
> output
> > ;)
>
> That "Theoretically" is the kicker.
>

Ugh... I'm sorry for dispensing doubt... I *HAVE* worked with full disk
images in the context of Virtual Machines. I have even started with a plain
text file, mounted it with a loop mount, and partitioned and formatted it.
They work. They work well. When I said "Theoretically," I meant "Make sure
you know how this works before you do it," not "Don't do it."

>
> >
> > As for compressing it...
> > https://serverfault.com/questions/52260/compressing-dd-backup-on-the-fly
> > suggests you can simply pipe the output of 'dd' directly into gzip... But
> > one of the comments says not to use it for the purposes the original
> poster
> > suggested it for, so maybe read their warnings before following their
> > advice.
>
> I hadn't seen that particular article. But a similar one was what
> prompted me to post.
>
> I hoped there was a tool. As I intend to erase the hard drive in each
> machine before doing a fresh Debian install I NEED to have a copy in a
> safe place. I WANT it stored in such a manner that I can retrieve
> individual files/directories.
>

Once you dd the image... You can mount the image. With 'mount -o'  command.
This article appears to cover the ins and outs pretty well, although I just
glanced over it...

http://www.cs.montana.edu/~andrew.hamilton/cs560/VFS/mount.html

Don't know if what I want is actually possible.
> Don't know if there is something basic that I don't know.
> Thank you.
>
>
> >
> > On Fri, Jan 4, 2019, 06:08 Richard Owlett  >
> >> I wish to do fresh Debian installs to three machines {including
> >> repartitioning drives of each machine}. Each drive is nominally 250GB. I
> >> have purchased a USB connected 1TB drive to be the target.
> >>
> >> I like the ease of use of Clonezilla-live. But it intrinsically wipes
> >> the target drive completely. Compressing the output would be nice.
> >>
> >> TIA
> >>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] A survey of backup philosophies/methods?

[Tyrell Jentink]

https://xkcd.com/927/

Many (Most (All?)?) of the options that come up on your suggested search
are excellent... Read about each, try the ones that sound like they work
the way you want, settle on one that actually works the way you want...

ESPECIALLY because you have particular engineering requirements that none
of us can seem to understand, much less predict...

No one sits down and writes "Surveys" of backup solutions, because a backup
solution is dependent on the use case, the budget, the personality and mood
of the person making the decision, your threshold for damage by solar
flares, the current status of the ionosphere (OK, those last two may be in
jest)... You engineer it for your needs, on a case by case basis... The
tools you use are often dictated by the service or device you are backing
up to, or vice versa, or you just use RSync or one of it's shells to backup
to a SSD and call it a day...

I mean... You throw simple one liner questions at us, then complain about
the simple one liner answers we give you... Maybe reading some of the
articles provided by your search engine of choice (And understanding them)
will lead to valuable vocabulary?

Why are you expecting us to read your mind better than DuckDuckGo does? Are
DuckDuckGo's Engineers not at least as smart as I am?

On Sat, Dec 22, 2018, 10:47 Richard Owlett  On 12/22/2018 08:45 AM, David Fleck wrote:
> > On Sat, 2018-12-22 at 08:04 -0600, Rich Shepard wrote:
> >
> >> On Sat, 22 Dec 2018, Richard Owlett wrote:
> >>
> >>> Any recommended survey articles?
> >>
> >> Surveys about what?
> >
> > Backups.
>
> My search had been
> https://duckduckgo.com/html?q=file%20backup%20methods
>
> The hits were either too brief or too focused on only one aspect.
>
> I am looking for reading that will prompt me to ask the "right"
> questions to chose,
>
> I browsed some pages on rsync and dirvish.
> That reinforced my idea that I need to "survey the lay of the land
> before choosing a specific application.
>
>
> >
> > Personally, I have a script that uses rsync to copy files to an
> otherwise-unused desktop machine's hard drive. It works for me, but I doubt
> it's anything near a 'best practice'.
> >
> > --
> >
> > David Fleck 
> > ___
> > PLUG mailing list
> > PLUG@pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> >
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>

On Dec 22, 2018 10:47, "Richard Owlett"  wrote:

On 12/22/2018 08:45 AM, David Fleck wrote:
> On Sat, 2018-12-22 at 08:04 -0600, Rich Shepard wrote:
>
>> On Sat, 22 Dec 2018, Richard Owlett wrote:
>>
>>> Any recommended survey articles?
>>
>> Surveys about what?
>
> Backups.

My search had been
https://duckduckgo.com/html?q=file%20backup%20methods

The hits were either too brief or too focused on only one aspect.

I am looking for reading that will prompt me to ask the "right"
questions to chose,

I browsed some pages on rsync and dirvish.
That reinforced my idea that I need to "survey the lay of the land
before choosing a specific application.



>
> Personally, I have a script that uses rsync to copy files to an
otherwise-unused desktop machine's hard drive. It works for me, but I doubt
it's anything near a 'best practice'.
>
> --
>
> David Fleck 
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
>


___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] question on system

[Tyrell Jentink]

It's been several years since I looked into this... Like others have said,
the administrative overhead is substantial, and I ultimately decided that
it was just easier and more reliable (for my needs) to use Google.

That said... The top product I was looking at at the time was Kolab,
http://kolab.org, and it SEEMS to meet many of your requirements...

I consider it unlikely that a company of this size would be served by any
single application... If I were setting up Kolab for a client, a good
amount of energy would have to be put into questions like "How do we manage
users?" And "How do we manage storage?" And "How do we manage backups?"

Like, maybe you will find that managing lots of users pushes you into
needing an LDAP server, possibly with Single Signon. As you add these
"Supporting" services, your security footprint increases, and you may need
additional firewall and intrusion detection software; Maybe these services
should be on "Bastion Servers," individual servers for each service to
increase both performance and security... Maybe you virtualized some.

Maybe those questions lead to non-Linux answers... Maybe you find managing
the workstations of all those users works best with ActiveDirectory rather
than OpenLDAP; Maybe you find that managing the storage requires something
more robust than LVM on XFS or EXT4... And then is Kolab's file sharing
(WebDAV, if I remember correctly) enough for your users? Adding SMB and NFS
can have unintended complications.

And all of those questions have to be balanced against the inherent feature
creep that comes from wandering down this road.

For many companies, the answer is to simply let Someone Else do it...
Often, that Someone Else is Google.

On Wed, Sep 19, 2018, 13:40 logical american 
wrote:

> Hello again:
>
> Can anyone suggest a linux system server which will successfully do the
> following?
>
> 1. successfully imitate and replace the Google Groups program
> 2. successfully imitate and replace the Google gmail server
> 3. allow Google drive operations or simulate those operations
>
> I am seeking to move a large group of users (200-500) from Google Groups
> and gmail over to a stand-alone server and provide some type of Google
> drive functionality also for them, but at a bare minimum a common area
> to download files must exist so users can store their files.
>
> What would you suggest?
>
> The users are in the public domain.
>
> Thanks for the input
>
> - Randall
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] WHAT is the question? Re: To wiki ...

[Tyrell Jentink]

It seems to me that the question of "To wiki or not to wiki" is a question
FOR authors... It's not like school children get to say, "Hey, I don't like
movable, printable text in my text books... Anyone with a printing press
can fake this! Give me the same content, but engraved in gold platters, it
carries a higher archival quality!"

As a reader, your only choice is "To read the documentation, or not."

On Sat, Sep 15, 2018, 07:45 Richard Owlett  wrote:

> On 09/15/2018 09:07 AM, Tyrell Jentink wrote:
> > A wiki is used for community driven documentation; You could easily use a
> > Google Docs document to achieve a similar task; Or maybe you write the
> > documentation into your code, and use a parser to spit out an HTML5 based
> > website with just the comments, publish the whole lot to GitHub; Or maybe
> > you scribble notes on to a legal pad, and pass the legal pad around at
> > meetings...
>
> I'm asking as a reader looking background/overview not potential author.
> One of my long term goals is an alternative to a "Frequently Asked
> Questions". My awkward working title "Question Which Should be More
> Frequently Asked". FAQ looks better than QWSMFA ;/
>
>
>
> >
> > On Sat, Sep 15, 2018, 06:16 Richard Owlett  wrote:
> >
> >> On 09/15/2018 07:28 AM, Russell Senior wrote:
> >>> Yes.
> >>
> >> OK ;/ What might it be?
> >>
> >>
> >>>
> >>> On Sat, Sep 15, 2018 at 3:53 AM, Richard Owlett 
> >> wrote:
> >>>
> >>>> There are multiple carriers of information on the internet.
> >>>> Mailing lists and USENET groups stress timeliness.
> >>>> Wikis by nature can be more in-depth but can suffer from edits from
> >> edits
> >>>> by anyone independent of qualifications.
> >>>>
> >>>> I repeat my question. Is there an alternative to wikis.
> >>>> The question is explicitly community and/or topic agnostic.
> >>>>
> >>
> >> ___
> >> PLUG mailing list
> >> PLUG@pdxlinux.org
> >> http://lists.pdxlinux.org/mailman/listinfo/plug
> >>
> > ___
> > PLUG mailing list
> > PLUG@pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> >
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] To wiki or not to wiki. THAT is the question.

[Tyrell Jentink]

Also... While I'm at it... A couple of other thoughts...

First, Yes, wikis can be edited by {anyone that has an account}...
Although, that's not the same as {anyone on the internet}; I have been part
of projects in the past that only let accounts marked as "Developer" write
to the wiki, but anyone could write to the "Talk" page...

And that leads me to my second point... Wikis aren't just a collection of
articles... Each wiki has a version control system and a full history of
edits... If you suspect a page has been tampered with, you can check the
history for old versions. There is also a Talk page for each article, where
you can "Discuss" edits or proposed changes or what have you.

And third... Wikipedia has moderators... And lots of private wikis do, too.
It's not the wild west you seem to be afraid of... It's literally just a
piece of software that serves the task of managing and hosting articles and
content... It's no more or less trustworthy than any other content on the
internet.

Wikis are great... They solve a lot of problems that the old "Scribble
notes on a legal pad" solution created. No need to be scared.

On Sat, Sep 15, 2018, 07:21 Tyrell Jentink  wrote:

> As we have beat around the "You clearly have no idea what a wiki is" bush,
> I think we failed to answer your question...
>
> If your chosen scripting language has a wiki, and that wiki has your
> answers, then Yes, you should use it.
>
> It's not 1998 anymore; The fears over unmoderated edits to wikis have
> largely proven to be overstated, and aren't even true on Wikipedia anymore,
> where the claim was most prevelent. The simple fact of the matter is that
> wikis have enough eyes on them that, even if false information gets
> inserted, it won't last long.
>
> And on a wiki owned and operated by a specific project, the risk is
> essentially non-existent.
>
> Use the wiki. Your life will be more stress free.
>
> On Tue, Sep 11, 2018, 14:05 Richard Owlett  wrote:
>
>> To those who revere the BARD, I sort of apologize.
>> Did he not know how to turn a phrase?
>> P.S. I was taught the fundamentals of "headline writing" in Jr. High
>> more than 50 years ago. Did I get your attention?
>>
>> My underlying problem is OS independent. However, I seek a Linux
>> solution. For my preferred scripting language, in depth tutorials are
>> few. An acceptable solution would be a repository of commented working
>> scripts. My language of choice does have a wiki. HOWEVER, anyone can
>> modify anything at any time without immediate checks/balances.
>>
>> Where should I go looking?
>> TIA
>>
>> [also, am I too far OT?]
>>
>>
>> ___
>> PLUG mailing list
>> PLUG@pdxlinux.org
>> http://lists.pdxlinux.org/mailman/listinfo/plug
>>
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] To wiki or not to wiki. THAT is the question.

[Tyrell Jentink]

As we have beat around the "You clearly have no idea what a wiki is" bush,
I think we failed to answer your question...

If your chosen scripting language has a wiki, and that wiki has your
answers, then Yes, you should use it.

It's not 1998 anymore; The fears over unmoderated edits to wikis have
largely proven to be overstated, and aren't even true on Wikipedia anymore,
where the claim was most prevelent. The simple fact of the matter is that
wikis have enough eyes on them that, even if false information gets
inserted, it won't last long.

And on a wiki owned and operated by a specific project, the risk is
essentially non-existent.

Use the wiki. Your life will be more stress free.

On Tue, Sep 11, 2018, 14:05 Richard Owlett  wrote:

> To those who revere the BARD, I sort of apologize.
> Did he not know how to turn a phrase?
> P.S. I was taught the fundamentals of "headline writing" in Jr. High
> more than 50 years ago. Did I get your attention?
>
> My underlying problem is OS independent. However, I seek a Linux
> solution. For my preferred scripting language, in depth tutorials are
> few. An acceptable solution would be a repository of commented working
> scripts. My language of choice does have a wiki. HOWEVER, anyone can
> modify anything at any time without immediate checks/balances.
>
> Where should I go looking?
> TIA
>
> [also, am I too far OT?]
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] WHAT is the question? Re: To wiki ...

[Tyrell Jentink]

A wiki is used for community driven documentation; You could easily use a
Google Docs document to achieve a similar task; Or maybe you write the
documentation into your code, and use a parser to spit out an HTML5 based
website with just the comments, publish the whole lot to GitHub; Or maybe
you scribble notes on to a legal pad, and pass the legal pad around at
meetings...

On Sat, Sep 15, 2018, 06:16 Richard Owlett  wrote:

> On 09/15/2018 07:28 AM, Russell Senior wrote:
> > Yes.
>
> OK ;/ What might it be?
>
>
> >
> > On Sat, Sep 15, 2018 at 3:53 AM, Richard Owlett 
> wrote:
> >
> >> There are multiple carriers of information on the internet.
> >> Mailing lists and USENET groups stress timeliness.
> >> Wikis by nature can be more in-depth but can suffer from edits from
> edits
> >> by anyone independent of qualifications.
> >>
> >> I repeat my question. Is there an alternative to wikis.
> >> The question is explicitly community and/or topic agnostic.
> >>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] What Comes After Unix?

[Tyrell Jentink]

Fair enough; I read a quote a few days ago, but can't find it again to
properly cite... It was in reference to If Plan 9 Is Truly Better, Why
Linux? And it was to the effect of "The biggest risk to Great software is
Good Enough software," and that may be true...

But getting "Stuck" on 1960s technology isn't "Progress" either... And at
what point should the world suck it up, and swallow the cost of upgrading
For The Greater Good?

I also believe in competition, natural selection, and survival of the
fittest... 15 years ago, when I was first getting into Linux, I argued that
a heterogeneous population of hardware and software will encourage the
hurd-immunity of the whole  network... I argued that me, personally using
Linux actually made the whole internet safer, as a particular threat is
unlikely  to be effective against me,  AND the Windows Users, AND the Mac
OS users, etc. The "Diversity" was a good thing. And I THINK the researcher
in the original security article was making a similar point: By encouraging
competition among similar but not identical implimentations,  some will be
"Better" than others in certain ways, worse in others; Vulnerable to some
attacks, immune to others... But to hide it all away in the kernel prevents
competition... Interferes with the "Many Eyes" principle that Open Source
argues in favor of.

I guess I'm concerned that there isn't enough competition to keep the
internet safe. I'm concerned that capitalism, and the acceptance of work
flows that "Technically work, and are cheap enough to not want better" is
the enemy at hand...
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] What Comes After Unix?

[Tyrell Jentink]

I'm a young'n; I don't remember 4.4BSD or Research UNIX... I also come to
Linux from an IT background, not a Computer Science background, and maybe I
lack a certain historical perspective as a consequence.

I was recently reading an article that claimed Linux is insecure, because
of it's monolithic kernel codebase:
https://threatpost.com/researchers-blame-monolithic-linux-code-base-for-critical-vulnerabilities/136785/


That lead me down a trail of research on Wikipedia, trying to figure out
what they meant by that...  And I discovered a number of interesting things:

First, Many are likening it to a modern incarnation of the
Tanenbaun-Torvalds debates of the early '90s, which are also fascinating
https://en.m.wikipedia.org/wiki/Tanenbaum–Torvalds_debate

But also, UNIX itself is old hat: Research Unix was a 1960s and 70's
approach to operating mainframes... By the 80's, Bell Labs had grown bored,
and wanted to start playing with distributed systems on commodity PCs, and
they started a new project, Plan 9 From Bell Labs (
https://en.m.wikipedia.org/wiki/Plan_9_from_Bell_Labs); They doubled down
on the "Everything is a file, Programs should be small, and APIs should be
text based" philosophies... And they created the 9P2000 file sharing
protocol to share all of these "All resources are files" resources with
other computers... They also ignored existing standards, and had no
patience for existing software... It's still around, in the form of a
forked project called 9FRONT, http://9front.org. Fair warning: If you think
*BSD people are rude, these guys are worse in that they are also big fans
of sarcasm and irony... Rumor has it that new users regularly leave the IRC
crying...

9P2000 is still around, too, as the V9FS on Linux and many Unix like
operating systems, and growing popular in VM communities,
https://en.m.wikipedia.org/wiki/9P_(protocol)

Then Bell Labs grew bored again... And in the 90's, built Inferno (
https://en.m.wikipedia.org/wiki/Inferno_(operating_system) ), a system
built from lessons learned on Plan 9 From Bell Labs, but featuring a VM not
unlike Java; In fact, it can recompile Java bytecode to run natively.
Inferno is still around, developed by a third party:
http://www.vitanuova.com/inferno/

Both Plan 9 From Bell Labs and Inferno featured Microkernel technologies...
And in the '90s, Computer Science nerds grew obsessed over microkernels,
and born was the L4 microkernel architecture (
https://en.m.wikipedia.org/wiki/L4_microkernel_family); They never say so,
but one can see many design similarities between all of the microkernels
and the earlier Plan 9/Inferno experiments.

Where many like to argue that "Linux isn't an OS without GNU,"
microkernels are even less an OS than Linux... in that it doesn't even
directly manage user rights or block devices or network routing... All of
that gets built as servers running in userspace, and THIS is the security
the original article was citing: By getting all that complicated and
potentially buggy software out of the kernel, the kernel can then protect
from the faulty code, and UNIX like operating systems can be built on top.

Another project, Genode (https://en.m.wikipedia.org/wiki/Genode), aims to
add all the services needed to build more of the supporting framework of an
OS, I think of L4+Genode as being analogous to Linux; And a third, SculptOS
(https://genode.org/download/sculpt), to make it all a usable desktop OS,
akin to GNU/Linux.

SculptOS isn't a Unix system per se, and they are quick to say so in their
documentation, but they do use familiar tools as a convenient interface to
the system... Like Bash and VIM.

SculptOS is actually pretty cool, in that they achieved "General Purpose
OS" status by paravirtualizing Linux itself on top of the L4 kernel...
Think of it as GNU/Linux/L4 (GNU on Linux on L4), or something... I'm still
learning, too. There is a slight performance hit, but at 4%, it is
significantly less than a fully virtualized operating system... I think it
would be cool to run Windows and Linux side-by-side, each with only
marginal performance costs, and each running as a user service...

The guys over at ReactOS dismiss L4 as "Just a Hypervisor," but I think
they are missing the big picture... This is opening the door to running
entire operating systems as services next to each other... It's like
Docker, but with WHOLE OPERATING SYSTEMS!

I'm pretty excited... It's like taking my computer from a timeline where
the world stopped evolving in the 1960s, to something... A bit more
adventurous.

At least... It feels that way on paper... And so far, I'm living on paper,
LOL.

Of course... This entire history lesson ignores Mach, which is the
Microkernel under Mac OS and GNU/Hurd, and that might be interesting, too,
if GNU/Hurd weren't developing inside a drum of molasses in the Arctic...

Anyone else playing with any of these "next generation" operating systems?

On Thu, Sep 13, 2018, 05:25 Richard Owlett  wrote:

> On 09/12/2018 

Re: [PLUG] WHAT is the question? Re: To wiki ...

[Tyrell Jentink]

>
>  When/Why use a wiki for for what?  What question are you asking? Why do
> you
> > want to use a wiki? What do you want do with it?
> >
>
> Thought I answered that [...]
>

No, you did not...

> It could have read:
> > "My underlying problem is OS independent. However, I seek a Linux
> oriented solution.
>

No problem statement... Just a statement that a problem exists...

> My language of choice does have a wiki.


No identification of what the language is, or if you mean (Your language of
choice supports BEING a Wiki) or (Your language of choice can WRITE to a
Wiki) or (Your language of choice can READ from a wiki) or (Your language
of choice is DOCUMENTED in a wiki)? Remember, wiki is just a software... so
Do you see how each of those is a radically different question?

HOWEVER, anyone can modify anything at any time
> > without immediate checks/balances."
>

So... You blindly distrust all of them, regardless of the former answer...
So what am I answering again?

> For detailed questions I participate in ~40 mailing lists and USENET
> groups. [snip] >
> > I mention wikis as I look for background. Wikipedia is well written but
> to broadly aimed.
> > Arch wiki is well written and easily navigated but is narrowly focused.
>

So... You are looking for a community, not a wiki... Although, that
community might have a wiki, in which case you can decide for yourself if
you trust it.

We cant point you at a community unless you tell us more about what you are
looking for... A question you have not even remotely approached answering.
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] WHAT is the question? Re: To wiki ...

[Tyrell Jentink]

Here's where I perceive a communication gap: I think Richard Owlett is
looking for a community to support him in his (Sometimes eccentric)
projects... He has many, but none are quite eccentric enough, so he is
begging for us to point him to more...

But he isn't ASKING that... He's asking weather or not he should wiki...
And what that question ignores, and I think some of us technically minded
folk are getting hung up on, is that "Wiki" isn't a community, per se, it
is a software... And on the "Wiki software platform," communities can be
built...

Actually, that is probably also a poor way of looking at it... Wikis are
where communities get documented... Forums are where they discuss topics...
Mailing Lists are where they make announcements and coordinate events and
activities... All of these softwares are tools used by communities to
promote communication and ensure continuity.

The problem I perceive here is that Richard Owlett is focused on the
software, not on the community.

I THINK he seeks a community.

And I don't think any of us can help with that... Despite our best efforts.
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] To wiki or not to wiki. THAT is the question.

[Tyrell Jentink]

Without knowing your Underlying Problem, your Preferred Language, or your
goals? Or, basically, anything at all? And you blindly distrust all wikis?

Stack Overflow.

Good luck!

On Tue, Sep 11, 2018, 14:05 Richard Owlett  wrote:

> To those who revere the BARD, I sort of apologize.
> Did he not know how to turn a phrase?
> P.S. I was taught the fundamentals of "headline writing" in Jr. High
> more than 50 years ago. Did I get your attention?
>
> My underlying problem is OS independent. However, I seek a Linux
> solution. For my preferred scripting language, in depth tutorials are
> few. An acceptable solution would be a repository of commented working
> scripts. My language of choice does have a wiki. HOWEVER, anyone can
> modify anything at any time without immediate checks/balances.
>
> Where should I go looking?
> TIA
>
> [also, am I too far OT?]
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Password keeper

[Tyrell Jentink]

In the past, I have used KeePass; I liked that it was open source, and I
liked that it was offline and had no cloud components.

However, I also disliked that it was offline and had no cloud components...
If you only use one device, it's not so bad; But if you have a laptop, a
desktop, and a phone, then keeping those three databases up to date can be
a chore.

So now I use LastPass. I like that it's online and always cloud synced. (I
know... I'm being really wishy-washy about my needs and desires here)
But... It isn't open source, and I am putting all my eggs in one basket,
and it's a basket I have to trust blindly...  But damn, if it isn't
convenient...

I tend to recommend KeePass to people anyway, despite it not working for my
needs... Keeping the database synced isn't an impossible task or anything,
and it's obviously easier if you only want to use it in one place.

KeePass itself is Windows-only, but works just fine under Mono. Being open
source, there are other implementations... But I never had a problem with
their official software on Ubuntu or Fedora... But it's been a while now.

On Thu, Sep 6, 2018, 00:42 Loren M. Lang  wrote:

> I've recently been informed that an old website I once created an
> account on has been compromised, and, oh, they also stored all user
> passwords in plain text and were likely all stolen. Luckily, I've long
> replaced that password with several others on any services I currently
> use. Since I ultimately can't vet most web services I use and check the
> quality of their password hashing and salt algorithms, I'm thinking it's
> time to start generating a unique password for pretty much every service
> I use. What kind of password managers do you use for handling all this?
>
> In the past, I used to maintain them all in a GnuPG encrypted file and
> edit it through a Vim plugin, but that doesn't synchronize well.
> Ideally, I'd like something that will store passwords on-disk in an
> encrypted form and have some way to synchronize the database across
> devices. I tend to use Linux, macOS, and Android. I also use a mixture
> of both Firefox and Chrome so it would be nice to have some kind of
> integration. Oh, and no security application would be complete without
> being open source!
>
> --
> Loren M. Lang
> lor...@north-winds.org
> http://www.north-winds.org/
> AG7NC
>
>
> Public Key: ftp://ftp.north-winds.org/pub/lorenl_pubkey.asc
> Fingerprint: 10A0 7AE2 DAF5 4780 888A  3FA4 DCEE BB39 7654 DE5B
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] [OT ? ?? ???] Linux and computer literacy

[Tyrell Jentink]

https://ubuntuforums.org/showthread.php?t=2350138
That forum question addresses the issues at hand very well... You are using
a USB cable that emulates an Ethernet adapter, so switch out device names
accordingly, but there is literally no distinction from the software side.

IF IT WERE ME, I would do the file transfer through SSH/SCP: Install/Enable
SSH on one side, and use scp on the other side... He does offer advice on
the details in the answer above.

On Sun, Jun 24, 2018, 14:56 Chuck Hast  wrote:

> You know, I had this running with one of my cell phones and not
> intentionally,
> I would plug the thing into one of my laptops and it would setup the usual
> connection to move files around, BUT it would also setup a network
> connection,
> trying to use the cellular as another network path out (as if the Ethernet
> and
> WiFi connections did not count) It was such a PITA that one day I got tired
> of
> having to go in and kill it so I went in and killed it for good.
>
> But if you did an ifconfig you saw a network connection with assigned IP
> addys
> and all. I will see if I can get it to do so again, and try to see if I can
> get you
> the info on what it did.
>
> I did NOTHING to the system it did it all, the phone was and AT Android
> phone, a Galaxy S5 rugged.
>
>
>
> On Sun, Jun 24, 2018 at 4:09 PM, Richard Owlett 
> wrote:
>
> > On 06/24/2018 10:01 AM, Galen Seitz wrote:
> >
> >> On 06/24/2018 07:24 AM, Galen Seitz wrote:
> >>
> >>> On 06/23/2018 11:09 AM, Richard Owlett wrote:>
> >>>
>  Similarly for either end of cable plugged in to receptacle 1.
> 
> 
>  richard@debian-jan13:~$ # left end of cable in receptacle 1
>  richard@debian-jan13:~$  ls /sys/class/net/
>  enp0s25  enp0s29u1u1u1  lo
> 
>  richard@debian-jan13:~$ # right end of cable in receptacle 1
>  richard@debian-jan13:~$  ls /sys/class/net/
>  enp0s25  enp0s29u1u1u1  lo
> 
> >>>
> >>> I realize this is part learning experience for you, but I don't think
> >>> you necessarily need to be exploring the bowels of the sysfs
> (/sys/...) for
> >>> this.  Please post the output of the 'ip addr' command on both ends.
>  You
> >>> may already have a working connection between the two machines.
> >>>
> >>> galen
> >>>
> >>
> >> Oops.  I meant to send that to the plug list.  Please reply on the list.
> >>
> >>
> > This is ~ 1/2 of what you requested
> > I ran this on my laptop with only cable connected
> > The relevant lines begins "57:"
> >
> > root@debian-jan13:/home/richard# ip addr
> > 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
> > default qlen 1
> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > inet 127.0.0.1/8 scope host lo
> >valid_lft forever preferred_lft forever
> > inet6 ::1/128 scope host
> >valid_lft forever preferred_lft forever
> > 2: enp0s25:  mtu 1500 qdisc pfifo_fast
> > state DOWN group default qlen 1000
> > link/ether f0:de:f1:0c:d5:db brd ff:ff:ff:ff:ff:ff
> > 57: enp0s26u1u1u1:  mtu 1500 qdisc
> > pfifo_fast state UNKNOWN group default qlen 1000
> > link/ether 52:95:7f:8a:28:57 brd ff:ff:ff:ff:ff:ff
> > inet6 fe80::5095:7fff:fe8a:2857/64 scope link
> >
> > This was run on my laptop with nothing but mouse and cable connected.
> > I do not have a flash drive available to report what the desktop saw {via
> > sneaker net}
> >
> > To create context I will quote your post saying:>>> I realize this is
> part
> > learning experience for you, ...
> >
> > This project originally started in order to transfer files between a
> > laptop and a desktop without benefit of flash_drive &/or sneaker_net.
> > I purchased a thingy which claimed to do that in a WindoZe environment.
> >
> > Can Linux not outperform Gates & co?
> >
> > An underlying question is "Why *NOT*"?
> > There is an underlying comment.
> > Debian (Linux in general) has known what to do with absolutely *ANY* USB
> > device used. Why *NOT* this item? ?? ???  :<
> >
> > I cannot see that the "system" lacks info.
> > It needs to be told what to do with it.
> >
> > P.S. I was dealing with "customer"/"tech" support half century ago.
> > *NOT* same industry ;/ But you learn what are useful questions.
> > I'm missing something ;/
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ___
> > PLUG mailing list
> > PLUG@pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
>
>
>
> --
>
> Chuck Hast  -- KP4DJT --
> I can do all things through Christ which strengtheneth me.
> Ph 4:13 KJV
> Todo lo puedo en Cristo que me fortalece.
> Fil 4:13 RVR1960
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] [OT ? ?? ???] Linux and computer literacy

[Tyrell Jentink]

What are you even on about? It's a network device... "Gates and Company"
uses a really complicated, error prone piece of crap sync software to do a
one-time sync from a system running an old version of Windows to a system
running a newer version of Windows... Linux can very very certainly
outperform it... What we can't help you with is what you aren't explaining:

What are you trying to do?

If the answer is "Kludge this cable I know nothing about into sharing files
from one system to another," the answer appears to be simple, and we have
told you OVER and OVER:

You plug it into two computers.
You configure a static network connection on each side (Exactly like you
would with any network)
Then you share the files with {scp|rsync|Samba|NFS, or any other file
sharing technology you so choose),

And your done.

What are you asking?

On Sun, Jun 24, 2018, 14:10 Richard Owlett  wrote:

> On 06/24/2018 10:01 AM, Galen Seitz wrote:
> > On 06/24/2018 07:24 AM, Galen Seitz wrote:
> >> On 06/23/2018 11:09 AM, Richard Owlett wrote:>
> >>> Similarly for either end of cable plugged in to receptacle 1.
> >>>
> >>>
> >>> richard@debian-jan13:~$ # left end of cable in receptacle 1
> >>> richard@debian-jan13:~$  ls /sys/class/net/
> >>> enp0s25  enp0s29u1u1u1  lo
> >>>
> >>> richard@debian-jan13:~$ # right end of cable in receptacle 1
> >>> richard@debian-jan13:~$  ls /sys/class/net/
> >>> enp0s25  enp0s29u1u1u1  lo
> >>
> >> I realize this is part learning experience for you, but I don't think
> >> you necessarily need to be exploring the bowels of the sysfs
> >> (/sys/...) for this.  Please post the output of the 'ip addr' command
> >> on both ends.   You may already have a working connection between the
> >> two machines.
> >>
> >> galen
> >
> > Oops.  I meant to send that to the plug list.  Please reply on the list.
> >
>
> This is ~ 1/2 of what you requested
> I ran this on my laptop with only cable connected
> The relevant lines begins "57:"
>
> root@debian-jan13:/home/richard# ip addr
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1
>  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>  inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
>  inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: enp0s25:  mtu 1500 qdisc
> pfifo_fast state DOWN group default qlen 1000
>  link/ether f0:de:f1:0c:d5:db brd ff:ff:ff:ff:ff:ff
> 57: enp0s26u1u1u1:  mtu 1500 qdisc
> pfifo_fast state UNKNOWN group default qlen 1000
>  link/ether 52:95:7f:8a:28:57 brd ff:ff:ff:ff:ff:ff
>  inet6 fe80::5095:7fff:fe8a:2857/64 scope link
>
> This was run on my laptop with nothing but mouse and cable connected.
> I do not have a flash drive available to report what the desktop saw
> {via sneaker net}
>
> To create context I will quote your post saying:>>> I realize this is
> part learning experience for you, ...
>
> This project originally started in order to transfer files between a
> laptop and a desktop without benefit of flash_drive &/or sneaker_net.
> I purchased a thingy which claimed to do that in a WindoZe environment.
>
> Can Linux not outperform Gates & co?
>
> An underlying question is "Why *NOT*"?
> There is an underlying comment.
> Debian (Linux in general) has known what to do with absolutely *ANY* USB
>   device used. Why *NOT* this item? ?? ???  :<
>
> I cannot see that the "system" lacks info.
> It needs to be told what to do with it.
>
> P.S. I was dealing with "customer"/"tech" support half century ago.
> *NOT* same industry ;/ But you learn what are useful questions.
> I'm missing something ;/
>
>
>
>
>
>
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] [OT ? ?? ???] Linux and computer literacy

[Tyrell Jentink]

On Sat, Jun 23, 2018, 09:23 Richard Owlett  wrote:

> On 06/20/2018 06:40 AM, Richard Owlett wrote:
> > On 06/19/2018 11:10 AM, Galen Seitz wrote:
> >  [*SNIP*]
> >> Well, your Prolific PL25A1-based cable isn't just two Ethernet chips
> >> back to back, but it's close.  It uses the same networking framework
> >> as USB to Ethernet adapters.  Here's a bit of info on the driver.
> >> This is as much for Russell as for you.
> >> 
> >>
> >> With both ends of the cable connected, please run the ip addr command
> >> on one of your hosts and post the complete output.
> >
> > Will be in this afternoon's post.
> >
>
> I'm late.
> But the delay has been educational.
> Several times, when asked to run command XYZ, the response has been of
> the general form "that response was not consistent with what was
> previously posted about that command *AND/OR* what was reported for
> command ABC".
>

No... If I understand what you're getting at, that has been addressed, and
I was wrong... Everything looked plenty consistent, I just looked too
quickly.

OK, before you continue to get too far off track... Everything is perfect.
You have a network interface, dmesg told you it's name.

Now you can configure it like any other network interface. I assume you are
still using Debian? Here is their relevant documentation:
https://wiki.debian.org/NetworkConfiguration

You SHOULD even be able to do it in NetworkManager... Just set static IP
addresses on both sides.
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux centralized authentication

[Tyrell Jentink]

Oh... I meant to also mention... If you want to have a service authenticate
both inside and outside your network, that particular service will need to
have the same FQDN on both the inside and the outside of the network...
Since they aren't likely to share the same IP address (Public vs Private),
you MAY need to get very clever about your "Split Horizon DNS," Google for
more details.

On Tue, Jun 19, 2018, 13:35 Galen Seitz  wrote:

> On 06/19/2018 12:33 PM, Tyrell Jentink wrote:>
> > The second is FreeIPA, lives at 10.42.1.10 and it serves the
> lin.example.com
> > subdomain and the 1.42.10.arpa reverse domain. It has a conditional
> > forwarder to forward requests under win.example.com to 10.42.2.10
>
> Some questions for you:
>
> What is the FQDN of your ipa server?
>
> Are you using DHCP for client machines?  If so, where is it hosted and
> how does it interact with your DNS server?
>
>
> thanks,
> galen
> --
> Galen Seitz
> gal...@seitzassoc.com
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux centralized authentication

[Tyrell Jentink]

Both "Domain Controllers" are called 'pdc' on their respective subdomain;
So, 'pdc.win.example.com' and 'pdc.lin.example.com.'

Yes, my network has A LOT of infrastructure, for what is essentially a 3
user network... I did it as a learning experience, a "Home Lab," so to
speak (Or, "Home Production," if you will, since my wife would slaughter me
in my sleep if the Plex server ever went down...). I'm not convinced that I
would recommend it to anyone... LOL.

On Tue, Jun 19, 2018, 13:35 Galen Seitz  wrote:

> On 06/19/2018 12:33 PM, Tyrell Jentink wrote:>
> > The second is FreeIPA, lives at 10.42.1.10 and it serves the
> lin.example.com
> > subdomain and the 1.42.10.arpa reverse domain. It has a conditional
> > forwarder to forward requests under win.example.com to 10.42.2.10
>
> Some questions for you:
>
> What is the FQDN of your ipa server?
>
> Are you using DHCP for client machines?  If so, where is it hosted and
> how does it interact with your DNS server?
>
>
> thanks,
> galen
> --
> Galen Seitz
> gal...@seitzassoc.com
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux centralized authentication

[Tyrell Jentink]

Yeah, this was a struggle for me, too... Not just the forward domains, but
the reverse zones, too. It all required some thinking, and I think I'm
about to change some of it... But this is what I did at the get-go:

My domain name, let's use example.com, points at my public website, and my
FreeIPA domain is only accessible internally; I just don't have a need to
authenticate outside of the network.

Inside the network, I have three DNS servers... One is just a resolver on a
OPNSense firewall, and lives at 10.0.0.1. That isn't authoritative on any
domain.

The second is FreeIPA, lives at 10.42.1.10 and it serves the lin.example.com
subdomain and the 1.42.10.arpa reverse domain. It has a conditional
forwarder to forward requests under win.example.com to 10.42.2.10

The third is ActiveDirectory, serves the win.example.com subdomain and the
2.42.10.arpa reverse domain. It has a conditional forwarder to forward
requests under lin.example.com to 10.42.1.10.

Both of the authoritative servers point unresolved addresses to the
resolver at 10.0.0.1; It forwards to 1.1.1.1.

You run into problems if any given domain has two authoritative servers;
That is in both the forward and reverse domains, so you have to ensure that
each subdomain has a unique name -AND- a unique IP Address Space.

Does that set you on the right path, or do you need me to retry?

On Tue, Jun 19, 2018, 12:11 Galen Seitz  wrote:

> Dredging up an old thread here...
>
> On 05/02/2018 08:25 PM, Tyrell Jentink wrote:
> > I'm using FreeIPA here at home; As a product, it's really just a bunch of
> > scripts and a web interface for LDAP+Kerberos+Certificate
> management+Samba;
> > It aims to be a complete identity management system, a product designed
> to
> > compete with (Or at the very least, perform an analogous set of tasks to)
> > ActiveDirectory. It is completely open source, developed by Red Hat, for
> > Fedora, and I use it on CentOS, but it is available for a number of other
> > distros.
>
> If you (Tyrell) have the time, could you please describe whether you are
> using the BIND part of FreeIPA, and if so, the DNS architecture of your
> home network?  I've been struggling to come up to speed on this.
>
> I use openwrt as a router on my home network.  dnsmasq is enabled, and
> all of my internal machines have host.example.com names.  If dnsmasq
> doesn't recognize a name, it forwards the lookup upstream to the real
> dns host for my domain.  Given this setup, I tried several naming
> schemes for my ipa server.  With some setups the ipa-server-install
> failed early.  With others, the server install would basically work, but
> then in the client portion it would try to send DNS updates to the
> upstream DNS host.  These updates fail because my upstream DNS host
> isn't configured to expect updates.  My understanding is that these
> updates shouldn't be going to this host anyway.
>
> What finally worked for me was to create a separate subdomain.  I named
> my ipa server ipa-1.ipa.example.com, and my ipa domain ipa.example.com
> (with the Kerberos realm named IPA.SEITZASSOC.COM).  I had to add a
> server option in dnsmasq on my openwrt box to tell it to forward lookups
> in the ipa.example.com domain to my ipa server.
>
> Note that example.com is just an example.  I was using my actual domain
> name above.
>
> thanks,
> galen
> --
> Galen Seitz
> gal...@seitzassoc.com
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] [OT ? ?? ???] Linux and computer literacy

[Tyrell Jentink]

On the second side, the interface name is enp0s29u1u1u4. On the first side,
the output doesn't make sense, I would try again.

BUT, of interest, it looks like the hardware in the middle of the cable
turns out to be two Prolific USB-to-serial adapters back to back in
Ethernet Emulator mode... So, while this WILL work, it was also suggested
already, and failed the "Not ethernet" requirement in the original problem
statement...

On Tue, Jun 19, 2018, 08:16 Richard Owlett  wrote:

> Plug in one end of cable
> [ 1882.167155] usb 4-1.1.4: new high-speed USB device number 4 using
> ehci-pci
> [ 1882.278177] usb 4-1.1.4: New USB device found, idVendor=067b,
> idProduct=25a1
> [ 1882.278183] usb 4-1.1.4: New USB device strings: Mfr=1, Product=2,
> SerialNumber=0
> [ 1882.278187] usb 4-1.1.4: Product: USB Transfer Cable
> [ 1882.278191] usb 4-1.1.4: Manufacturer: Prolific Technology Inc.
> [ 1882.301597] plusb 4-1.1.4:1.0 usb0: register 'plusb' at
> usb-:00:1d.0-1.1.4, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1,
> 1e:1c:40:06:14:68
> [ 1882.301642] usbcore: registered new interface driver plusb
> [ 1882.306204] plusb 4-1.1.4:1.0 enp0s29u1u1u4: renamed from usb0
> [ 1882.333434] IPv6: ADDRCONF(NETDEV_UP): enp0s29u1u1u4: link is not ready
>
>
> Plug in other end of cable also
> [ 1887.342562] plusb 4-1.1.4:1.0 enp0s29u1u1u4: kevent 12 may have been
> dropped
> [ 1887.342580] plusb 4-1.1.4:1.0 enp0s29u1u1u4: kevent 12 may have been
> dropped
> [ 1887.344176] plusb 4-1.1.4:1.0 enp0s29u1u1u4: kevent 12 may have been
> dropped
> [ 1887.344197] plusb 4-1.1.4:1.0 enp0s29u1u1u4: kevent 12 may have been
> dropped
> [ 1906.022817] usb 4-1.1.3: new high-speed USB device number 5 using
> ehci-pci
> [ 1906.133374] usb 4-1.1.3: New USB device found, idVendor=067b,
> idProduct=25a1
> [ 1906.133381] usb 4-1.1.3: New USB device strings: Mfr=1, Product=2,
> SerialNumber=0
> [ 1906.133385] usb 4-1.1.3: Product: USB Transfer Cable
> [ 1906.133389] usb 4-1.1.3: Manufacturer: Prolific Technology Inc.
> [ 1906.134334] plusb 4-1.1.3:1.0 usb0: register 'plusb' at
> usb-:00:1d.0-1.1.3, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1,
> 1e:1c:40:06:14:68
> [ 1906.152962] plusb 4-1.1.3:1.0 enp0s29u1u1u3: renamed from usb0
> [ 1906.185788] IPv6: ADDRCONF(NETDEV_UP): enp0s29u1u1u3: link is not ready
> [ 1911.405952] plusb 4-1.1.3:1.0 enp0s29u1u1u3: kevent 12 may have been
> dropped
> [ 1911.405966] plusb 4-1.1.3:1.0 enp0s29u1u1u3: kevent 12 may have been
> dropped
> [ 1911.407590] plusb 4-1.1.3:1.0 enp0s29u1u1u3: kevent 12 may have been
> dropped
> [ 1911.407614] plusb 4-1.1.3:1.0 enp0s29u1u1u3: kevent 12 may have been
> dropped
> root@debian-jan13:/home/richard#
>
>
>
>
> On 06/19/2018 08:12 AM, Russell Senior wrote:
> > Just as an example of something remotely like what you might expect to
> see
> > in the dmesg output, here's what I see when I plug a usb-ethernet adapter
> > into a Ubuntu 16.04 USB 3 port:
> >
> > [...]
> > [2793539.351788] usb 3-2: new SuperSpeed USB device number 2 using
> xhci_hcd
> > [2793539.378837] usb 3-2: New USB device found, idVendor=0b95,
> > idProduct=1790
> > [2793539.378846] usb 3-2: New USB device strings: Mfr=1, Product=2,
> > SerialNumber=3
> > [2793539.378851] usb 3-2: Product: AX88179
> > [2793539.378856] usb 3-2: Manufacturer: ASIX Elec. Corp.
> > [2793539.378861] usb 3-2: SerialNumber: 50B61F4505
> > [2793540.800220] ax88179_178a 3-2:1.0 eth0: register 'ax88179_178a' at
> > usb-:00:14.0-2, ASIX AX88179 USB 3.0 Gigabit Ethernet,
> 00:50:b6:1f:45:05
> > [2793540.801218] usbcore: registered new interface driver ax88179_178a
> > [2793540.842186] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
> > [2793541.169959] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
> >
> > The link is not ready because I haven't connected an ethernet cable to
> the
> > adapter, nor an active device to the other end of the ethernet cable.
> > Note, in my case I see the ethernet interface is named eth0. Your mileage
> > may vary.
> >
> > On Tue, Jun 19, 2018 at 5:27 AM, Russell Senior <
> russ...@personaltelco.net>
> > wrote:
> >
> >> So, do you see the usbN interface or not?
> >>
> >> On Tue, Jun 19, 2018 at 5:12 AM, Richard Owlett 
> >> wrote:
> >>
> >>> On 06/19/2018 06:45 AM, Russell Senior wrote:
> >>>
>  Here is someone 10 years ago, using debian:
> 
> 
>  https://jonmccune.wordpress.com/2008/12/09/prolific-pl-25a1-
>  usb-to-usb-bridge-in-linux/
> 
> >>>
> >>> Now bookmarked. I read. It stated in part "... a new usbX network
> >>> interface (view with `ifconfig -a`)."
> >>> I tried and was given much - need to read up to understand what it
> tells
> >>> me.
> >>>
> >>> Then I read the rest of your post ;/
> >>>
> >>>
> >>>
>  What your distribution does (even if it is still Debian) might be
>  different
>  today, but it looks like it creates a network interface (usbN, in this
>  case).  Again, your mileage might vary, but the dmesg output should
> tell
>  you what 

Re: [PLUG] [OT ? ?? ???] Linux and computer literacy

[Tyrell Jentink]

Wow... He doesn't know what dmesg is, and you're throwing him straight into
pipes, tail, and less? What's wrong with just running a command naked?

This is how people get overwhelmed... And overwhelmed people start asking
questions like "How do I make my Linux system single-user?"

On Tue, Jun 19, 2018, 04:38 Russell Senior 
wrote:

> On Tue, Jun 19, 2018 at 4:22 AM, Richard Owlett 
> wrote:
>
> > On 06/18/2018 10:14 AM, Russell Senior wrote:
> >
> >> On Mon, Jun 18, 2018 at 2:55 AM, Richard Owlett 
> >> wrote:
> >> [snip]
> >>
> >>> You say "USB Master-USB Master" cable.  Which one?
> 
> 
> >>> I didn't buy online but from local computer store.
> >>> This page describes what I bought.
> >>> https://www.castleproductshop.com/products/Plugable-Windows-
> >>> Transfer-Cable-for-Windows-10-8-1-8-7-Vista-XP-Includes/588583685
> >>>
> >>>
> >> The description says, in part:
> >>
> >> "Supported by Linux kernel 3.0 and later as a high-speed virtual network
> >> interface, no special file transfer support."
> >>
> >> That implies the cable should provide a network interface to both sides.
> >>
> >> What happens when you plug it in?  Look in dmesg (near the bottom right
> >> after you plug it in) and you should see something that implies a
> network
> >> interface has been created.
> >>
> >
> > I found /usr/share/bash-completion/completions/dmesg dated last year.
> > It was not changed when I plugged or unplugged the cable.
> > HOWEVER, MATE's Network Icon never showed completion.
> > Am I looking in right place?
> >
>
> No, I mean run the dmesg command and look at the tail, something like this:
>
>  # dmesg | tail -n 20
>
> right after you have plugged in the cable.  The tail command prints only
> the (in this case) last 20 lines of output.  If you want to see more, you
> can pipe to less instead:
>
>   # dmesg | less
>
> ... and you can scroll around.
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Quick question on linux man page coverage

[Tyrell Jentink]

KD7TKJ... Although, I haven't done any of the things I'm supposed to do
since getting a vanity call, like update my APRS-IS and EchoLink
registrations, register the new domain name, or actually transmit...

I was really active in the community when I was studying at the University
of Nevada, but just haven't found a home in the ham community since moving
to Oregon :/

On Jun 17, 2018 19:01, "Chuck Hast"  wrote:

On Sun, Jun 17, 2018 at 5:58 PM, Tyrell Jentink  wrote:

> I'm occasionally surprised by man pages that say "This was written for
> Debian, as no man page existed..." Granted, I normally stumble on them in
> amateur radio contexts, and I blamed ham radio for being bad at
> documentation rather than Linux...
>

What is your call sign?

-- 

Chuck Hast  -- KP4DJT --
I can do all things through Christ which strengtheneth me.
Ph 4:13 KJV
Todo lo puedo en Cristo que me fortalece.
Fil 4:13 RVR1960

___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] [OT ? ?? ???] Linux and computer literacy

[Tyrell Jentink]

Kalispell's library has changed... A lot... Since I was last there. BUT, I
wasn't the only one to take note of their Linux based systems:
http://openoffice.blogs.com/openoffice/libraries/

As for Reno... It does look like Linux has continued to be a priority since
I was last paying attention:
https://www.washoecountylibrary.us/about/reports-files/Washoe%2520County%2520Library%2520Technology%2520Plan%2520Dec%25202013%2520final.pdf

But no one has talked about it... Searching their event listing for terms
like "OpenOffice," "Linux," and "FOSS" don't bring any current results, and
this was the most recent article I could find:
http://thisisreno.com/2010/02/library-schedules-open-source-software-information-sessions/

There is also a Library Freedom Project, promoting Linux in libraries.
https://libraryfreedomproject.org/gnulinuxinthelibrary/

There is also Koha, an enterprise-class library management software that is
both open source and runs on Linux: https://koha-community.org

A quick Google search suggests libraries all over the country offering all
kinds of classes and programs and attempts to save money using Linux...

I mean... A little bit of imagination and your favorite search engine
should be arsenal enough for you to blow yourself up with...

On Sun, Jun 17, 2018, 18:30 Richard Owlett  wrote:

> ROFL^^GRIN^^SNICKER
>
> Can you give me links?
> I intend to fight with a bureaucracy. Need ammo ;/
>
>
> On 06/17/2018 05:41 PM, Tyrell Jentink wrote:
> > I don't consider this to be off topic...
> >
> > But aren't you the one that lives (Several states) east of Estacada? How
> is
> > any advice I'm about to give going to help anyone? In light of that...
> >
> > The county libraries in Reno, NV offer classes in open source software.
> > Last I looked (Erm... Several years ago), it was "Mostly" OpenOffice.org
> > and Firefox literacy, but they promised to teach them on Linux
> machines...
> > So maybe it matured well.
> >
> > The county libraries in Kalispell, MT don't even HAVE windows computers
> > (Or, they didn't when I was last there, again, several years ago);
> > Everything was based on multiple terminal nodes plugged into central
> > servers running Linux (As early as 2006, no less!), And they also offered
> > classes...
> >
> > So... I guess if "libraries that know Microsoft has competition" are what
> > your after... Yes, they exist.
> >
> > On Sun, Jun 17, 2018, 15:29 Richard Owlett  wrote:
> >
> >> I have two questions I wish to discuss.
> >> Both likely push the limits of being "On Topic".
> >> Is there a forum on which either (preferably *BOTH*) would be "On
> Topic"?
> >>
> >> The more general question
> >>
> >> On my last visit to our local public library I picked up a glossy 16
> >> page four color brochure titled _Free Computer Training and Professional
> >> Development Resources_ .
> >>
> >> In that brochure the word "Mac" occurs twice. "Linux" *NEVER* occurs.
> >> Keyboarding skills are mentioned. They also ask the question "Does
> >> grammar matter?"
> >>
> >> Can anyone point me to a "library like" resource  recognizing that
> >> Micro$oft has competition?
> >>
> >> There has to be somebody with more "academic integrity".
> >>
> >> My second question has only a temporal relationship to above.
> >>
> >> For IDIOSYNCRATIC and weird local constraints I am working on networking
> >> *TWO* computers via a "USB MASTER-USB MASTER" cable. There are
> >> "cookbook"{sic/sick}" for "normal"(sic) users with ethernet.
> >>
> >> I've been asking questions on a distro specific list.
> >> The predominant response is *DON'T*
> >>
> >> Ignoring the *TRIVIAL* aspects of technical(sick) aspects
> >> I wish to do XYZ, That the rest of world does pqrz is *IRRELEVANT*
> >> I have already found *EDUCATIONAL* value in chosen path.
> >>
> >> Where may I ask *MY* questions without being told to "get lost"?
> >>
> >> TIA
> >>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Quick question on linux man page coverage

[Tyrell Jentink]

I'm occasionally surprised by man pages that say "This was written for
Debian, as no man page existed..." Granted, I normally stumble on them in
amateur radio contexts, and I blamed ham radio for being bad at
documentation rather than Linux...

But as a contradiction to my point... The 'sl' "utility" displays a steam
locomotive scrolling across your terminal window. It's cute. But it's
undocumented on most systems... So maybe it IS a Linux problem...

Anyway, my "Answer" is to use Google to search for man pages... More often
then not, it will bring up what I need.

On Sun, Jun 17, 2018, 15:51 logical american 
wrote:

> A brief question on sparse linux documentation for executable programs
>
> I did a survey of the 15,000+ executables on my openSuse Leap v42.3 OS
> which has about 8869 software packages loaded according to zypper, but
> 76% of them have no man page at all. I did find dozens of programs
> running, such as gvfs, which are intrinsic to the OS and some apparently
> embedded in the kernal, most running under systemctl control, but with
> no documentation.
>
> For openSuse Leap v42.3, it appears that the linux developers just want
> the product out the door and have not documented the /etc folder very well.
>
> Should we be concerned that 3/4 of the programs running on a linux OS do
> not have a man page?
>
> I was a bit surprised to find this rather high ratio. Is it surprising?
>
> Randall
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] [OT ? ?? ???] Linux and computer literacy

[Tyrell Jentink]

Oh... I guess I only answered one question...

To the second question: When you want to do something that no one else has
ever done, why would you expect anyone to know how to do it? If you want to
be the first, then go do that... But people who need their hands held don't
usually succeed in the undoable.

It's really not a "Computer literacy" issue... It's a "When you can't tell
who's in charge, it's probably you..." issue.

On Sun, Jun 17, 2018, 15:29 Richard Owlett  wrote:

> I have two questions I wish to discuss.
> Both likely push the limits of being "On Topic".
> Is there a forum on which either (preferably *BOTH*) would be "On Topic"?
>
> The more general question
>
> On my last visit to our local public library I picked up a glossy 16
> page four color brochure titled _Free Computer Training and Professional
> Development Resources_ .
>
> In that brochure the word "Mac" occurs twice. "Linux" *NEVER* occurs.
> Keyboarding skills are mentioned. They also ask the question "Does
> grammar matter?"
>
> Can anyone point me to a "library like" resource  recognizing that
> Micro$oft has competition?
>
> There has to be somebody with more "academic integrity".
>
> My second question has only a temporal relationship to above.
>
> For IDIOSYNCRATIC and weird local constraints I am working on networking
> *TWO* computers via a "USB MASTER-USB MASTER" cable. There are
> "cookbook"{sic/sick}" for "normal"(sic) users with ethernet.
>
> I've been asking questions on a distro specific list.
> The predominant response is *DON'T*
>
> Ignoring the *TRIVIAL* aspects of technical(sick) aspects
> I wish to do XYZ, That the rest of world does pqrz is *IRRELEVANT*
> I have already found *EDUCATIONAL* value in chosen path.
>
> Where may I ask *MY* questions without being told to "get lost"?
>
> TIA
>
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] [OT ? ?? ???] Linux and computer literacy

[Tyrell Jentink]

I don't consider this to be off topic...

But aren't you the one that lives (Several states) east of Estacada? How is
any advice I'm about to give going to help anyone? In light of that...

The county libraries in Reno, NV offer classes in open source software.
Last I looked (Erm... Several years ago), it was "Mostly" OpenOffice.org
and Firefox literacy, but they promised to teach them on Linux machines...
So maybe it matured well.

The county libraries in Kalispell, MT don't even HAVE windows computers
(Or, they didn't when I was last there, again, several years ago);
Everything was based on multiple terminal nodes plugged into central
servers running Linux (As early as 2006, no less!), And they also offered
classes...

So... I guess if "libraries that know Microsoft has competition" are what
your after... Yes, they exist.

On Sun, Jun 17, 2018, 15:29 Richard Owlett  wrote:

> I have two questions I wish to discuss.
> Both likely push the limits of being "On Topic".
> Is there a forum on which either (preferably *BOTH*) would be "On Topic"?
>
> The more general question
>
> On my last visit to our local public library I picked up a glossy 16
> page four color brochure titled _Free Computer Training and Professional
> Development Resources_ .
>
> In that brochure the word "Mac" occurs twice. "Linux" *NEVER* occurs.
> Keyboarding skills are mentioned. They also ask the question "Does
> grammar matter?"
>
> Can anyone point me to a "library like" resource  recognizing that
> Micro$oft has competition?
>
> There has to be somebody with more "academic integrity".
>
> My second question has only a temporal relationship to above.
>
> For IDIOSYNCRATIC and weird local constraints I am working on networking
> *TWO* computers via a "USB MASTER-USB MASTER" cable. There are
> "cookbook"{sic/sick}" for "normal"(sic) users with ethernet.
>
> I've been asking questions on a distro specific list.
> The predominant response is *DON'T*
>
> Ignoring the *TRIVIAL* aspects of technical(sick) aspects
> I wish to do XYZ, That the rest of world does pqrz is *IRRELEVANT*
> I have already found *EDUCATIONAL* value in chosen path.
>
> Where may I ask *MY* questions without being told to "get lost"?
>
> TIA
>
>
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Redhat Software jobs...

[Tyrell Jentink]

I'm just guessing here... But I doubt that they would REQUIRE an RHCE; At
the same time, though, I do imagine they would require more knowledge than
that required for LPI-1... Weather or not you can prove that knowledge
without a higher cert is a question only you can answer, but I do suspect
that RHCE would be a strong step in that direction.

While many  on this list disagree, I'm personally a big fan of
certificates... I went to Western Governor's University, and they more or
less build their degrees out of professional certifications; My takeaway
there in is that a pile of certs is as valuable as a degree by itself.

But regardless of resume padding... It is my understanding that a well
populated GitHub is as valuable as anything on your resume... In fact, I
hear rumors from time to time that a project on your GitHub can be enough
on it's own to get a job: "Oh, we like your project, how would you like to
be sponsored for bug fixes?" Then, "Oh, nice patches! Would you like to
help with {project X}." In that case, said individual never even applied...
Much less had a job announcement.

I don't know what advice to derive from that.

On Sun, Jun 17, 2018, 10:09 michael  wrote:

> I hear that Redhat hires programmers to work remotely.  Do I need an
> RHCE to get a job at Redhat?  I'm currently in Rochester, MN where I
> hear that there is a satellite office in Minneapolis.  I haven't had any
> luck finding job offers at Redhat though :-(  I have a lot of informal
> experience with Redhat Linux and I have an LPI Level 1 Linux
> certification.
>
>   -- Michael Robinson
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Linux centralized authentication

[Tyrell Jentink]

OK, first off... A google search for 'site:linuxschools.com oswego' and for
'karoshi server "Oswego"' brought up nothing... So my crude guess is that "
What happened" was that they had nothing to do with it? On the other hand,
maybe they were successful in ridding any reference from the internet?

Second off... The product that is promoted at linuxschools.com is called
Karoshi Server and Karoshi Client. It also seems to be actively maintained,
with the latest github commit 18 hours ago. So... Nothing "happened" to it?

Third... LOSD uses Blackboard for their CMS, grade books, and school
management... And they use Google Apps for Education for email and
colaberation... and most (All?) of the staff uses PCs... While its fully
within the realm of possibility that they could use an open source
authentication system, they don't seem too afraid of using expensive
proprietary providers in general, and I really don't see the IT director
sacrificing Group Policy on Windows workstations...

My pessimism and criticism of simple words aside, it looks promising. A
shortcoming of FreeIPA when compared to Active Directory is the lack of
Group Policy; The limitation really comes from the fact that Linux clients
have never been asked to follow a centralized policy, so there isn't a
standard. FreeIPA approximates some of it with Sudo lists and Host Based
Access Control, but a real solution would require a REAL client. Maybe
Karoshi provides that? But its not on the feature list, so maybe not...

On Thu, May 3, 2018, 06:49 Ken Stephens <kennethgsteph...@gmail.com> wrote:

> What ever happened to the Lake Oswego Linux School System.  Wasn't that a
> Server/Workstation distribution?
>
> https://www.linuxschools.com/forum/index-main.php
>
>
> Ken
>
> On Wed, May 2, 2018 at 8:25 PM, Tyrell Jentink <tyr...@jentink.net> wrote:
>
> > I'm using FreeIPA here at home; As a product, it's really just a bunch of
> > scripts and a web interface for LDAP+Kerberos+Certificate
> management+Samba;
> > It aims to be a complete identity management system, a product designed
> to
> > compete with (Or at the very least, perform an analogous set of tasks to)
> > ActiveDirectory. It is completely open source, developed by Red Hat, for
> > Fedora, and I use it on CentOS, but it is available for a number of other
> > distros.
> >
> > (Full disclosure: I do happen to use ActiveDirectory to store my user
> > accounts, and FreeIPA authenticates through an AD Interforest Trust, but
> > that's far from a requirement, and it probably causes me more grief than
> > many admins would tolerate)
> >
> > As for reading, I learned everything I know from their documentation:
> > https://www.freeipa.org/page/Documentation
> >
> >
> > On Wed, May 2, 2018, 20:01 Thomas Groman <tgrom.autom...@nuegia.net>
> > wrote:
> >
> > > Do you have any book or other resource recommendations for setting
> these
> > > up? I already do sysadmin work, just never done centralized auth
> before.
> > >
> > >
> > > On 05/02/2018 07:53 PM, Tomas Kuchta wrote:
> > > > The easiest is to pick LDAP or NIS, both work very well on Linux.
> With
> > or
> > > > without Kerberos for local small setup.
> > > >
> > > > NIS with NFS for file sharing would be probably the simplest setup,
> but
> > > you
> > > > will eventually wish you had LDAP for integration with various other
> > > > services.
> > > >
> > > > LDAP + Kerberos + NFS is probably the most common and extensible
> > > solution.
> > > > You will absolutely need local DNS and NTP to get it going, but it is
> > > well
> > > > integrated extensible solution.
> > > >
> > > > Another option would be to uses Samba - it combines LDAP + Kerberos,
> so
> > > it
> > > > has less moving parts and can accept Windows hosts without much
> > headache,
> > > > compared to LDAP and Kerberos.
> > > >
> > > > For both solution, you might need some enterprise admin to help
> setting
> > > it
> > > > up. If well and simply setup, it is not difficult to maintain and
> > manage.
> > > > IMHO
> > > >
> > > > Tomas
> > > >
> > > > On Wed, May 2, 2018, 5:36 PM Smith, Cathy <cathy.sm...@pnnl.gov>
> > wrote:
> > > >
> > > >> There used to be dns, ldap, kerberos, nis.  These are open source
> > > >> protocols and not restricted to Microsoft.
> > > >>
> > > >>
> > > >> --
> > &

Re: [PLUG] Linux centralized authentication

[Tyrell Jentink]

I'm using FreeIPA here at home; As a product, it's really just a bunch of
scripts and a web interface for LDAP+Kerberos+Certificate management+Samba;
It aims to be a complete identity management system, a product designed to
compete with (Or at the very least, perform an analogous set of tasks to)
ActiveDirectory. It is completely open source, developed by Red Hat, for
Fedora, and I use it on CentOS, but it is available for a number of other
distros.

(Full disclosure: I do happen to use ActiveDirectory to store my user
accounts, and FreeIPA authenticates through an AD Interforest Trust, but
that's far from a requirement, and it probably causes me more grief than
many admins would tolerate)

As for reading, I learned everything I know from their documentation:
https://www.freeipa.org/page/Documentation


On Wed, May 2, 2018, 20:01 Thomas Groman  wrote:

> Do you have any book or other resource recommendations for setting these
> up? I already do sysadmin work, just never done centralized auth before.
>
>
> On 05/02/2018 07:53 PM, Tomas Kuchta wrote:
> > The easiest is to pick LDAP or NIS, both work very well on Linux. With or
> > without Kerberos for local small setup.
> >
> > NIS with NFS for file sharing would be probably the simplest setup, but
> you
> > will eventually wish you had LDAP for integration with various other
> > services.
> >
> > LDAP + Kerberos + NFS is probably the most common and extensible
> solution.
> > You will absolutely need local DNS and NTP to get it going, but it is
> well
> > integrated extensible solution.
> >
> > Another option would be to uses Samba - it combines LDAP + Kerberos, so
> it
> > has less moving parts and can accept Windows hosts without much headache,
> > compared to LDAP and Kerberos.
> >
> > For both solution, you might need some enterprise admin to help setting
> it
> > up. If well and simply setup, it is not difficult to maintain and manage.
> > IMHO
> >
> > Tomas
> >
> > On Wed, May 2, 2018, 5:36 PM Smith, Cathy  wrote:
> >
> >> There used to be dns, ldap, kerberos, nis.  These are open source
> >> protocols and not restricted to Microsoft.
> >>
> >>
> >> --
> >> Cathy L. Smith
> >> IT Engineer
> >>
> >> Pacific Northwest National Laboratory
> >> Operated by Battelle for the
> >> U.S. Department of Energy
> >>
> >> Phone: 509.375.2687
> >> Fax:   509.375.4399
> >> Email: cathy.sm...@pnnl.gov
> >>
> >>
> >>
> >> -Original Message-
> >> From: plug-boun...@pdxlinux.org [mailto:plug-boun...@pdxlinux.org] On
> >> Behalf Of Thomas Groman
> >> Sent: Wednesday, May 02, 2018 5:16 PM
> >> To: plug@pdxlinux.org
> >> Subject: [PLUG] Linux centralized authentication
> >>
> >> Has anyone ever made a 100% UNIX/BSD/Linux network with centralized
> >> authentication? Using native protocols not some sort of strange
> Microsoft
> >> AD mesh thing.
> >> I wanted to build a hacker-space for a school and since it would be
> >> starting from scratch there's no reason to get locked in to a Microsoft
> >> product from the start. Also the Microsoft's protocols are not open
> source
> >> and hard to debug. They never really work well with UNIX like operating
> >> systems requiring id/group mapping and such.
> >> ___
> >> PLUG mailing list
> >> PLUG@pdxlinux.org
> >> http://lists.pdxlinux.org/mailman/listinfo/plug
> >> ___
> >> PLUG mailing list
> >> PLUG@pdxlinux.org
> >> http://lists.pdxlinux.org/mailman/listinfo/plug
> >>
> > ___
> > PLUG mailing list
> > PLUG@pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
>
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Having trouble with MS-DFS still...

[Tyrell Jentink]

On Wed, Apr 4, 2018, 11:08 michael  wrote:

> I have one instance of Windows Server 2012 R2 180 day trial running in
> Virtualbox
> on top of CentOS 7.
>

That should work...

Do I need two to three instances of Windows 2012 R2 to implement DFS
> properly?


Probably not for the tests you are running... I mean, replication is
probably Windows Server only, but that's not critical to verifying that
Samba clients can connect...

There are plenty of Windows 10 computers in the office, can the DFS
> server reference
> a single share across two Windows 10 systems?
>

Probably...? I didn't see anything that specifies any requirements of the
Target folders.  If you aren't using replication, I don't even see a reason
why a Samba server can't be a Target... Of course, one could simply try...

Do I need to bridge Windows Server 2012 R2 or is the default NAT that
> virtual box
> does good enough?  Can I set a different IP address when I bridge?  The
> Linux box is
> on 192.168.1.2, I don't want the Windows Server to share that IP
> address.  I want the
> Windows box to be on 192.168.1.xxx.
>

The clients have to be able to ping the DFS server. I imagine it could be
done despite NAT, but I would want everyone on the same subnet, same
broadcast domain, same NAT layer...

How do I implement Active directory?  I apparently have to use Active
> directory if I'm
> going to implement MS-DFS.
>

I don't think that Active Directory is a strict requirement... The example
in the How To is in Directory mode, but it says a Stand-Alone mode is
available...

On the other hand... If the original system in question is in
ActiveDirectory, then all of the clients will have to be in ActiveDirectory
as well, and that may be part of your problem...

Other than that, can I use a samba server to replace a Windows server if
> I have to have
> multiple servers?
>

I think that's what the server oriented discussion on the aforementioned
Samba wikis was talking about...
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Having trouble with MS-DFS still...

[Tyrell Jentink]

I'm not convinced there IS anything different on the client side... The
whole point of DFS seems to be to abstract away all of the client side
complications that come with multiple SMB servers in an Enterprise. In
other words... It appears to be an entirely server-side solution.

OK, I am going to have to suggest a very not-Unix next step: You're gonna
have to set up a Windows Server lab...

I have a Windows Server 2008 license lying around, and I know Microsoft
offers free trial WS2008 images on their website, so this is going to be
focused on that... Although, I'm sure Google can help find similar guides
for other Windows versions...

First, here's a nice Microsoft blog introducing the idea at hand:
https://blogs.technet.microsoft.com/josebda/2009/03/10/the-basics-of-the-windows-server-2008-distributed-file-system-dfs/

Then read the TechNet:
http://technet.microsoft.com/en-us/library/cc753479.aspx

Then use this step-by-step to setup a virtual swarm of Windows servers:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc737358(v=ws.10)

Then set up a nice clean Windows 8 install with a free trial license, and
connect to it... My GUESS is that it will connect exactly the same as it
would to a single server... I may also expect the client to connect to the
individual "Target folders" directly if they so choose... I don't know how
to block them.

Once you confirm that works... Then set up a nice clean Linux image and
repeat the tests. I would expect it to also connect without noticable
difference to connecting to a single SMB server. You may also be able to
connect to individual "Target Shares" directly. Again, no idea how to block
that...

I would try it all myself, cuz this looks kinda neat, but I don't like the
idea of using Windows in a production environment, so I guess it doesn't
look REALLY neat... So it's hard to motivate myself :/

On Tue, Apr 3, 2018, 07:48 michael  wrote:

> I tried googling for MS-DFS client and got a ton of information about
> setting up Samba as a DFS server, but nothing about being a client.
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] What is Microsoft DFS???

[Tyrell Jentink]

If your friend has been aggressively googling, they have probably already
seen both the Wikipedia page and the Samba wiki page on the subject, but
for anyone else stumbling on this in the future:

Wikipedia says that in Samba contexts, the technology in question is called
"MSDFS." Googling that produces the Samba wiki page here:
https://wiki.samba.org/index.php/Distributed_File_System_(DFS)

>From there, I'm not seeing anything "special" for the client side... Just
lots and lots of discussion about the server side and it's limitations. And
not being experienced myself...

Anyway, maybe the terms "MSDFS" and "MS-DFS" and "Samba user space project"
will help find something...

On Sun, Apr 1, 2018, 09:45 michael  wrote:

> Apparently, it has something to do with multiple Windows servers and
> Samba.
>
> My friend has not been able to connect to a DFS share from a Raspberry
> Pi running Debian 9.
>
> The hostname apparently resolves though.
>
> There is a Redhat note on DFS, but that doesn't seem to cover the
> problem.
>
> He has been googling for hours and the install is supposed to be
> tonight.
> ___
> PLUG mailing list
> PLUG@pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Gaming graphics cards?

[Tyrell Jentink]

Hello all,

I am not a gamer... But I have games I like. Luckily, one of my favorite
game franchises, Unreal Tournament, has a long history of Linux support.

The latest game engine in the Unreal lineup, Unreal Engine 4, is open
source... Proprietary, covered by restrictive terms, but available to the
public without licensing fees... So "Open" none the less. And it compiles
on Linux.

OK, but here's the "Weird" part: I'm a Linux server admin, not a gamer... I
have servers with many times the processor and RAM resources I need, but I
don't have any modern desktop hardware. All my IT resources go to the
server farm, because that's what benefits the family most, and I have no IT
budget. SO, I am going for the illustrious and ever elusive Virtual Gaming
Computer... Virtualizing (probably) Ubuntu in a KVM virtual machine,
passing the graphics card directly into the VM using PCI passthrough, and
give it 12 virtual processor cores and 24GB of RAM, and see what it can
do...

But, I need a graphics card. I am looking for a gaming graphics card to
play Unreal Tournament 4 with. It doesn't have to be the latest and
greatest, in fact even devices as old as the Radeon 6870 HD and the GeForce
470 GTX meet Epic Game's requirements. It does need to fit in a server
case, but that doesn't necessarily mean low profile; They plug into a riser
board, but I'm sure bigger cards exist that won't fit; it probably
shouldn't be PCI-E x16 (I have the channels available, but I would need a
different riser board... x8 would just be easier to deal with), it doesn't
need to be a workhorse, but it should probably have 2GB of RAM and a fairly
wide memory interface, and it should support DirectX 12 (As a baseline, not
as a direct requirement... I'm obviously not using DirectX in Linux).
Meanwhile, as a virtualization environment, the board will be rendering the
graphics and passing them back to the main CPU, rather than passing them to
a display... so memory and interface speed is a priority over caring about
output types or counts, my lack of PCI-E channels not withstanding. I think
these requirements eliminate most of the newest high end cards... And most
of the lower end cards... But should leave room in slightly older high end
cards... The kind gamers would be getting rid of. Also, the kind that have
recently been rendered useless for Etherum mining.

A quick search on Newegg suggests some of the lower end GeForce GT 1030s
and the like can be had sub-$150 and will likely meet my needs... But are
also a bit more than I hoped to spend.

I know that the general advice on this front is freegeek, and I haven't
checked with them yet, and plan to... But it doesn't hurt to ask anyway.

Alright... With that excess of background and potentially faulty logic out
of the way: Suggestions, go!

--
Tyrell Jentink
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug