Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
Regards, George Toft On 7/5/2024 5:43 AM, techli...@phpcoderusa.com wrote: On 2024-07-05 00:23, George Toft wrote: Had a chance to casually ask about the washed check thing today. Big eye-roll. Police report. Affidavits. Close the checking account. Big investigation. Sounds like a PITA. Regards, George Toft I just want to approach this in a way that I have reasonably safe bank transactions. I almost feel I need to learn cyber security. Thank you for all your feedback!! BINGO!!! "Reasonably safe" is the fundamental goal post that we seek. What is one's risk appetite for any endeavor? There is no such thing as 0% loss. Obviously 100% loss is a non-starter. So somewhere in between is our goal. I won't beleaguer the list anymore, but this is the fundamentals of risk analysis, which is what I do at work. An on-topic example: In the not-Sudo solution we have, we discovered one application that would not work with it. One app - 6 servers out of 50,000 servers. Do I risk the 50,000 servers to make not-Sudo work on 6 when the original configurator made a fundamental programming error? No - we accept the risk. Actually, I'm now stuck with that misconfiguration without executing a ton of regression testing which would take months just to distill a reasonable test set, and my management isn't going to support spending thousands of salary dollars on something this trivial. Lastly, the 7 banks that own Zelle are getting hauled in to talk to Congress about their "acceptable fraud rate." They cheerfully announce they have less than 0.1% fraud rate. These huge banks don't care about 0.1% - that's acceptable. But if 0.1% of all e-mail you receive got through the filters and infected your system, that becomes another story. Peace. On 7/4/2024 3:14 PM, techli...@phpcoderusa.com wrote: Thanks George!! Lot s to think about. On 2024-07-04 14:23, George Toft wrote: Regards, George Toft On 7/4/2024 6:50 AM, techli...@phpcoderusa.com wrote: Thank you so much George!! Another Question. I was a police officer in the 80's and 90's. During my tenure the bank was on the hook for any criminal acts as long as the customer was not negligent. I only dealt with this on a couple occasional. So If someone gets access to my online banking and I report it in a timely manner, or if someone washes one of my checks and I report it in a timely manner, is the bank on the hook or am I? There are a ton of rules with more acronyms than the IT world has. I would love to tell you what I understand, but I'd be talking out my ass. BTW I thought going old school was the most secure. I do not trust the Internet. My daily driver is a Linux Box and I do not use my cellular phone for anything except to talk and read some news. I am semiretired and have home officed for a long time. Not sure there is any magic incantation that I can say that would put you at ease, other than "Risk Analysis," "Government Regulation," "Audit and Reviews," "Compliance," "Controls and Countermeasures," and "Fines." We have to comply with a bazillion rules all designed to protect you, the bank customer. Some regions are really strict and their governments show they really care, like the EU - their rules are so restrictive. Here's an example: You cannot log into a server that serves the EU if Payment Card Information (PCI) is involved with the same user ID that you used to log into your work station. This prevents lateral movement from an insider attack should the attacker get an employee's credentials or Kerberos TGT (Hey!!! It's now on-topic!!!) . This is just an example. We have external inspectors and government auditors on site almost every two weeks making us prove compliance with all the rules, and the bigger we get, the more rules and more regulatory auditors we get to talk to. We actually have two people on my team of 27 whose job used to be project management, now is audit and compliance. All of this to protect you. Let's not forget about the Security Operations Center monitoring employee activities. Refer to the GTFOBins email from yesterday. I documented a chained attack to get root based on that page, and the SOC came knocking saying "George, we noticed suspicious activity on this server and this date. Whatcha doin'?" Fortunately, I documented everything and emailed it to my manager, so all I had to do was forward that back to the SOC. Mail scares me. I had to send my LEA ID in recently via USPS. I'm hoping they got it. Any suggestions are appreciated. On 2024-07-03 21:48, George Toft wrote: Sorry, Kieth, I have bad news for you. You took a 30+ year leap backwards in security. I can tell you for certain, from my bank fraud analyst friend (just got promoted to financial crimes investigator), checks are the second most insecure way of transferring money, first be
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
Had a chance to casually ask about the washed check thing today. Big eye-roll. Police report. Affidavits. Close the checking account. Big investigation. Sounds like a PITA. Regards, George Toft On 7/4/2024 3:14 PM, techli...@phpcoderusa.com wrote: Thanks George!! Lot s to think about. On 2024-07-04 14:23, George Toft wrote: Regards, George Toft On 7/4/2024 6:50 AM, techli...@phpcoderusa.com wrote: Thank you so much George!! Another Question. I was a police officer in the 80's and 90's. During my tenure the bank was on the hook for any criminal acts as long as the customer was not negligent. I only dealt with this on a couple occasional. So If someone gets access to my online banking and I report it in a timely manner, or if someone washes one of my checks and I report it in a timely manner, is the bank on the hook or am I? There are a ton of rules with more acronyms than the IT world has. I would love to tell you what I understand, but I'd be talking out my ass. BTW I thought going old school was the most secure. I do not trust the Internet. My daily driver is a Linux Box and I do not use my cellular phone for anything except to talk and read some news. I am semiretired and have home officed for a long time. Not sure there is any magic incantation that I can say that would put you at ease, other than "Risk Analysis," "Government Regulation," "Audit and Reviews," "Compliance," "Controls and Countermeasures," and "Fines." We have to comply with a bazillion rules all designed to protect you, the bank customer. Some regions are really strict and their governments show they really care, like the EU - their rules are so restrictive. Here's an example: You cannot log into a server that serves the EU if Payment Card Information (PCI) is involved with the same user ID that you used to log into your work station. This prevents lateral movement from an insider attack should the attacker get an employee's credentials or Kerberos TGT (Hey!!! It's now on-topic!!!) . This is just an example. We have external inspectors and government auditors on site almost every two weeks making us prove compliance with all the rules, and the bigger we get, the more rules and more regulatory auditors we get to talk to. We actually have two people on my team of 27 whose job used to be project management, now is audit and compliance. All of this to protect you. Let's not forget about the Security Operations Center monitoring employee activities. Refer to the GTFOBins email from yesterday. I documented a chained attack to get root based on that page, and the SOC came knocking saying "George, we noticed suspicious activity on this server and this date. Whatcha doin'?" Fortunately, I documented everything and emailed it to my manager, so all I had to do was forward that back to the SOC. Mail scares me. I had to send my LEA ID in recently via USPS. I'm hoping they got it. Any suggestions are appreciated. On 2024-07-03 21:48, George Toft wrote: Sorry, Kieth, I have bad news for you. You took a 30+ year leap backwards in security. I can tell you for certain, from my bank fraud analyst friend (just got promoted to financial crimes investigator), checks are the second most insecure way of transferring money, first being putting the money in the envelope. They helped the USPS bust a fraud ring who worked in the Post Office - fraudsters were pulling checks out of envelopes inside the local Post Office. My friend pulled out all the details for the Postmaster General. ACH is free (for you) and secure and guaranteed by the originator as they are on the hook to prove the identity of who initiated the transaction and they have to pay. It's all very complicated, and I'm not going into details here. I use ACH all the time. My physical devices have multi-layer physical protection. Logical access control is in-place. Both have multi-factor authentication. Password resets require multi-factor authentication. And the DoD is worse - their systems have so many layers, it was easier to just let my account get deleted from lack of use and rebuilt it from scratch. I have notes that tell me screen-by-screen what to put in each box and which ones to ignore. It's so secure, legitimate users can't even get in... and this is just my health insurance. Where all of this can break down - getting on topic - is with the SSH protocol and web proxies. When you connect to a website using HTTPS using a web proxy, your web browser uses it's cert to set up the connection, or so it thinks. What's really happening is the proxy is responding to the request and decrypting the message, then it forms a new request and sends it to the bank, which believes the proxy and sends it back. Everything gets decrypted on the proxy, so whoever has admin access to the proxy can see everything. Kinda like opening envelo
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
IMHO, Y'all are brave. Regards, George Toft On 7/3/2024 11:31 PM, Steve Litt via PLUG-discuss wrote: Keith Smith via PLUG-discuss said on Wed, 03 Jul 2024 06:21:25 -0700 On 2024-07-02 18:20, George Toft via PLUG-discuss wrote: I work for a bank, and you would be amazed at how much security is baked into the connecting your browser to their web servers. Makes the NSA look like freshmen. And no, I'm not telling you who I work for. Regards, George Toft I'd like to hear more. The world is a hostile place. I recently went old school. I asked the bank to disarm my online banking. I now deal with paper statements and everything gets paid by check. Not as convenient as on-line banking, however I am hoping it makes my world a little bit more secure. I did the exact same thing decades ago. SteveT Steve Litt http://444domains.com --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
Regards, George Toft On 7/4/2024 6:50 AM, techli...@phpcoderusa.com wrote: Thank you so much George!! Another Question. I was a police officer in the 80's and 90's. During my tenure the bank was on the hook for any criminal acts as long as the customer was not negligent. I only dealt with this on a couple occasional. So If someone gets access to my online banking and I report it in a timely manner, or if someone washes one of my checks and I report it in a timely manner, is the bank on the hook or am I? There are a ton of rules with more acronyms than the IT world has. I would love to tell you what I understand, but I'd be talking out my ass. BTW I thought going old school was the most secure. I do not trust the Internet. My daily driver is a Linux Box and I do not use my cellular phone for anything except to talk and read some news. I am semiretired and have home officed for a long time. Not sure there is any magic incantation that I can say that would put you at ease, other than "Risk Analysis," "Government Regulation," "Audit and Reviews," "Compliance," "Controls and Countermeasures," and "Fines." We have to comply with a bazillion rules all designed to protect you, the bank customer. Some regions are really strict and their governments show they really care, like the EU - their rules are so restrictive. Here's an example: You cannot log into a server that serves the EU if Payment Card Information (PCI) is involved with the same user ID that you used to log into your work station. This prevents lateral movement from an insider attack should the attacker get an employee's credentials or Kerberos TGT (Hey!!! It's now on-topic!!!) . This is just an example. We have external inspectors and government auditors on site almost every two weeks making us prove compliance with all the rules, and the bigger we get, the more rules and more regulatory auditors we get to talk to. We actually have two people on my team of 27 whose job used to be project management, now is audit and compliance. All of this to protect you. Let's not forget about the Security Operations Center monitoring employee activities. Refer to the GTFOBins email from yesterday. I documented a chained attack to get root based on that page, and the SOC came knocking saying "George, we noticed suspicious activity on this server and this date. Whatcha doin'?" Fortunately, I documented everything and emailed it to my manager, so all I had to do was forward that back to the SOC. Mail scares me. I had to send my LEA ID in recently via USPS. I'm hoping they got it. Any suggestions are appreciated. On 2024-07-03 21:48, George Toft wrote: Sorry, Kieth, I have bad news for you. You took a 30+ year leap backwards in security. I can tell you for certain, from my bank fraud analyst friend (just got promoted to financial crimes investigator), checks are the second most insecure way of transferring money, first being putting the money in the envelope. They helped the USPS bust a fraud ring who worked in the Post Office - fraudsters were pulling checks out of envelopes inside the local Post Office. My friend pulled out all the details for the Postmaster General. ACH is free (for you) and secure and guaranteed by the originator as they are on the hook to prove the identity of who initiated the transaction and they have to pay. It's all very complicated, and I'm not going into details here. I use ACH all the time. My physical devices have multi-layer physical protection. Logical access control is in-place. Both have multi-factor authentication. Password resets require multi-factor authentication. And the DoD is worse - their systems have so many layers, it was easier to just let my account get deleted from lack of use and rebuilt it from scratch. I have notes that tell me screen-by-screen what to put in each box and which ones to ignore. It's so secure, legitimate users can't even get in... and this is just my health insurance. Where all of this can break down - getting on topic - is with the SSH protocol and web proxies. When you connect to a website using HTTPS using a web proxy, your web browser uses it's cert to set up the connection, or so it thinks. What's really happening is the proxy is responding to the request and decrypting the message, then it forms a new request and sends it to the bank, which believes the proxy and sends it back. Everything gets decrypted on the proxy, so whoever has admin access to the proxy can see everything. Kinda like opening envelopes in the mail room :) Disclaimer: This is what some networking guys told me in a presentation about 10 years ago. In summary, ACH is safe if you do it from home without a proxy. Of course "safe" is relative, but it's safer than checks in the mail. Drop into your bank and ask the branch manager, or call their custom
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
Thanks for the explanation - no argument here. I was hoping for a link from RH that I could pass on to my Staff Architect. Right now I'm battling the next three layers of manglement above me "to please OMG don't try to convert back to sudo." I have layer #1 mostly convinced. Silly managers think we can take 15 years of local engineering, rip it out, and plug in an OTS replacement. Sure, if you're willing to spend 2 man-years of effort and fail current audit requirements because sudo can't block what the Red Team told us to prevent. I figured out why managers disappear for a couple weeks after promotion - it's to recover from their lobotomy. You would be amazed at how many vendors ship products that: chmod 777 output files, or have the file perms defined in the RPM as 666 or 777, or create files in /tmp. Pretty sad. Since we're on the topic of rooting a box, here's a project I've been working on: https://gtfobins.github.io/ - it lists 390 ways to read files with privilege or outright spawn a root shell. Now I have customized the company's PAM solution to block almost all of them (rest to be completed soon). Before local re-engineering, you could say sudo systemctl and get a root shell (see https://gtfobins.github.io/gtfobins/systemctl/). We have blocked that. The user must specify exactly what parameters they need for systemctl. And that's where I get to be the BOFH - LOL. Poke around the GTFO website - some of the attacks are pretty obvious - some are pretty ingenious. Note I used sudo above - we have a wrapper that converts sudo syntax to and then invokes the . In 99.9% of the cases over the last several years, works just like sudo and the wrapper works flawlessly. Regards, George Toft On 7/3/2024 4:40 PM, Ryan Petris wrote: I personally detest sudo because it's like chmod 777 * - makes everything work so much better Please, please, PLEASE! I beg of you! Please do not chmod 777 stuff! This is even worse! You're just allowing all users to modify said files tearing down any kind of privilege separation there might be. There is /always/ a better solution. why RH thinks sudo is bad. The reason why it's bad is a combination of things: 1. It's an executable with the suid bit set, and thus the binary itself runs as root whenever you run it. Therefore, any kind of vulnerability in the application is a possible privilege escalation. 2. It has so many different rules and whatnot that it could be easily misconfiguration to allow people sudo access that shouldn't have it. This is why "doas" came to be; it's still an suid executable but has a much smaller ruleset and therefore is much smaller which is a smaller footprint for exploitation. IMO, the even better solution is the the new "run0" command, or "systemd-run", which solves both issues. It's /not/ an suid executable and therefore bugs in the application won't result in a privilege escalation, and polkit is used to determine who is authorized which is very robust and allows for better configuration than sudo. Systemd itself then starts a new root process in a separate cgroup just as any other service or user environment. On Tue, Jul 2, 2024, at 7:05 PM, George Toft via PLUG-discuss wrote: Okay, I now come begging for more information on why RH thinks sudo is bad. But first a little background... Where I work, the first thing we do is remove sudo and replace it with a shell script that calls our centralized Privileged Access Management (PAM) system (not naming vendor). The use of sudo requires and exception and review and is not permanent. So I'm very versed on the principles and implementation of PAM. Last year our Staff Architect asked me to compare and contrast sudo against . Side-by-side, feature-by-feature, I did so, based on our POC's on Red Hat Identity Manager (IdM), which uses sudo, and locally engineered solutions. I personally detest sudo because it's like chmod 777 * - makes everything work so much better, and software vendors can just drop in their own sudo rules in /etc/sudoers.d/ and make magic happen without you ever knowing what happened. Several times we've had to convert some vendor's sudo rules to our own system's rules, and I ask the vendor "Why do you have this rule?" Their answer: "We don't know." OFFS :( As far as sudo goes, it is included in the Center for Internet Security's (CIS) Benchmarks, which is the embodiment of the information security industry's best practices. I did some work for them for a couple years, and every change (add/mod/delete) required consensus approval from 80 organizations around the world, including thee letter agencies in the US and abroad. Many/most auditors expect financial institutions to follow this guide, or explain convincingly why not. So every six months, we get to say: "We don't use sudo. Instead, we do this." And then we get to do live demos of timed p
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
Regards, George Toft On 7/3/2024 5:57 AM, techli...@phpcoderusa.com wrote: On 2024-07-02 19:05, George Toft via PLUG-discuss wrote: Okay, I now come begging for more information on why RH thinks sudo is bad. But first a little background... Where I work, the first thing we do is remove sudo and replace it with a shell script that calls our centralized Privileged Access Management (PAM) system (not naming vendor). The use of sudo requires and exception and review and is not permanent. So I'm very versed on the principles and implementation of PAM. Last year our Staff Architect asked me to compare and contrast sudo against product>. Side-by-side, feature-by-feature, I did so, based on our POC's on Red Hat Identity Manager (IdM), which uses sudo, and locally engineered solutions. I personally detest sudo because it's like chmod 777 * - makes everything work so much better, and software vendors can just drop in their own sudo rules in /etc/sudoers.d/ and make magic happen without you ever knowing what happened. Several times we've had to convert some vendor's sudo rules to our own system's rules, and I ask the vendor "Why do you have this rule?" Their answer: "We don't know." OFFS :( As far as sudo goes, it is included in the Center for Internet Security's (CIS) Benchmarks, which is the embodiment of the information security industry's best practices. I did some work for them for a couple years, and every change (add/mod/delete) required consensus approval from 80 organizations around the world, including thee letter agencies in the US and abroad. Many/most auditors expect financial institutions to follow this guide, or explain convincingly why not. So every six months, we get to say: "We don't use sudo. Instead, we do this." And then we get to do live demos of timed privileged access. Haven't had a follow-on question in the last 8 years. >>> (OT: I cringe at referring to CIS because of their collusion with the Arizona Secretary of State and the Department of Homeland Security to suppress people's First Amendment Right to Free Speech. Proof is in the Elon Musk Twitter Dump. I do not have a copy of the email on my computer. I generally don't tell people I did work for them - it's so embarrassing. Effing Ratbastards.) So tell us more, please. https://nclalegal.org/wp-content/uploads/2022/09/Joint-Statement-on-Discovery-Disputes-Combined.pdf search for "PageID #: 2793" Other than to say Free Speech is like Free Software - must be cherished. Whether the speech/software is useful is up to the consumer, not the government. End of Line. So... back to the original question, as I was not able to find anything saying Red Hat discourages sudo, nor was my favorite AI. Please toss me a cookie... Regards, George Toft On 6/26/2024 12:23 PM, Rusty Carruth via PLUG-discuss wrote: Actually, I'd like to start a bit of a discussion on this. First, I know that for some reason RedHat seems to think that sudo is bad/insecure. I'd like to know the logic there, as I think the argument FOR using sudo is MUCH stronger than any argument I've heard (which, admittedly, is pretty close to zero) AGAINST it. Here's my thinking: Allowing users to become root via sudo gives you: - VERY fine control over what programs a user can use as root - The ability to remove admin privs (ability to run as root) from an individual WITHOUT having to change root password everywhere. Now, remember, RH is supposedly 'corporate friendly'. As a corporation, that 2nd feature is well worth the price of admission, PLUS I can only allow certain admins to run certain programs? Very nice. So, for example, at my last place I allowed the 'tester' user to run fdisk as root, because they needed to partition the disk under test. In my case, and since the network that we ran on was totally isolated from the corporate network, I let fdisk be run without needing a password. Oh, and if they messed up and fdisk'ed the boot partition, it was no big deal - I could recreate the machine from scratch (minus whatever data hadn't been copied off yet - which would only be their most recent run), in 10 minutes (which was about 2 minutes of my time, and 8 minutes of scripted 'dd' ;-) However, if the test user wanted to become root using su, they had to enter the test user password. So, back to the original question - setting sudo to not require a password. We should have asked, what program do you want to run as root without requiring a password? How secure is your system? What else do you use it for? Who has access? etc, etc, etc. There's one other minor objection I have to the 'zero defense' statement below - the malicious thing you downloaded (and, I assume ran) has to be written to USE sudo in its attempt to break in, I believe, or it wouldn't matter HOW open your sudo was. (simply saying 'su - myscript' won't
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
I did say "not naming vendor." Trade secret. We don't discuss our
vendors. Sorry, Mike.
Regards,
George Toft
On 7/3/2024 4:37 AM, Michael via PLUG-discuss wrote:
can you share with usw what you use instead of sudo?
On Tue, Jul 2, 2024 at 11:42 PM George Toft via PLUG-discuss
wrote:
Okay, I now come begging for more information on why RH thinks
sudo is
bad. But first a little background...
Where I work, the first thing we do is remove sudo and replace it
with a
shell script that calls our centralized Privileged Access Management
(PAM) system (not naming vendor). The use of sudo requires and
exception
and review and is not permanent. So I'm very versed on the principles
and implementation of PAM. Last year our Staff Architect asked me to
compare and contrast sudo against . Side-by-side,
feature-by-feature, I did so, based on our POC's on Red Hat Identity
Manager (IdM), which uses sudo, and locally engineered solutions.
I personally detest sudo because it's like chmod 777 * - makes
everything work so much better, and software vendors can just drop in
their own sudo rules in /etc/sudoers.d/ and make magic happen without
you ever knowing what happened. Several times we've had to convert
some
vendor's sudo rules to our own system's rules, and I ask the
vendor "Why
do you have this rule?" Their answer: "We don't know." OFFS :(
As far as sudo goes, it is included in the Center for Internet
Security's (CIS) Benchmarks, which is the embodiment of the
information
security industry's best practices. I did some work for them for a
couple years, and every change (add/mod/delete) required consensus
approval from 80 organizations around the world, including thee
letter
agencies in the US and abroad. Many/most auditors expect financial
institutions to follow this guide, or explain convincingly why
not. So
every six months, we get to say: "We don't use sudo. Instead, we do
this." And then we get to do live demos of timed privileged access.
Haven't had a follow-on question in the last 8 years.
(OT: I cringe at referring to CIS because of their collusion with the
Arizona Secretary of State and the Department of Homeland Security to
suppress people's First Amendment Right to Free Speech. Proof is
in the
Elon Musk Twitter Dump. I do not have a copy of the email on my
computer. I generally don't tell people I did work for them - it's so
embarrassing. Effing Ratbastards.)
So... back to the original question, as I was not able to find
anything
saying Red Hat discourages sudo, nor was my favorite AI. Please
toss me
a cookie...
Regards,
George Toft
On 6/26/2024 12:23 PM, Rusty Carruth via PLUG-discuss wrote:
> Actually, I'd like to start a bit of a discussion on this.
>
>
> First, I know that for some reason RedHat seems to think that
sudo is
> bad/insecure.
>
> I'd like to know the logic there, as I think the argument FOR using
> sudo is MUCH stronger than any argument I've heard (which,
admittedly,
> is pretty close to zero) AGAINST it. Here's my thinking:
>
> Allowing users to become root via sudo gives you:
>
> - VERY fine control over what programs a user can use as root
>
> - The ability to remove admin privs (ability to run as root)
from an
> individual WITHOUT having to change root password everywhere.
>
> Now, remember, RH is supposedly 'corporate friendly'. As a
> corporation, that 2nd feature is well worth the price of admission,
> PLUS I can only allow certain admins to run certain programs?
Very nice.
>
> So, for example, at my last place I allowed the 'tester' user to
run
> fdisk as root, because they needed to partition the disk under
test.
> In my case, and since the network that we ran on was totally
isolated
> from the corporate network, I let fdisk be run without needing a
> password. Oh, and if they messed up and fdisk'ed the boot
partition,
> it was no big deal - I could recreate the machine from scratch
(minus
> whatever data hadn't been copied off yet - which would only be
their
> most recent run), in 10 minutes (which was about 2 minutes of my
time,
> and 8 minutes of scripted 'dd' ;-) However, if the test user
wanted
> to become root using su, they had to enter the test user password.
>
> So, back to the original question - setting sudo to not require a
> password. We should have asked, what program do you want to run as
> root without requiring a password? How secure is your system? What
> else do you use it for? Who has access? etc, etc, etc.
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
Sorry, Kieth, I have bad news for you. You took a 30+ year leap backwards in security. I can tell you for certain, from my bank fraud analyst friend (just got promoted to financial crimes investigator), checks are the second most insecure way of transferring money, first being putting the money in the envelope. They helped the USPS bust a fraud ring who worked in the Post Office - fraudsters were pulling checks out of envelopes inside the local Post Office. My friend pulled out all the details for the Postmaster General. ACH is free (for you) and secure and guaranteed by the originator as they are on the hook to prove the identity of who initiated the transaction and they have to pay. It's all very complicated, and I'm not going into details here. I use ACH all the time. My physical devices have multi-layer physical protection. Logical access control is in-place. Both have multi-factor authentication. Password resets require multi-factor authentication. And the DoD is worse - their systems have so many layers, it was easier to just let my account get deleted from lack of use and rebuilt it from scratch. I have notes that tell me screen-by-screen what to put in each box and which ones to ignore. It's so secure, legitimate users can't even get in... and this is just my health insurance. Where all of this can break down - getting on topic - is with the SSH protocol and web proxies. When you connect to a website using HTTPS using a web proxy, your web browser uses it's cert to set up the connection, or so it thinks. What's really happening is the proxy is responding to the request and decrypting the message, then it forms a new request and sends it to the bank, which believes the proxy and sends it back. Everything gets decrypted on the proxy, so whoever has admin access to the proxy can see everything. Kinda like opening envelopes in the mail room :) Disclaimer: This is what some networking guys told me in a presentation about 10 years ago. In summary, ACH is safe if you do it from home without a proxy. Of course "safe" is relative, but it's safer than checks in the mail. Drop into your bank and ask the branch manager, or call their customer service and ask. They won't tell you checks are bad, but they will steer you to ACH and tell you it's better. Break out the Rosetta Stone and figure out what "better" means in corporate-speak. Banks are in it to win it, and they don't offer something for free unless they are saving money (cost avoidance) on the alternatives. Regards, George Toft On 7/3/2024 6:21 AM, techli...@phpcoderusa.com wrote: On 2024-07-02 18:20, George Toft via PLUG-discuss wrote: I work for a bank, and you would be amazed at how much security is baked into the connecting your browser to their web servers. Makes the NSA look like freshmen. And no, I'm not telling you who I work for. Regards, George Toft I'd like to hear more. The world is a hostile place. I recently went old school. I asked the bank to disarm my online banking. I now deal with paper statements and everything gets paid by check. Not as convenient as on-line banking, however I am hoping it makes my world a little bit more secure. What are your thoughts? Keith On 6/29/2024 5:19 PM, Keith Smith via PLUG-discuss wrote: Mike, The world is a hostile place. The more precautions you take the better. I cover the camera on my cellular phone while not in use. I cover the camera that is built into my laptop while it is not in use. I think on-line banking is dangerous. At some point I want to turn off WIFI and go to wired only on my local net. We lock our cars and houses for a reason. I do not know as much security as I'd like, however it might be necessary at some point to to become more cyber. About 24 years ago the members of the Tucson Free Unix Group (TFUG) helped me build a server that I ran out of my home. We left the email relay open and I got exploited. About 10 years ago I became root and I accidentally overwrote my home directory. yikes... both were painful. The first example is a reason we must be more aware of what we are doing. The 2nd is an example why we should use sudo as much as we can instead of becoming root. Keith On 2024-06-29 08:55, Michael via PLUG-discuss wrote: I just realized, while 99% of the people on this list are honest there is the diabolical 1%. So I guess I enter my password for the rest of my life. Or do you think that it really matters considering this is only a mailing list? On Sat, Jun 29, 2024, 10:22 AM Michael wrote: Thanks for saying this. I realized that I only needed to run apt as root. I didn't know how to make it so I could do that. but chatgt did! On Sat, Jun 29, 2024, 5:53 AM Eric Oyen via PLUG-discuss wrote: NO WORRIES FROM THIS END RUSTY. As a general rule, I use sudo only for very specific tasks (usually updating my development package tree on OS X) and
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
Okay, I now come begging for more information on why RH thinks sudo is bad. But first a little background... Where I work, the first thing we do is remove sudo and replace it with a shell script that calls our centralized Privileged Access Management (PAM) system (not naming vendor). The use of sudo requires and exception and review and is not permanent. So I'm very versed on the principles and implementation of PAM. Last year our Staff Architect asked me to compare and contrast sudo against . Side-by-side, feature-by-feature, I did so, based on our POC's on Red Hat Identity Manager (IdM), which uses sudo, and locally engineered solutions. I personally detest sudo because it's like chmod 777 * - makes everything work so much better, and software vendors can just drop in their own sudo rules in /etc/sudoers.d/ and make magic happen without you ever knowing what happened. Several times we've had to convert some vendor's sudo rules to our own system's rules, and I ask the vendor "Why do you have this rule?" Their answer: "We don't know." OFFS :( As far as sudo goes, it is included in the Center for Internet Security's (CIS) Benchmarks, which is the embodiment of the information security industry's best practices. I did some work for them for a couple years, and every change (add/mod/delete) required consensus approval from 80 organizations around the world, including thee letter agencies in the US and abroad. Many/most auditors expect financial institutions to follow this guide, or explain convincingly why not. So every six months, we get to say: "We don't use sudo. Instead, we do this." And then we get to do live demos of timed privileged access. Haven't had a follow-on question in the last 8 years. (OT: I cringe at referring to CIS because of their collusion with the Arizona Secretary of State and the Department of Homeland Security to suppress people's First Amendment Right to Free Speech. Proof is in the Elon Musk Twitter Dump. I do not have a copy of the email on my computer. I generally don't tell people I did work for them - it's so embarrassing. Effing Ratbastards.) So... back to the original question, as I was not able to find anything saying Red Hat discourages sudo, nor was my favorite AI. Please toss me a cookie... Regards, George Toft On 6/26/2024 12:23 PM, Rusty Carruth via PLUG-discuss wrote: Actually, I'd like to start a bit of a discussion on this. First, I know that for some reason RedHat seems to think that sudo is bad/insecure. I'd like to know the logic there, as I think the argument FOR using sudo is MUCH stronger than any argument I've heard (which, admittedly, is pretty close to zero) AGAINST it. Here's my thinking: Allowing users to become root via sudo gives you: - VERY fine control over what programs a user can use as root - The ability to remove admin privs (ability to run as root) from an individual WITHOUT having to change root password everywhere. Now, remember, RH is supposedly 'corporate friendly'. As a corporation, that 2nd feature is well worth the price of admission, PLUS I can only allow certain admins to run certain programs? Very nice. So, for example, at my last place I allowed the 'tester' user to run fdisk as root, because they needed to partition the disk under test. In my case, and since the network that we ran on was totally isolated from the corporate network, I let fdisk be run without needing a password. Oh, and if they messed up and fdisk'ed the boot partition, it was no big deal - I could recreate the machine from scratch (minus whatever data hadn't been copied off yet - which would only be their most recent run), in 10 minutes (which was about 2 minutes of my time, and 8 minutes of scripted 'dd' ;-) However, if the test user wanted to become root using su, they had to enter the test user password. So, back to the original question - setting sudo to not require a password. We should have asked, what program do you want to run as root without requiring a password? How secure is your system? What else do you use it for? Who has access? etc, etc, etc. There's one other minor objection I have to the 'zero defense' statement below - the malicious thing you downloaded (and, I assume ran) has to be written to USE sudo in its attempt to break in, I believe, or it wouldn't matter HOW open your sudo was. (simply saying 'su - myscript' won't do it). And, if you're truly paranoid about stuff you download, you should: 1 - NEVER download something you don't have an excellent reason to believe is 'safe', and ALWAYS make sure you actually downloaded it from where you thought you did. 2 - For the TRULY paranoid, have a machine you use to download and test software on, which you can totally disconnect from your network (not JUST the internet), and which has NO confidential info, and which you can erase and rebuild without caring. Run the downl
Re: trouble adding my user to sudoers list
Agreed, but... Your comment is what I've been telling writers and filmmakers for almost a year. However, AI can jog a few thoughts loose and inspire the human to new paths of success. Regards, George Toft On 6/25/2024 10:04 PM, Eric Oyen via PLUG-discuss wrote: Yeah, right! Sorry, but AI in any form just won’t replace a human with any real experience. -Eric From the Central Offices of the Technomage Gild, Human Relations Dept. On Jun 25, 2024, at 6:01 PM, Michael via PLUG-discuss wrote: then I remember that a PLUG member mentioned ChatGPT being good at troubleshooting so I figured I'd give it a go. I sprint about half an hour asking it the wrong question but after that it took 2 minutes. I wanted sudo not to require a password. it is wonderful! now I don't have to bug you guys. so it looks like this is the end of the user group unless you want to talk about OT stuff. -- :-)~MIKE~(-: --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: sudo in general, and not requiring password in particular (was Re: trouble adding my user to sudoers list)
I work for a bank, and you would be amazed at how much security is baked into the connecting your browser to their web servers. Makes the NSA look like freshmen. And no, I'm not telling you who I work for. Regards, George Toft On 6/29/2024 5:19 PM, Keith Smith via PLUG-discuss wrote: Mike, The world is a hostile place. The more precautions you take the better. I cover the camera on my cellular phone while not in use. I cover the camera that is built into my laptop while it is not in use. I think on-line banking is dangerous. At some point I want to turn off WIFI and go to wired only on my local net. We lock our cars and houses for a reason. I do not know as much security as I'd like, however it might be necessary at some point to to become more cyber. About 24 years ago the members of the Tucson Free Unix Group (TFUG) helped me build a server that I ran out of my home. We left the email relay open and I got exploited. About 10 years ago I became root and I accidentally overwrote my home directory. yikes... both were painful. The first example is a reason we must be more aware of what we are doing. The 2nd is an example why we should use sudo as much as we can instead of becoming root. Keith On 2024-06-29 08:55, Michael via PLUG-discuss wrote: I just realized, while 99% of the people on this list are honest there is the diabolical 1%. So I guess I enter my password for the rest of my life. Or do you think that it really matters considering this is only a mailing list? On Sat, Jun 29, 2024, 10:22 AM Michael wrote: Thanks for saying this. I realized that I only needed to run apt as root. I didn't know how to make it so I could do that. but chatgt did! On Sat, Jun 29, 2024, 5:53 AM Eric Oyen via PLUG-discuss wrote: NO WORRIES FROM THIS END RUSTY. As a general rule, I use sudo only for very specific tasks (usually updating my development package tree on OS X) and no where else will I run anything as root. I have seen what happens to linux machines that run infected binaries as root and it can get ugly pretty fast. In one case, I couldn’t take the machine out of service because of other items I was involved with, so I simply made part of the dir tree immutable after replacing a few files in /etc. That would fill up the system logs with an error message about a specific binary trying to replace a small number of conf files. Once the offending binary was found, it made things easier trying to disable it or get rid of it. However, after a while, I simply pulled the drive and ran it through a Dod secure erase and installed a newer linux bistro on it. I did use the same trick with chattr to make /bin, /sbin and /etc immutable. That last turned out to be handy as I caught someone trying to rootkit my machine using a known exploit, only they couldn’t get it to run because the binaries they wanted to replace couldn’t be written to. :)Yes, this would be a bit excessive, but over the long run, proved far less inconvenient than having to wipe and reinstall an OS. -Eric From the central Offices of the Technomage Guild, security Applications Dept. On Jun 28, 2024, at 6:43 PM, Rusty Carruth via PLUG-discuss wrote: (Deep breath. Calm...) I can't figure out how to respond rationally to the below, so all I'm going to say is - before you call troll, you might want to research the author, and read a bit more carefully what they wrote. I don't believe I recommended any of the crazy things you suggest. And I certainly didn't intend to imply any of that. On the other hand, it may not have been clear, so I'll just say "Sorry that what I wrote wasn't clear, but english isn't my first language. Unfortunately its the only one I know". And on that note, I'll shut up. On 6/26/24 15:05, Ryan Petris wrote: I feel like you're trolling so I'm not going to spend very much time on this. It's been a generally good security practice for at least the last 25+ years to not regularly run as a privileged user, requiring some sort of escalation to do administrative-type tasks. By using passwordless sudo, you're taking away that escalation. Why not just run as root? Then you don't need sudo at all. In fact, why even have a password at all? Why encrypt? Why don't you just put all your data on a publicly accessible FTP server and just grab stuff when you need it? The NSA has all your data anyway and you don't have anything to hide so why not just leave it out there for the world to see? As for something malicious needing to be written to use sudo, why wouldn't it? sudo is ubiquitous on unix systems; if it didn't at least try then that seams like a pretty dumb malicious script to me. You also don't necessarily need to open/run something for it to run. IIRC there was a recent image vulnerability in Gnome's tracker-miner application which indexes files in your home directory. And before you say that wouldn't happen in KDE, it too has a similar program, I believe ca
Re: AI Tools For Article Writing
I made AutoCrit (book authoring software with GenAI analysis tools) hallucinate last week. I did an analysis on my Glossary, and it came up with a completely new story arc, new characters. I raised awareness with Support and they had it fixed in about 2 hours. Regards, George Toft On 6/23/2024 12:30 PM, Snyder, Alexander J via PLUG-discuss wrote: Yes. I wrote this using a mix of ChatGPT and Grammarly. https://sba.tc/embracing-the-cloud-a-vital-pivot-for-small-businesses/ What you see was a pass through ChatGPT, for the initial content, then a pass through Grammarly for ... Grammar, but they also have a lot of tools about scanning for the "voice" of the article, and plagiarism, and other helpful things. Rinse and repeat that cycle about 3 or 4 times to get it "just right". -- Thanks, Alexander Sent from my Google Pixel 7 Pro On Sun, Jun 23, 2024, 06:31 Keith Smith via PLUG-discuss wrote: Hi, Anyone using any AI tools for article writing. If so what are you using? Is anyone using AI at all? if so for what. I have been playing with ChatGPT and it is great for writing PHP code if one uses the correct prompts. Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: VERY OT, DO NOT READ THIS! (wind power, was Re: OT Humidity, was time off) Do not read, do not follow up! ;-)
Pump up the noise! Whereas megawatts of power is being removed from the kinetic energy of the wind, how much of the total is it? How wide is the wind, and how high, compared to the size of the wind farm? The windmills remove some fraction of a percent. I think this qualifies as "a gnat's fart in a hurricane" worth of difference... unless you have some references to support your assertion? Regards, George Toft On 6/21/2024 3:33 PM, Rusty Carruth via PLUG-discuss wrote: Ok, we are SO FAR off-topic that I shouldn't say anything, and I apologize for adding to the noise! However, I have one comment. For many years I was a BIG fan of wind power. Now, however, I've realized that nobody has calculated the effect of removing MEGAWATTS of power from the wind. Think about it - what is one of the major 'causes' of rainfall (especially around mountains)? Wind. Pushing the air and water up the mountain, where it cools, condenses, and rains. But we're removing MEGAWATTS of power from the wind! What effect is that extremely likely to have? Um, less rain! If I thought it would make any difference in our mad rush to fulfill the predictions of drought and global (whatever-ing), I'd spend time doing research, but I'm pretty sure 'nobody really cares'. Or whatever. Ok, sorry for adding to the noise. You may now return to your regularly scheduled flame-fest! On 6/20/24 20:11, Matthew Crews via PLUG-discuss wrote: On 6/20/24 6:16 AM, Ryan Petris via PLUG-discuss wrote: And what are you guys going to do about the coming lack of water? It's all FUD. If anything, agricultural land uses more water than residential land, and agricultural land is what's getting converted to residential. So every acre converted means /less/ water use. I think they're making a big deal out of it to make sure we don't lose some water rights from the Colorado river, as California is trying to take a larger portion of it. I disagree that it is FUD, but there is certainly a lot of blame to go around. The fact of the matter is, the Colorado River has been drying up due to both over-consumption and drastically reduced snowmelt caused by global heating, and it's affecting the entire region. One wet winter does not magically undo a couple decades of drought (Lake Mead still isn't even remotely close to pre-2000 levels). Just as significantly, other major sources of water in the geographical area are also drying up (word is that the Great Salt Lake will become the Great Salt Puddle, then the Great Arsenic Flats, in less than a decade). Underground water tables are being pumped like there's no tomorrow (similar to oil), with very limited means of replenishing them. And did I mention that snowmelt over the long term and rainfall over the long term are WAY lower than historic norms? Wreckless and wasteful water use by agriculture is a major problem, to be sure, and certainly the low hanging fruit that we can attack. But to say that agriculture should be taking the brunt of it, and not addressing ALL sources of increased water consumption, is foolish. Maybe the impact won't be as high, but it's still meaningful in aggregate. Per-capita, Arizonans consume more water than most states, and we must do better as a state.[1] And of course California, Nevada and Utah need to do their part too. 1. https://mapazdashboard.arizona.edu/article/arizonas-water-use-sector And depending who you ask, Phoenix (and Las Vegas) should not exist at all! Having lived here my entire life, I'm starting to agree with that sentimet. But that's just my 2 cents. --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: OT Humidity, was time off
"Coming lack of water" is going to be handled by zero-waste. 100% recycling all waste water. Think about that for a minute... yes, all that water that is flushed down the sewer will be reclaimed and recycled into potable water. Unimaginable? Google: Toilet to tap. And yes, your cities are already considering it or doing it. Stay hydrated :) https://www.azcentral.com/story/news/local/arizona/2023/04/12/toilet-to-tap-recycling-wastewater-drinking-water-safe/70104828007/ Regards, George Toft On 6/20/2024 5:14 AM, Steve Litt via PLUG-discuss wrote: Ryan Petris via PLUG-discuss said on Thu, 20 Jun 2024 04:05:30 -0700 I lived in Florida for ~10 years myself, in the Ft. Walton Beach/Navarre/Pensacola areas, and got my degree there at UWF. Sometimes I wish I were still there but I'm enjoying the non-humidity of Arizona for now. How do you like the 115 degree days? :-) And what are you guys going to do about the coming lack of water? One thing I love about hot dry climates (I used to live in the San Fernando Valley just outside LA) is that you can use evaporative coolers. That can save you a bundle of money. Here in Orlando Florida where I live, if you tried that, you'd just sweat even more and you'd melt the wallpaper right off the walls :-) Keep hydrated! SteveT Steve Litt http://444domains.com --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Gen AI and Job Interviews
The same way I found a candidate googling answers 20 years ago ... ask question ... listen to clickety clickety clickety through the phone ... pause ... near perfect answer recited with little emotion or thought. Over the years, I accepted googling answers, but I set the ground rules: "If you don't know the answer, tell me your google search term." At least that way I get insight into the candidate's ability to think. Nobody knows everything, but if you know how to search, you can solve almost any problem. Regards, George Toft On 5/6/2024 10:24 PM, Steve Litt via PLUG-discuss wrote: George Toft via PLUG-discuss said on Mon, 6 May 2024 10:45:56 -0700 Speaking of Gen AI... we recently interviewed a candidate for our team. He used ChatGPT to answer the interview questions. Uh, that would be an instant "No!" dawg. LOLz. How did you know? SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: I Tried AI for Programming and Article Writing
Feel free - I made that statement in my video at the First AI FilmFest last year. Regards, George Toft On 5/6/2024 10:30 AM, Keith Smith via PLUG-discuss wrote: On 2024-05-06 09:33, George Toft via PLUG-discuss wrote: Part 2 ... The film I submitted to the AIFilmFest, I stopped in the middle, looked at the camera, and asked the question: If Gen AI replaces junior people, and still needs senior people to review/correct their work, who's going to replace the senior people as they age out since the juniors are being replaced by AI? Like Keith said, one needs to have the background to know when AI is right or wrong. Just food for thought ... Regards, George Toft Very interesting. I am going to make a YouTube video and blog post on my experience. George can I quote you? I will not mention your name or where you made the post. I just want the above statement. On 4/14/2024 7:49 AM, Keith Smith via PLUG-discuss wrote: Hi, I wanted to share my experience. When AI came out I feared it would take over my niche as a PHP developer. After taking AI for a test run this is what I discovered: 1) The application analysis and design still needs to be performed by a human. 2) The human, in my case, the developer, needs to have a decent understanding of what one asks AI to create. I asked for a simple M-V-C app and it provided one that was very interesting, however it did not process the URL to get the Controller, Action, and segments. 3) Humans will still need to test the app once complete. AI does create some automated testing, however human testing is still required. 4) AI is great for learning. I found the PHP AI code to be more precise and did things differently than I. Great learning opportunity. 5) I asked AI to help me understand what the Linux logs were used for and it gave me what appeared to be something I can learn from. It appears to be much better than Google. 6) As listed above, AI can be used to learn and build skills. 7) I had Ai write me an article and it spit out about 650 words that could be the bases of an article for a blog post. When it is all said and done, I fear AI much less. Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Gen AI and Job Interviews
Speaking of Gen AI... we recently interviewed a candidate for our team. He used ChatGPT to answer the interview questions. Uh, that would be an instant "No!" dawg. LOLz. Thanks for blazing the path to the new method of interviews - you will be on camera in all future interviews :) -- Regards, George Toft --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: I Tried AI for Programming and Article Writing
Part 2 ... The film I submitted to the AIFilmFest, I stopped in the middle, looked at the camera, and asked the question: If Gen AI replaces junior people, and still needs senior people to review/correct their work, who's going to replace the senior people as they age out since the juniors are being replaced by AI? Like Keith said, one needs to have the background to know when AI is right or wrong. Just food for thought ... Regards, George Toft On 4/14/2024 7:49 AM, Keith Smith via PLUG-discuss wrote: Hi, I wanted to share my experience. When AI came out I feared it would take over my niche as a PHP developer. After taking AI for a test run this is what I discovered: 1) The application analysis and design still needs to be performed by a human. 2) The human, in my case, the developer, needs to have a decent understanding of what one asks AI to create. I asked for a simple M-V-C app and it provided one that was very interesting, however it did not process the URL to get the Controller, Action, and segments. 3) Humans will still need to test the app once complete. AI does create some automated testing, however human testing is still required. 4) AI is great for learning. I found the PHP AI code to be more precise and did things differently than I. Great learning opportunity. 5) I asked AI to help me understand what the Linux logs were used for and it gave me what appeared to be something I can learn from. It appears to be much better than Google. 6) As listed above, AI can be used to learn and build skills. 7) I had Ai write me an article and it spit out about 650 words that could be the bases of an article for a blog post. When it is all said and done, I fear AI much less. Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: I Tried AI for Programming and Article Writing
Hi Keith, Gen AI definitely has a place. Think of Gen AI as a meat grinder - stuff goes in (training data) in various amounts (prompts), different stuff comes out based on the blades and crank (more prompts). Maybe it's good, maybe not. I created a film using Gen AI. Human-recorded video. AI-created script. AI voice. Human edited, titled, rendered. Took 15 seconds to write the script, an hour to fix the typos and grammatical errors, and the rest was just post-processing. Definitely quick. I entered another film into the First Annual AIFilmFest last year - it was accepted. In it, I enumerated the AI's used to make an earlier PSA. 11 AI's in total, and most people don't even know it. Now, taking this back to another project near and dear to our lives ... My job as a sysadmin was moved to Argentina in 2006 because they got paid about 10% what I did. At that time, the company-wide Server:sysadmin ratio was 15:1, and our team was 30:1. My employer just fired the whole outsourcing company because we have self-healing, automation, AI managing the servers, and we do it better ourselves than Kyndryl. The Server:Sysadmin ratio now is approaching 350:1. Gen AI will change the landscape like automobiles changed transportation. Those that keep riding horses will go the way of the wagons. To remain relevant means learning how a car works. Fortunately for me, I shifted careers into something AI can't do because many humans can't even do it. So I'll be safe until I age out and retire. Kinda like equine search & rescue - can't take a car down that trail - so the old ways will develop a niche market. Regards, George Toft On 4/14/2024 7:49 AM, Keith Smith via PLUG-discuss wrote: Hi, I wanted to share my experience. When AI came out I feared it would take over my niche as a PHP developer. After taking AI for a test run this is what I discovered: 1) The application analysis and design still needs to be performed by a human. 2) The human, in my case, the developer, needs to have a decent understanding of what one asks AI to create. I asked for a simple M-V-C app and it provided one that was very interesting, however it did not process the URL to get the Controller, Action, and segments. 3) Humans will still need to test the app once complete. AI does create some automated testing, however human testing is still required. 4) AI is great for learning. I found the PHP AI code to be more precise and did things differently than I. Great learning opportunity. 5) I asked AI to help me understand what the Linux logs were used for and it gave me what appeared to be something I can learn from. It appears to be much better than Google. 6) As listed above, AI can be used to learn and build skills. 7) I had Ai write me an article and it spit out about 650 words that could be the bases of an article for a blog post. When it is all said and done, I fear AI much less. Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Forbes : 10 Highest-Paying Tech Jobs In The U.S.
Very insightful. I think you could probably write a paper on this topic. Regards, George Toft On 12/11/2023 1:40 PM, David Schwartz via PLUG-discuss wrote: On Dec 11, 2023, at 6:09 AM, Keith Smith via PLUG-discuss wrote: I see AI being a windfall in the near term. Example would be an affiliate marketer could use AI to write articles for his/her blog. The article wold need to be rewritten, however it would be so much faster and potentially more comprehensive, If one can teach AL modern SEO then that person could rock!! It’s already nearly impossible to find anything useful on Google due to abuse of tricks people use to get their web pages found by the search engines, and there are plenty of tools that are teaching people how to do this using AI tools like ChatGPT already that are only going to make it a couple orders of magnitude worse. I’m in a class now that teaches a different approach that also uses AI for content, but it feeds the search engines what they’re looking for, not the same crap everybody else is feeding them, and it works really well. It looks similar to SEO, but it takes a totally different approach. It’s a manual method of finding keywords, with AI used to help write content. If AI could be trained to do the whole process, then they’d use it for that as well, but I don’t see that as something we’ll see anytime soon. Suffice it to say it’s a process that looks for what’s missing, which isn’t something automation is very good at — you’d end up with a huge list of pretty much irrelevant stuff, or random selections from such a list. It takes a little work to figure it out yourself. I have no idea how you’d train an AI to do it. There seems to be plenty of people using AI to create windfalls by cranking out content in seconds that historically has required weeks or months or longer for people to do. What it’s doing is putting ghostwriters out of business, and increasing demand for editors. I watched a video about a 20 yo kid who has been using ChatGPT to crank out books in a particular niche for about 18 months. He has created a particular brand and creates books under that brand, and has published several hundred now. He says he’s already made over $1M, and can sell his biz for at least that much. Of course, he teaches a class on how to do it. The ultimate outcome here is the same as with SEO: markets are going to be flooded with generic material and it will be impossible to find anything specific to your needs. I’m working on an app that generates personalized Guided Meditations (GMs). It does NOT use AI because AI isn’t needed, but that doesn’t stop people from telling me it’s a fool’s errand because there are already thousands of GM apps on the market, the vast majority of which are free. There’s a simple reason for this: every course on app development typically includes an exercise to build a virtual MP3 player. So people build it, then think, “Ahh, I can use this to load up meditations and then offer it up as a meditation app!” Another exercise lets you build a recorder app that creates … yes, you guessed it … MP3 files. Last count there were over 6000 of these “meditation apps” aka “virtual iPods” loaded up with prerecorded personal meditations, and over half were from people in India. So what you have is a market flooded with generic GMs by people who aren’t very well-trained at creating them, about topics that are of interest to those individuals, and no way to search them for specific attributes. They started out simply as a programming exercise, but the collective effect is an entire market niche flooded with content and no way to search for anything specific. This is not an “AI problem” but a scalibility problem. Maybe we can use AI to fix it, but I think that’s a waste of resources with very little return. The problem with flooding the market with stuff like this, be it web pages, books, meditation apps, videos, or whatever, is that there’s nothing in place to help you sift through these huge haystacks for a few needles that represent the intersection of qualities YOU ARE MOST INTERESTED IN. This is the same problem that’s affecting Google because of SEO. It will inevitably lead to the same problems in any market that has been flooded with content — there’s no way to find stuff quickly and efficiently that fits your needs other than building a “better search engine”, right? What we’re doing is building huge digital garbage dumps and telling people looking for specific things, “Hey, dig away!” SEO has broken the internet, and AI will only make things worse. It’s a HUGE garbage dump or warehouse, and nobody has the time nor the interest to waste trying to find specific things buried there. But what if it was quicker to just create what you need in 5 minutes instead of searching for it in a huge warehouse? Here’s the thing I see this situation inevitably leading to: people who love
Re: Forbes : 10 Highest-Paying Tech Jobs In The U.S.
On 12/11/2023 6:09 AM, techli...@phpcoderusa.com wrote: On 2023-12-10 16:30, George Toft via PLUG-discuss wrote: Read two articles this week that claimed AI will reduce human work to 3.5 or 4 days per week. I recall this same prediction with the micro computer in the 80's. Did not work out that way. Here's the next job that nobody is talking about: AI Coach. Human asks a question and and the AI answer is close, but not quite right. AI Coach alters the prompt until they get the right answer. Skill set required is very close to that of using a search engine. Cheer!!! Wait - two things are going to happen: 1. 20-25% layoff and those that remain pick up the jobs of the fired. 2. Everyone goes to 28-32 hours per week and guess what you'll get paid. That's right - 28-32 hours. The State of Connecticut has a 32 hour work week, and the employees get paid for 32 hours. If 10 years is an accurate assessment, that will let us old farts age out and retire so the younger don't get fired. That creates another issue. They are saying SSI is broke. The solution they say is to reduce SSI by 30%. That is a problem. I'm an old fart and am approaching the econ like it is going to crash and SSI is going to be reduced by 30%. I lived through this same inflationary econ in the 70's and 80's. What nobody in this country has lived through (folks in England have, but not too many left) is what happens when your country's currency is no longer used worldwide to settle trade. That's coming real soon. I'm thinking a lot of the people on this list will be ok if they are willing to adjust to part-time with part-time wages. Which is why I'm retraining for a new career. I'm tired of tech, and I can barely keep up with the changes in Linux (there - on topic). Took me longer than it should have to understand systemd - that was my cue to bail. So now I deal with Privileged Access (that stuff the NSA failed so miserably at and allowed Eric Snowden access to stuff he should not have that proved the US was monitoring communications of its citizens without a warrant). Next career is freelance movie post-production - I can do it at home and the pay is poor. On another note, I just wrote a movie script. Okay, no I didn't - Bard wrote it for me. Bard gave me three choices, and I liked #2. I reformatted it into a two-column script, had to fix two errors (apparently Bard doesn't know that the first word following a colon is capitalized, and it didn't know the difference between cocoa and cacao). Bard also snuck in something about ethical sourcing of chocolate. So I began researching it. So now the script is 70% AI written and I rewrote the last 30% in a revolutionary twist at the end. This is in contrast to a short short film I had in the First Annual AI FilmFest in October where the script was 70% human and 30% AI written. In both cases, the actual script generation was done in about 15 seconds. In the October film, it took me 40 minutes to reformat it. In the current project, it took me 3 hours to reformat/research. AI is our friend, but we really need to keep a tight leash on it. I see AI being a windfall in the near term. Example would be an affiliate marketer could use AI to write articles for his/her blog. The article would need to be rewritten, however it would be so much faster and potentially more comprehensive, If one can teach AL modern SEO then that person could rock!! Regards, George Toft On 12/6/2023 2:00 PM, trent shipley via PLUG-discuss wrote: If AI can take over junior level knowledge jobs now, it stands to reason AI will mature fast enough to keep pace with the rate at which junior level practitioners would have gained experience to do mid-level and senior jobs. It's an eventuality that the robots make people obsolete. The only questions are 1) whether it happens in 5, 20, or 200 years. 2) a) whether all humans live affluent fulfilling lives, b) whether Elon Musk, Bill Gates, and Jeff Bezos live affluent, fulfilling lives, and the rest of us live in Darfur. c) Skynet suffers no primates to live. On Sat, Dec 2, 2023 at 2:35 PM George Toft via PLUG-discuss wrote: Thanks for posting. IMHO, the future is not in tech, as this article defined it, but closely related: Identity and Access Management (IAM) and Privileged Access Management (PAM), Mainframe operations (yes, mainframes are still here), Red Team (h - sexy :) ), and Data Analytics and Machine Learning. The pay is definitely comparable to this article's top 5, if not higher. Whereas I liked being a sysadmin, my job got shipped to Argentina for $6/hr (last I heard, they were up to $10/hr). That's a really bad place to be. If you want to live a nice lifestyle ... and I've been saying this since 2005 ... you have to do something that can't be off-shored. Do something that must be done in this country. Lately, this has come to mean: 1. Be inquisitive. How can I make
Re: Forbes : 10 Highest-Paying Tech Jobs In The U.S.
Read two articles this week that claimed AI will reduce human work to 3.5 or 4 days per week. Cheer!!! Wait - two things are going to happen: 1. 20-25% layoff and those that remain pick up the jobs of the fired. 2. Everyone goes to 28-32 hours per week and guess what you'll get paid. That's right - 28-32 hours. The State of Connecticut has a 32 hour work week, and the employees get paid for 32 hours. If 10 years is an accurate assessment, that will let us old farts age out and retire so the younger don't get fired. On another note, I just wrote a movie script. Okay, no I didn't - Bard wrote it for me. Bard gave me three choices, and I liked #2. I reformatted it into a two-column script, had to fix two errors (apparently Bard doesn't know that the first word following a colon is capitalized, and it didn't know the difference between cocoa and cacao). Bard also snuck in something about ethical sourcing of chocolate. So I began researching it. So now the script is 70% AI written and I rewrote the last 30% in a revolutionary twist at the end. This is in contrast to a short short film I had in the First Annual AI FilmFest in October where the script was 70% human and 30% AI written. In both cases, the actual script generation was done in about 15 seconds. In the October film, it took me 40 minutes to reformat it. In the current project, it took me 3 hours to reformat/research. AI is our friend, but we really need to keep a tight leash on it. Regards, George Toft On 12/6/2023 2:00 PM, trent shipley via PLUG-discuss wrote: If AI can take over junior level knowledge jobs now, it stands to reason AI will mature fast enough to keep pace with the rate at which junior level practitioners would have gained experience to do mid-level and senior jobs. It's an eventuality that the robots make people obsolete. The only questions are 1) whether it happens in 5, 20, or 200 years. 2) a) whether all humans live affluent fulfilling lives, b) whether Elon Musk, Bill Gates, and Jeff Bezos live affluent, fulfilling lives, and the rest of us live in Darfur. c) Skynet suffers no primates to live. On Sat, Dec 2, 2023 at 2:35 PM George Toft via PLUG-discuss wrote: Thanks for posting. IMHO, the future is not in tech, as this article defined it, but closely related: Identity and Access Management (IAM) and Privileged Access Management (PAM), Mainframe operations (yes, mainframes are still here), Red Team (h - sexy :) ), and Data Analytics and Machine Learning. The pay is definitely comparable to this article's top 5, if not higher. Whereas I liked being a sysadmin, my job got shipped to Argentina for $6/hr (last I heard, they were up to $10/hr). That's a really bad place to be. If you want to live a nice lifestyle ... and I've been saying this since 2005 ... you have to do something that can't be off-shored. Do something that must be done in this country. Lately, this has come to mean: 1. Be inquisitive. How can I make this cheaper, faster, less resource-intensive? Why did it break? How do I keep it from ever breaking again? Will this failure happen elsewhere? Three principles for success: Make it easier for the User; make it cheaper; make it more efficient. 2. Challenge the status quo. Just because it has always been this way doesn't mean it's the best way now. 3. Write the solutions flowcharts. If you follow a script (AKA flowchart) to arrive at solutions to problems, you can be replaced by an AI, specifically, an expert system, and in 5 years, a Generative AI like Bard or ChatGPT. Expert systems been around since the 60's. Hell, I wrote an AI (simple machine learning) in 1990 that corrected spelling errors at the command line based on user performance. You need to be the one generating the flow chart for the folks to follow. 4. Be able to create metrics on everything you do. "If you can't measure it, you can't manage it" is the mantra of management this decade. I've had to become really creative with my metrics to show improvement over time, especially when I begin to alter User behavior before I figured out the metric. Oopsies. I've also discovered how to create metrics that track the adoption and consumption of our services, which helps management when they choose insane paths like replacing a Gartner Magic Quadrant product some some Open Source stuff that's "fre." For those that don't know me, I've been an OS advocate since 1998, but there ain't no such thing as a free lunch and when Managers see $0.00 licensing costs, they oftentimes fail to understand the local engineering effort required to meet that Proprietary product's capabilities. Yes, this is my hot topic this week as I battle three levels of
Re: Linux Basics
Yes. :) Regards, George Toft On 12/5/2023 9:35 AM, techli...@phpcoderusa.com wrote: Are you saying you replaced Gentoo with CentOS? On 2023-12-01 09:32, George Toft via PLUG-discuss wrote: I had the glorious opportunity to "fix" a Gentoo installation for a local company. The business chose Gentoo because that's what the owner's 18 year old son knew, then the son didn't want to be daddy's tech support any more. I inserted the CentOS installation DVD and fixed it. Regards, George Toft On 11/29/2023 6:19 PM, z via PLUG-discuss wrote: You will know everything you should know about linux once you have installed gentoo once without assistance (but documentaton is OK), and then compiled chromium a single time. The compiling chromium part is the most important lesson. Nov 29, 2023 17:57:20 Keith Smith via PLUG-discuss : Hey I am trying to determine what I do not know about Linux (Ubuntu). I watched each of these videos by Networkchuck. He covers a lot and if there is anyone wanting to build more Linux muscle, then I would recommend this series. I found a few things that I did not know or that I might need to know more about. He does not cover logs nor does he cover Linux networking. All in all I think it is a good set of videos for anyone wanting to level up that may be, like me, self taught, that may have some missing skills. https://www.youtube.com/playlist?list=PLIhvC56v63IJIujb5cyE13oLuyORZpdkL Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Forbes : 10 Highest-Paying Tech Jobs In The U.S.
Thanks for posting. IMHO, the future is not in tech, as this article defined it, but closely related: Identity and Access Management (IAM) and Privileged Access Management (PAM), Mainframe operations (yes, mainframes are still here), Red Team (h - sexy :) ), and Data Analytics and Machine Learning. The pay is definitely comparable to this article's top 5, if not higher. Whereas I liked being a sysadmin, my job got shipped to Argentina for $6/hr (last I heard, they were up to $10/hr). That's a really bad place to be. If you want to live a nice lifestyle ... and I've been saying this since 2005 ... you have to do something that can't be off-shored. Do something that must be done in this country. Lately, this has come to mean: 1. Be inquisitive. How can I make this cheaper, faster, less resource-intensive? Why did it break? How do I keep it from ever breaking again? Will this failure happen elsewhere? Three principles for success: Make it easier for the User; make it cheaper; make it more efficient. 2. Challenge the status quo. Just because it has always been this way doesn't mean it's the best way now. 3. Write the solutions flowcharts. If you follow a script (AKA flowchart) to arrive at solutions to problems, you can be replaced by an AI, specifically, an expert system, and in 5 years, a Generative AI like Bard or ChatGPT. Expert systems been around since the 60's. Hell, I wrote an AI (simple machine learning) in 1990 that corrected spelling errors at the command line based on user performance. You need to be the one generating the flow chart for the folks to follow. 4. Be able to create metrics on everything you do. "If you can't measure it, you can't manage it" is the mantra of management this decade. I've had to become really creative with my metrics to show improvement over time, especially when I begin to alter User behavior before I figured out the metric. Oopsies. I've also discovered how to create metrics that track the adoption and consumption of our services, which helps management when they choose insane paths like replacing a Gartner Magic Quadrant product some some Open Source stuff that's "fre." For those that don't know me, I've been an OS advocate since 1998, but there ain't no such thing as a free lunch and when Managers see $0.00 licensing costs, they oftentimes fail to understand the local engineering effort required to meet that Proprietary product's capabilities. Yes, this is my hot topic this week as I battle three levels of management on a fool-hardy decision whose ramifications they don't understand. I'm in the process of changing careers. The biggest problem I see is the total lack of people that can do the above. Our replacements don't exist. My whole US team is within 5 years of retirement/resignation and we have nobody to replace us. Wanna thrive in the next 20 years, be the one that can do the above. Be our replacements. BTW - I just had a film in the First Annual AIFilmFest and I interrupted the film to sound the alarm about Generative AI taking over junior level jobs. But I rant ... Cheers! George Toft On 12/2/2023 7:30 AM, Keith Smith via PLUG-discuss wrote: Hi, Found thins interesting: https://www.forbes.com/sites/jackkelly/2023/12/01/these-are-the-10-highest-paying-tech-jobs-in-the-us/?sh=276f0e8c515a Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: What to know : Just Linux
I would add read, understand and apply each step of the Linux Security Benchmarks from the Center for Internet Security. Each step has a discussion as to why you should do it. Regards, George Toft On 11/30/2023 7:39 PM, Keith Smith via PLUG-discuss wrote: That's Great!! Thanks!! On 2023-11-30 17:07, Phil Waclawski via PLUG-discuss wrote: I would add 14) use tools like ps/top and others to find/monitor and if need be kill processes 15) etckeeper to manage configuration files in /etc 16) software repo/package management (yum, apt, dnf etc) On Thu, Nov 30, 2023 at 4:13 PM Keith Smith via PLUG-discuss wrote: Hi, This is the list I have come up with: 1) Install Linux and Configure with and DHCP or Static IP. 2) SSH Login. 3) Command Line Commands and how to use. (Maybe 60 commands). 4) Log Rotate. 5) Logs (read). 6) Cron : System and User. 7) Network Configuration (Box Only). DHCP/Static IP. 8) Permissions. 9) Ownership. 10) Manage Users. 11) Manage Processes. 12) Vi/VIM/Nano. 13) Basic BASH Scripting. Anything else? Thanks!! Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Linux Basics
I had the glorious opportunity to "fix" a Gentoo installation for a local company. The business chose Gentoo because that's what the owner's 18 year old son knew, then the son didn't want to be daddy's tech support any more. I inserted the CentOS installation DVD and fixed it. Regards, George Toft On 11/29/2023 6:19 PM, z via PLUG-discuss wrote: You will know everything you should know about linux once you have installed gentoo once without assistance (but documentaton is OK), and then compiled chromium a single time. The compiling chromium part is the most important lesson. Nov 29, 2023 17:57:20 Keith Smith via PLUG-discuss : Hey I am trying to determine what I do not know about Linux (Ubuntu). I watched each of these videos by Networkchuck. He covers a lot and if there is anyone wanting to build more Linux muscle, then I would recommend this series. I found a few things that I did not know or that I might need to know more about. He does not cover logs nor does he cover Linux networking. All in all I think it is a good set of videos for anyone wanting to level up that may be, like me, self taught, that may have some missing skills. https://www.youtube.com/playlist?list=PLIhvC56v63IJIujb5cyE13oLuyORZpdkL Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: cheap co-lo in Phx area?
Wouldn't a Virtual Private Server (VPS) meet your needs? Lots to be had for a few dollars/month. https://www.hostingadvice.com/how-to/best-hosting-with-root-access/ BTW - I use Hostinger (#5 on the list) for web hosting (not VPS) and I'm happy with them. Regards, George Toft On 11/20/2023 5:13 AM, David Schwartz via PLUG-discuss wrote: I’ve got a Windows VPS server somewhere but prices are rather high for a decently fast box, so I’m thinking of getting a little NUC box. It would be fine for dev purposes, but I’d like to be able to access it outside of my home LAN. However, I’m using T-Mobile Home Internet, and it blocks all incoming ports, so I’d need to set up another box (I think?) that runs ngenx or something else to support reverse proxies. It would be a whole lot easier to just plug it into a co-lo rack, but the only things I’ve found are well over $100/mo. Is there anything cheap around the Phx area that startups can use for basic dev work? (This has to be Windows for now.) -David Schwartz --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Parsing/compiler/interpreter discussions now on the GoLUG mailing list
I wrote an article on this some time ago. It predates the public Internet, so there's no article link to provide. Yes, BNF figured into this prominently, but so many people don't seem to think in those terms any more. Write your own command.com * *Author:* * George Toft <https://dl.acm.org/profile/81100207235> Authors Info & Claims <https://dl.acm.org/doi/10./172026.172037#pill-authors__contentcon> Windows/DOS Developer's Journal <https://dl.acm.org/toc/wind/1992/3/12>Volume 3 <https://dl.acm.org/toc/wind/1992/3/12>Issue 12 <https://dl.acm.org/toc/wind/1992/3/12>Dec. 1992 pp 52–58 Regards, George Toft On 11/12/2023 11:56 PM, Steve Litt via PLUG-discuss wrote: Hi all, The GoLUG mailing list is currently featuring a discussion of parsing, compiler building, interpreter building, etc, with explorations into Backus-Naur form, flex, bison, and a Python approach. Our next meeting will be about these topics. The GoLUG mailing list is available at http://golug.org/mailman/listinfo/golug_golug.org Thanks, SteveT Steve Litt Autumn 2023 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 --- PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Server CPU
Be very careful with ESX. I know someone who bought a random server and ESX7 was not supported. It used to run on anything, now, not so much. Check the support matrix before you buy. Regards, George Toft On 7/20/2023 1:12 PM, greg zegan via PLUG-discuss wrote: Hello, I appreciate this topic. I have been wondering for a while now if there is an affordable home server out there for EXSi and such. Is there any way for someone to come up with a few choices for people like me? Is there a low end, mid range, and high end home server for someone to list with parts or suggested parts? thanks, Greg On Thursday, July 20, 2023 at 01:01:13 PM MST, Keith Smith via PLUG-discuss wrote: Thanks!! On 2023-07-20 11:36, Ryan Petris via PLUG-discuss wrote: > I personally wouldn't even go for a used server. They're generally > loud, and even when they aren't they use much more electricity than > what you would get from a consumer platform. There's really no benefit > unless you have room in your house to make a real server room with > racks and the electrical capacity to go along with it. > > On Thu, Jul 20, 2023, at 10:59 AM, Stephen Partington wrote: > >> the downside for these processors is their mainboards are still very >> pricy to buy. much more than the CPU itself. you are almost better >> off looking for and buying a refurbished server which you can get >> for almost ludicrously inexpensive prices. >> >> On Thu, Jul 20, 2023 at 1:56 PM Ryan Petris via PLUG-discuss >> wrote: >> >> The CPU's cheap because it's old and no one wants them anymore -- >> it's of the same generation as 6000 series intel processors (i.e. >> skylake). It also uses a server socket, so the only motherboards >> you're going to be able to find are server motherboards. Those are >> going to be expensive and/or have other quirks, such as requiring a >> vendor specific heatsink, or a vendor-specific power supply, or take >> 5 minutes to start up, etc. >> >> You'd be better off spending money on a last-gen cpu and >> motherboard, for instance here's a combination that is relatively >> cheap: >> >> $174 for an i5-12400, which according to cpubenchmark.net [1] is >> nearly 30% faster than the Xeon you linked (score of 19501 vs 15146, >> much faster single-core score as well): >> >> > https://www.amazon.com/Intel-i5-12400-Desktop-Processor-Cache/dp/B09NMPD8V2/ >> >> $139 for a compatible motherboard: >> >> > https://www.amazon.com/GIGABYTE-B760M-DS3H-AX-Motherboard/dp/B0BSP61QZC/ >> >> I also wouldn't pay so much attention to the number of "threads" you >> think you'll need; you can run many VMs with a total number of >> virtual processors that is much more than what you actually have, >> and as long as you're not trying to go whole hog on every machine at >> the same time you'll be fine, and even if you do, you'll still be >> better off with a faster processor with a few fewer threads than an >> older slower cpu with more. >> >> On Thu, Jul 20, 2023, at 10:26 AM, Keith Smith via PLUG-discuss >> wrote: >> >> Hi, >> >> I was surfing the Inter Web when I happened upon a Xeon server CPU. >> It >> >> is marked at $32.49 at Newegg. It has 12 cores and 24 threads and >> has a >> >> good benchmark score. >> >> > https://www.cpubenchmark.net/cpu.php?cpu=Intel+Xeon+Silver+4116+%40+2.10GHz=3179 <https://www.cpubenchmark.net/cpu.php?cpu=Intel+Xeon+Silver+4116+%40+2.10GHz=3179> >> >> https://www.newegg.com/p/274-000A-007K2?Description=Xeon >> >> In the future at some point I would like to build something with 20 >> plus >> >> or minus cores and 40 threads more or less for Proxmox. This would >> be >> >> over kills because I only need 1 or 2 VMs active at one time... >> maybe 3 >> >> in an extreme situation. >> >> This 12 core/24 thread CPU with 64Gb of Ram and a 1Tb SSD would >> really >> >> be more resources than I would ever need. Off the top of my head >> this >> >> means I might be able to build a decent Proxmox server for $500 - >> $600. >> >> I do not need fancy video except for one VM that might be running >> Win 10 >> >> or 11... I assume a server grade CPU would handle Win 10 and 11? >> >> Am I on the right track? >> >> Thank You For Your Feedback!! >> >> Keith >> >> --- >> >> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org >> >>
Re: I read chip maker TSMC is a sweatshop
There was no judgement in my statements - just observations and arithmetic. Nor am I making any assertion about value - indeed, for my current role, my value is only determined by the lack of Eric Snowden type of security breaches. If you want to hear judgements, I can digress on how government-backed, guaranteed, student loans inflated the price of education, and how the government should have never gotten involved with it and they shouldn't have nationalized it, but I won't :) Funny you should mention the competition. I had a friend from Singapore who had to go to England for her Undergraduate degree and then to the US for her Graduate because she couldn't get into college in Singapore. I have been a staunch supporter of the college system in this country, but I work with people who have no college, and some of us have Graduate degrees. For the field I'm in, one could self-learn and avoid college. And as I retrain for my next career, I have also returned to college and am becoming very disillusioned. The curriculum is teaching tool sets rather than concepts, and at this point, I can pick up some vendor training and certifications for free and some 4-day industry workshops for the same price as a 3 semester hour class. So why should I go to college? Regards, George Toft On 7/7/2023 2:39 PM, trent shipley via PLUG-discuss wrote: :So you're saying the Indians and Argientinans obviously deserved the job more than you since they would do the same work for less money? Also, why would an American be better at the job than someone from anywhere else? Or are you saying you are better than most of your peers in general, you're part of the 20% of your profession who generate 80% of the value. I mean the competition to get into a third-world government university is fierce, especially if it's ranked. The selectivity of admission rates match MIT and Stanford, theoretically Indian and Chinese computer scientists as a population should outperform their European, and even more their American competition. On Fri, Jul 7, 2023 at 2:29 PM George Toft via PLUG-discuss wrote: The only shortage that exists is technical people with Bachelors Degrees willing to work for minimum wage. Case in point. My employer is required to post HR crap in the public spaces (break rooms). One of the posts showed Tata Consultancy was providing a DBA for $66K/year. Tata takes 1/3 (typical), so the resource is getting $44K/year ($22/hr). My kids make more than that with a High School education. This is what the young people are competing against, so why go into this field? Another case in point. My job got outsourced to Argentina and the resources were getting $6/hr. I later heard it got raised to $10/hr. That was still 1/4 of what I was making. Even if the Argentinians screwed up and had to rework a task, the company still saved 50% over hiring an American on that task, and they are elated at the cost savings. Regards, George Toft On 6/7/2023 3:29 PM, Keith Smith via PLUG-discuss wrote: > On 2023-06-07 13:59, James Mcphee via PLUG-discuss wrote: >> Generally, if I hear it from cable news, there's a good chance it's >> just someone drumming up support for something. In this case, we'll >> probably hear about some kind of H1B system to make sure the new fabs >> get all the people they need, etc. Same deal as when I was working at >> a company that got bought by Dell, and they failed to retain most of >> the new employees because they didn't have a structure that worked >> with professionals. Suddenly you saw Michael Dell doing an interview >> on CNBC about the need to extend H1B 'cause they aren't getting enough >> workers. At the very least, there's plenty of incentive to drive down >> labor costs. And with the halts for new housing going out, there is a >> LOT of incentive to manipulate the market. >> >> Am I being paranoid? I probably need to touch more grass. > > Are you getting too paranoid? Maybe not. I quit following the news > because I think most are fearmongering and not talking and working on > the real problems. > > I personally do not like the H1B visas because I do not think they are > necessary. If there is really a shortage of tech workers then why is > there not a few major tech universities? Why does Gates exploit the > H1B and not create a really great tech university? And why do the > politicians allow all of this? > > We have all we need right here in our 50 states, so why do we not do > things that benefit ourselves and possibly others? > > These people like Michael Dell, Bill Gates,
Re: OT: Need pro help upload to youtube ...
Hi Joe, Did you figure it out? Still need help? Regards, George Toft On 7/7/2023 3:44 PM, joe--- via PLUG-discuss wrote: I need professional help with trying to make and upload videos to youtube. Any of you good plug friends experts? Or can you recommend someone? Youtube online help is too confusing for me. I'm willing to pay for help. j...@acitonline.com --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: I read chip maker TSMC is a sweatshop
The only shortage that exists is technical people with Bachelors Degrees willing to work for minimum wage. Case in point. My employer is required to post HR crap in the public spaces (break rooms). One of the posts showed Tata Consultancy was providing a DBA for $66K/year. Tata takes 1/3 (typical), so the resource is getting $44K/year ($22/hr). My kids make more than that with a High School education. This is what the young people are competing against, so why go into this field? Another case in point. My job got outsourced to Argentina and the resources were getting $6/hr. I later heard it got raised to $10/hr. That was still 1/4 of what I was making. Even if the Argentinians screwed up and had to rework a task, the company still saved 50% over hiring an American on that task, and they are elated at the cost savings. Regards, George Toft On 6/7/2023 3:29 PM, Keith Smith via PLUG-discuss wrote: On 2023-06-07 13:59, James Mcphee via PLUG-discuss wrote: Generally, if I hear it from cable news, there's a good chance it's just someone drumming up support for something. In this case, we'll probably hear about some kind of H1B system to make sure the new fabs get all the people they need, etc. Same deal as when I was working at a company that got bought by Dell, and they failed to retain most of the new employees because they didn't have a structure that worked with professionals. Suddenly you saw Michael Dell doing an interview on CNBC about the need to extend H1B 'cause they aren't getting enough workers. At the very least, there's plenty of incentive to drive down labor costs. And with the halts for new housing going out, there is a LOT of incentive to manipulate the market. Am I being paranoid? I probably need to touch more grass. Are you getting too paranoid? Maybe not. I quit following the news because I think most are fearmongering and not talking and working on the real problems. I personally do not like the H1B visas because I do not think they are necessary. If there is really a shortage of tech workers then why is there not a few major tech universities? Why does Gates exploit the H1B and not create a really great tech university? And why do the politicians allow all of this? We have all we need right here in our 50 states, so why do we not do things that benefit ourselves and possibly others? These people like Michael Dell, Bill Gates, etc have forgotten where they came from. QUESTION? I understand TSMC produces the most chips in the world, and is located in Taiwan . Where did they get that technology and who paid for that technology? On Wed, Jun 7, 2023 at 1:15 PM Jim via PLUG-discuss wrote: Don't believe everything you read on the internet. I've read that Abraham Lincoln blames Donald Trump for giving the gun to John Wilkes Booth. On 6/6/23 17:45, Keith Smith via PLUG-discuss wrote: Chip maker TSMC is moving to chandler and I have read they are a sweatshop --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- James McPhee jmc...@gmail.com --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: I read chip maker TSMC is a sweatshop
My younger son worked at the local 3rd Party MVD. He was talking to one of the TSMC Managers who came in to register a vehicle about the local jobs TSMC will create. She assured him that was not the case - most of the workers will come from Taiwan. This may very well be the case if an American won't work in a sweatshop, but a *Taiwanese will for the opportunity to work in America.* Regards, George Toft On 6/7/2023 1:59 PM, James Mcphee via PLUG-discuss wrote: Generally, if I hear it from cable news, there's a good chance it's just someone drumming up support for something. In this case, we'll probably hear about some kind of H1B system to make sure the new fabs get all the people they need, etc. Same deal as when I was working at a company that got bought by Dell, and they failed to retain most of the new employees because they didn't have a structure that worked with professionals. Suddenly you saw Michael Dell doing an interview on CNBC about the need to extend H1B 'cause they aren't getting enough workers. At the very least, there's plenty of incentive to drive down labor costs. And with the halts for new housing going out, there is a LOT of incentive to manipulate the market. Am I being paranoid? I probably need to touch more grass. On Wed, Jun 7, 2023 at 1:15 PM Jim via PLUG-discuss wrote: Don't believe everything you read on the internet. I've read that Abraham Lincoln blames Donald Trump for giving the gun to John Wilkes Booth. On 6/6/23 17:45, Keith Smith via PLUG-discuss wrote: > Chip maker TSMC is moving to chandler and I have read they are a > sweatshop > > --- > PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- James McPhee jmc...@gmail.com --- PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: McDonald's unveils first automated location
Pick-a-part is a great place to find brains :) It helps to know where the ECU is and how to remove it (automotive brain surgeon) otherwise, you'll be paying someone else to extract it and ship it to you and pay someone else at $175/hr to install it. It rapidly becomes cost-prohibitive to maintain old cars. A good example in the Nissan Xterra world is a metallurgical defect that exists in transmission coolers from 2005-2009. Here we are in 2022 and the radiators are failing resulting in mixing antifreeze and ATF which destroys the transmission. It costs more to rebuild the transmission than the vehicle is worth. The same problem exists with EV's when the batteries near end-of-life - a replacement battery pack is more than what the car is worth. And the same will be true with these brain cars. Another example that directly pertains to computers (to keep it somewhat on-topic). I needed to run some video editing software on my 9 year old Dell computer. The video card was unsupported. So now my choice was buy a $1600 video card (remember the chip shortage of 2021?) for a 9 year old computer, or buy a prebuilt Alienware system that included the video card for $600 more. I chose to refresh the whole system. Regards, George Toft On 12/30/2022 7:48 AM, Keith Smith via PLUG-discuss wrote: I assume you do not take part in the automated checkout because it reduces labor? I do not go that far. I think we are using too much technology and that is why I avoid the automated checkout. I'm a programmer and I do not like the tech shift we making. I do not like chips in cars. As the automakers increasingly put chips in cars I see that automation becoming obsolete far sooner that the car does. Case in point, my wife drives a 2004 Toyota that only has 110,000 miles on it. This car will last for 10 or 20 more years. Think if that car had technology from 2004 - Yikes!! I drive a 2009 that only has 65,000 miles on it. It has a "brain" and I can make the car accelerate better than the drive by wire. Both cars were purchased new. I expect to drive my car until I die. What happens 10 years from now if my car needs a new brain? Will that OLD technology be available. They are making cars that will last 300k miles and putting technology in them that will be obsolete in 5 years. On 2022-12-29 22:54, Jason Spatafore via PLUG-discuss wrote: I'm kinda with George here. I went to a Circle K today that had a self checkout. It took 3x as long to checkout. I let the attendant there know that I did not enjoy the experience and won't return. But, I will use Amazon and delivery services. So I think the labor market will move away from going out to collect your food to just having food delivered. The self checkouts will accelerate that movement toward retail closures and warehouse openings. So, the "unskilled" labor market will just shift from assembling a burger to boxing product. McDonald's has to be careful here. To quote an old McDonald's CFO... "We are not technically in the food business. We are in the real estate business. The only reason we sell 15-cent hamburgers is because they are the greatest producer of revenue, from which our tenants can pay us our rent." On 12/29/22 19:43, George Toft via PLUG-discuss wrote: I'll pass on this for the same reason I don't go to Sonic and I won't use self-checkout at Albertson's/Walmart/Home Depot. Regards, George Toft On 12/28/2022 7:22 AM, Keith Smith via PLUG-discuss wrote: Thought you might find this interesting. https://www.foxbusiness.com/technology/mcdonalds-unveils-first-automated-location-social-media-worried-will-cut-millions-jobs --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: McDonald's unveils first automated location
You won't be replaced by a machine. You will be replaced by someone willing to do your job for $20-25 per hour. I've seen postings in a large company that stated they were paying Tata Consultancy $66K for H1B DBA's. Tata takes 33%, which means the H1B Visa worker gets $44K, or $22/hr. Regards, George Toft On 12/28/2022 6:14 PM, Keith Smith via PLUG-discuss wrote: Let me say that I think people need to make a fair wage. I had a conversion with a guy maybe 8 years ago. He was pushing a raise in minimum wage. He was a big shot in Silicon Valley. I told him what my econ prof said : "Alternatives become more available as the price of any given thing rises." He premised this by saying Phelps Dodge does not want copper to go over $1 a pound. It was in the late 80's. I thought he was crazy until he mentioned alternatives. According to this prof aluminum became viable once copper went over $1/lbs. I went on to tell the Silicon Valley guy he and his cronies where the ones that would benefit from excessive minimum wage. He seems shocked. Now we see the proof. Today automation is cheap and labor is not so cheap. Machines break down, however they never call in sick or not do their job, and they will work 24/7 w/o benefits. This article says two things to me. Unskilled labor is about to be hardcore unemployed and the jobs that will be available will be for those who have leaned some skills. I'm thinking at some point in the future I will be replaced by a machine. I am a programmer. The world will be ruled by the engineers. On 2022-12-28 10:20, Harold Hartley via PLUG-discuss wrote: The article says there are people there to tend cash register and a couple of other things. On Wed, Dec 28, 2022, at 10:00, Steve Litt via PLUG-discuss wrote: Keith Smith via PLUG-discuss said on Wed, 28 Dec 2022 07:22:37 -0700 Thought you might find this interesting. https://www.foxbusiness.com/technology/mcdonalds-unveils-first-automated-location-social-media-worried-will-cut-millions-jobs Sounds like a good idea, but I pay with cash, and I don't like putting my twenty dollar bill in a machine, with no witnesses, and taking the chance that the machine will simply eat my bill, with no audit trail. SteveT Steve Litt Autumn 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: dBase
I made a mistake in an application by using SQLite3. I read about SQLite's advantages over MySQL in that it has no network stack, so it's faster. My testing showed that was kinda true - it was faster mostly, until multiple tasks started accessing the database concurrently. I applied some fixes I found on the Internet and that helped, then I got clever and wrote a wrapper to prevent contention over the database. I tested with 60 concurrent requests and it worked fine. The code made its way into production. A couple weeks later, in a perfect storm of slash-dotting, we got hit with triple the load we ever experienced. One of the storms was the cron job that updated a record in the database. The field update failed and all of the other processes relying on that field failed. This was the only outage my team suffered in 2021. I switched over to MySQL (MariaDB) and never looked back. Haven't had a self-induced outage in over a year. And then one of our vendors uses SQLite to store client information (client as in client-server) in the licensing server, and guess what - we figured out how to break it without even trying. I actually had the opportunity to have some 1:1 time with the product manager, and I was letting him know how his licensing scheme was a huge risk and a single point of failure. About that time, the CIO of a South African bank comes up and chimes in about what a piece of crap the licensing system was, major single point of failure. Product manager just turned his back and walked away. Meanwhile, I took the lesson from the CIO and had my team apply it to our infrastructure after our 3rd database crash. No license server, no functionality. Fortunately, it was still in development and didn't impact anyone. I am not a fan of SQLite. Sure, put it in an embedded device, but not anything connected to a network. Regards, George Toft On 12/28/2022 9:45 AM, Steve Litt via PLUG-discuss wrote: Keith Smith via PLUG-discuss said on Tue, 27 Dec 2022 19:02:42 -0700 SQLite surly looks cool, however I would not call is a replacement for dBase III. dBase III was very structured and provide the ability to create forms with widgets. IIRC dBase could make only CLI forms, not GUI forms. If one is willing to restrict one's self to CLI on an 80x25 screen, it's trivial in any language to create functions say() and get(). This is even easier today because you can represent the screen as a 25x80 2 dimensional array, rather than having to construct it from the top down the way you did when 20K was unaffordable. It looks like SQLite would require some programming and the use of ncurses or Qt... or maybe some other screen building language. Am I wrong? It would be more professional to use nCurses, but you can use plain old screen writes if you wanted to. As far as Qt, my understanding is that dBase never could do proportional spacing or different fonts. Still it is pretty cool!! Microsoft owns Visual FoxPro ... why not trim that down? No need to rely on Microsoft. Harbour Project is a Free Software Clipper almost-workalike. https://harbour.github.io/ MS also owns MS-Access which is a kludge in my opinion. Access was a nice DB design tool, but I wouldn't trust it to hold my data. SteveT Steve Litt Autumn 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: McDonald's unveils first automated location
I'll pass on this for the same reason I don't go to Sonic and I won't use self-checkout at Albertson's/Walmart/Home Depot. Regards, George Toft On 12/28/2022 7:22 AM, Keith Smith via PLUG-discuss wrote: Thought you might find this interesting. https://www.foxbusiness.com/technology/mcdonalds-unveils-first-automated-location-social-media-worried-will-cut-millions-jobs --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Skills for the future
Part 2 on your 35% comment: with higher prices come higher wages and the gov't gets more taxes. After a few years, Congress will adjust the tax code, meanwhile the really low income folks who weren't paying much, pay quite a bit. Regards, George Toft On 12/2/2022 7:19 AM, Keith Smith via PLUG-discuss wrote: Hi Ed, On 2022-12-01 22:37, Ed via PLUG-discuss wrote: you should look up the difference between a recession and a depression. Odds are we will have a middling recession, but the real problem is and will be inflation. Inflation is a ratchet, it only goes in one direction and hits everyone and everything*. It's like a network that has more and more noise on the line. For context, consider that people experience something like a half dozen recessions in their lifetime - more or less. It's the business cycle. I'm old so I have lived through more bad economies than good economies. I think this one is going to be the worst of all. You already said it - you expect robotics to become more involved so go do that. Just remember robots are capital intensive - so go with the big. I'm specializing in browser based business web apps. I like robotics, however at this station in my life it is probably not a good fit. *except for Japan and it's lost decade(s) - they had/have deflation I think we are about to have really bad inflation for the next 10 years. Based on what I hear, the fed cannot raise interest rates high enough to kill inflation because we have over 30 trillion in national debt. It is my understanding that as they raise interest rates the cost of servicing the debt goes up. Given that we may have to just ride this out. Another thought that is floating around is the Federal Gov. likes inflation. Think about it. If we have 10% inflation for the next 10 years that means the value of national debt is reduced to 35% of what is is today. On Sat, Nov 19, 2022 at 7:13 AM Keith Smith via PLUG-discuss wrote: Hi, I am reading and watching YouTube videos that say the economy is going to tank to maybe as bad as the depression. If this is true what skills are going to be in demand. I suspect there will be a real push to automate things so I'm guessing those who can create browser based business web apps and phone apps will be in high demand. That will equate to the administrator skills to support such things. I also expect robotics to become more involved in factories, manufacturing, and even flipping burgers. What say you? Thanks!! Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Skills for the future
I'm inclined to disagree with the nay-sayers. Been watching a youtube channel called "Mark Moss" who does a pretty good analysis of trends, and I just saw a Bloomberg Markets and Finances video where the Federal Reserve's Richmond Fed President Thomas Barkin stated the Fed will do whatever it takes to control inflation. Sounds like they're going to do something different than the 1930's (we saw how well that worked), and something different, maybe, than the late 1970's/early 1980's. It's my sense that they will ratchet up the interest rates in 0.50-0.75% increments. Personally, I don't know that they can do anything different than the 80's with prime at almost 20%. Worse than the Depression? I doubt it. As bad at 2009? Probably worse. Low interest rates drive businesses to delay hardware investments. High interest rates drive purchases as the same equipment will cost 15-20% more next year. Deflation stifles hardware investment as it will be 10% cheaper next year, so why buy now? (That last sentence is a one-line summary of former Fed Chairman Bernanke's essay on the failures of the Federal Reserve in the 1930's, and why inflation is intentionally driven to run at 2%.) No matter what happens, layoff's are coming. So what's an info worker to do? Be the best in your field. The marginal folks will get laid off and do something different, which clears the field for the rest of us. What technology to focus on? Cloud. There simply aren't enough Cloud-certified architects/engineers and all these companies are rushing headlong into the cloud. Terraform is probably the best platform to learn for cloud deployments as it's universal for AWS, GCP, Azure. Then there's Ansible. Personally, I think competing against someone from India with a Bachelor's Degree (or Master's) who will come here and work for $45K is ludicrous (my son just got an entry level customer service job for $21/hr, which is $42K/year). Look for something they don't do well - orchestration, solution engineering, problem solving. Don't be a 50 year old coder - it's a dead end. Regards, George Toft On 11/19/2022 7:12 AM, Keith Smith via PLUG-discuss wrote: Hi, I am reading and watching YouTube videos that say the economy is going to tank to maybe as bad as the depression. If this is true what skills are going to be in demand. I suspect there will be a real push to automate things so I'm guessing those who can create browser based business web apps and phone apps will be in high demand. That will equate to the administrator skills to support such things. I also expect robotics to become more involved in factories, manufacturing, and even flipping burgers. What say you? Thanks!! Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Dot Local Domains
Yeah - been a while - got distracted by non-tech. Regards, George Toft On 11/17/2022 9:11 AM, techli...@phpcoderusa.com wrote: George Toft, have not seem you in a while. Thanks for all this feedback. Eventually I will configure DNS on my private net. Love your parental controls!! I hope to configure a home server in the future. The first time it was so I could say I did it. The second time (future) I hope to learn a lot more and I would like to have the bragging rights. Keith On 2022-11-06 07:29, George Toft via PLUG-discuss wrote: Short answer to all of your questions is yes, you can do this. I did it for several years, and it came in really handy when I wanted to control the Internet usage of my pubescent children. I set up DNS locally - I used georgetoft.com and had it split - outside my house (public) only had the simple entries for the A, MX, CNAME records. Inside my house, I included the file server, FTP, web and mail server hosts. Then I set up a DHCP server that issued my DNS server's IP as part of the DHCP response. That way, everyone in the house could access the internal resources. Now when my teenage children got the hormones and thought they knew more than me, I set up two different DHCP configs and used cron to activate one profile in the daytime and a different one at night. To make this work, I turned off DHCP and WiFi on the Internet Gateway and used my own DHCP server and WiFi Access Point, with a TTL of 60 seconds. At the appointed time, the nighttime profile kicked in which only allowed the approved MAC addresses to get a DHCP address, effectively cutting them off from the Internet both by their PC and their phones. They were out of high school before they figured out how to make their phones into hotspots - LOL. As far as running your own mail server - yes you can (and I did for a while), but the effort really isn't worth it. Back when I would get 1 or 2 SPAM per week, and took great delight in tracking down their mail provider and ISP and filing SPAM complaints, but when it ramped up to 50/day, I outsourced it to a provider that managed SPAM blocking. I tried blacklisting entire countries by IP - that helped. I tried subscribing to blacklists - that helped, but in the end, I had more important things to do than spend hours per week managing an email server. Regards, George Toft On 10/29/2022 8:07 AM, Keith Smith via PLUG-discuss wrote: Hi, For some reason .local popped into my head this morning. From what I read it appears I may be able to create an Intranet that has a private domain name such as MyBusiness.local, on a private IP, and I am thinking I can run BIND and make a zone file for this Intranet. In this case, if I am in he local net I can bring it up with MyBusiness.local?? If so then I should be able to add subdomains to the local BIND/zone... So will this private network work like the public Internet? This makes me believe I can create a mail server on this private net for the users of this private net. Not that I want to, however it is interesting. I read that MAC is doing something with the .local domain so it was recommended to use: .test .example .invalid .localhost Would it be possible to create a private network using one of these private TLDs and can I use BIND to control this? How will my browser know to go to my private domain if I use one of these private domains - I seem to recall needing to put this in the hosts file on Linux and Windows so it would resolve. Would BIND override this? Thanks!! Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: T-Mobile Home Internet followup
I tried it for about a month. Worked great for work. But then the Earth got hit with a Solar Storm and the service went to crap for a couple days. And that ended my T-Mobile 5G Home Internet relationship. Regards, George Toft On 10/30/2022 3:43 PM, Daniel Stasinski via PLUG-discuss wrote: A while back I gave impressive stats and glowing praise on my switch to T-Mobile Home Internet. It had a few limitations that I had to work around, but it was fast. However, for almost a month now it has dropped to just above T1 speed most of the day and is pretty much useless. I'll be switching back to DSL, which unfortunately is my only other option where I live. *Daniel P. Stasinski* dan...@genericinbox.com ✞ /Jesus Is King /✞ --- PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: software to edit dvds
What I do in the privacy of my own home is none of the Government's business. It's in the Constitution. Not that the Government cares much about that, either. Regards, George Toft On 11/3/2022 9:16 PM, Harold Hartley via PLUG-discuss wrote: Altering a dvd for any reason is against federal law. It displays that on the beginning of the dvd or Blu-ray. On Thu, Nov 3, 2022, at 20:06, Jim via PLUG-discuss wrote: I bought some DVDs recently that have those annoying trailers before the main menu that I can't skip or fast forward to. Is there some llnux software that would let me remove those trailers from a copy I make of one of the DVDs? thanks --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: software to edit dvds
If I had this task, I would rip the DVD then use an editor to cut out the ads. If I were really adventurous, I might even upscale the DVD rip to HD. The more I work with 4K, the more I believe it has its place, but not as an everyday replacement to HD. Regards, George Toft On 11/3/2022 8:06 PM, Jim via PLUG-discuss wrote: I bought some DVDs recently that have those annoying trailers before the main menu that I can't skip or fast forward to. Is there some llnux software that would let me remove those trailers from a copy I make of one of the DVDs? thanks --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Dot Local Domains
Short answer to all of your questions is yes, you can do this. I did it for several years, and it came in really handy when I wanted to control the Internet usage of my pubescent children. I set up DNS locally - I used georgetoft.com and had it split - outside my house (public) only had the simple entries for the A, MX, CNAME records. Inside my house, I included the file server, FTP, web and mail server hosts. Then I set up a DHCP server that issued my DNS server's IP as part of the DHCP response. That way, everyone in the house could access the internal resources. Now when my teenage children got the hormones and thought they knew more than me, I set up two different DHCP configs and used cron to activate one profile in the daytime and a different one at night. To make this work, I turned off DHCP and WiFi on the Internet Gateway and used my own DHCP server and WiFi Access Point, with a TTL of 60 seconds. At the appointed time, the nighttime profile kicked in which only allowed the approved MAC addresses to get a DHCP address, effectively cutting them off from the Internet both by their PC and their phones. They were out of high school before they figured out how to make their phones into hotspots - LOL. As far as running your own mail server - yes you can (and I did for a while), but the effort really isn't worth it. Back when I would get 1 or 2 SPAM per week, and took great delight in tracking down their mail provider and ISP and filing SPAM complaints, but when it ramped up to 50/day, I outsourced it to a provider that managed SPAM blocking. I tried blacklisting entire countries by IP - that helped. I tried subscribing to blacklists - that helped, but in the end, I had more important things to do than spend hours per week managing an email server. Regards, George Toft On 10/29/2022 8:07 AM, Keith Smith via PLUG-discuss wrote: Hi, For some reason .local popped into my head this morning. From what I read it appears I may be able to create an Intranet that has a private domain name such as MyBusiness.local, on a private IP, and I am thinking I can run BIND and make a zone file for this Intranet. In this case, if I am in he local net I can bring it up with MyBusiness.local?? If so then I should be able to add subdomains to the local BIND/zone... So will this private network work like the public Internet? This makes me believe I can create a mail server on this private net for the users of this private net. Not that I want to, however it is interesting. I read that MAC is doing something with the .local domain so it was recommended to use: .test .example .invalid .localhost Would it be possible to create a private network using one of these private TLDs and can I use BIND to control this? How will my browser know to go to my private domain if I use one of these private domains - I seem to recall needing to put this in the hosts file on Linux and Windows so it would resolve. Would BIND override this? Thanks!! Keith --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Gimp
Awesome! Thanks. Regards, George Toft On 9/22/2022 10:53 PM, Brian Cluff via PLUG-discuss wrote: On 9/22/22 12:53, Steve Litt via PLUG-discuss wrote: Another Gimp problem is that its toolbox of tiny icons is actively hostile to those of us with lesser visual accuities Edit -> Preferences Interface -> Icon Theme Change"Guess icon theme from resolution" to "Custom icon size" and crank it up till you can see it. Brian Cluff --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Why am I not receiving any messages frrom plug?
Silly me, I thought this group died because of the lack of emails. Then I looked and there were hundreds of unread emails. Regards, George Toft On 10/20/2022 6:54 PM, joe--- via PLUG-discuss wrote: Why am I not receiving any messages frrom plug? For several weeks, I have not received any email messages from plug. Who do I need to contact or what do I need to do to get this fixed? j...@actionline.com === --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Anyone interested in this...http://www.hercules-390.eu/
I installed it about 10 years ago. Great, so now I have a mainframe, but no OS - to get z/OS required a license and a dongle (license key), but I wasn't going to pay for it. And that is why Linux won the OS wars - it's no-cost and runs on almost everything, so everyone can use it and learn about it. IBM/Kyndryl is so locked up on "pay me to use it" that they've almost lost their entire customer base. Regards, George Toft On 5/8/2022 12:52 PM, greg zegan via PLUG-discuss wrote: The Hercules System/370, ESA/390, and z/Architecture Emulator <http://www.hercules-390.eu/> The Hercules System/370, ESA/390, and z/Architecture Emulator <http://www.hercules-390.eu/> --- PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: 5G
My return experience was abysmal. Tech support told me to take it to the store. The store refused it and said call tech support. 45 minutes on the phone (again), I got a return label and they told me to take it to the store. Yeah, no - I took it to UPS . Regards, George Toft On 4/8/2022 5:24 PM, JD Austin wrote: I rejected TMobile home Internet after having it on for 15m. The wifi router has none of the configuration options you'd expect... no port forwarding or the other wireless router options you'd expect. The only place with a good signal was too far from my office (might work if you can hook it to a mesh network... not sure you can). I sent it back the same day I received it and had a $12 bill. It didn't seem to have consistent speed or latency, but I didn't test it thoroughly. I might try it again in a few years. JD On Fri, Apr 8, 2022, 2:00 PM George Toft via PLUG-discuss wrote: I tested T-Mobile's 5G Home Internet. It suffers from jitter, which is fine for email, web browsing, and streaming services. However, the recent sunspots/CME's wrecked havoc and dumped our VPN (to work) several times. I've determined it is unsuitable for dedicated work at home. Granted, the data flow is going the other direction, stability is important and you may have problems. The technology is still immature. Regards, George Toft On 4/8/2022 10:03 AM, Keith Smith via PLUG-discuss wrote: > > > Verizon is offering 5G that they say will allow me to run a server. > Price point is decent... will add more data to my phone and I will > save $70/month for cellular and Internet. Right now I have Cox > Business that allows me to run one or more servers and provides one IP > with the ability to rent more. > > Anyone using 5G and are you running a server on Verizon 5G? > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: 5G
I tested T-Mobile's 5G Home Internet. It suffers from jitter, which is fine for email, web browsing, and streaming services. However, the recent sunspots/CME's wrecked havoc and dumped our VPN (to work) several times. I've determined it is unsuitable for dedicated work at home. Granted, the data flow is going the other direction, stability is important and you may have problems. The technology is still immature. Regards, George Toft On 4/8/2022 10:03 AM, Keith Smith via PLUG-discuss wrote: Verizon is offering 5G that they say will allow me to run a server. Price point is decent... will add more data to my phone and I will save $70/month for cellular and Internet. Right now I have Cox Business that allows me to run one or more servers and provides one IP with the ability to rent more. Anyone using 5G and are you running a server on Verizon 5G? --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Legacy Networking Gear available
Link to pic of the gear ... https://www.amazon.com/photos/shared/0UJIfadvTD2z-izu1tDsrw.dlN1PGel_zucl3WSWH8PLD Regards, George Toft On 3/13/2022 7:44 PM, George Toft via PLUG-discuss wrote: Wireless routers, 100+ feet of Cat5, cable testers, terminators, maybe a switch, etc. I haven't used the stuff in 9+ years (because that's how long I've lived in this house). It was all good when I packed it. Cost is my standard request of a case of Guinness. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Legacy Networking Gear available
Wireless routers, 100+ feet of Cat5, cable testers, terminators, maybe a switch, etc. I haven't used the stuff in 9+ years (because that's how long I've lived in this house). It was all good when I packed it. Cost is my standard request of a case of Guinness. -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: localhost
Chances are you are not running Apache, so what you observed is normal behavior. Regards, George Toft On 10/9/2021 4:54 PM, Michael via PLUG-discuss wrote: thanks guys. I don't apach or something like that running on my system. I am learning so much! On Sat, Oct 9, 2021 at 7:17 PM Michael Butash via PLUG-discuss <mailto:plug-discuss@lists.phxlinux.org>> wrote: Are you running a local web server on port tcp/80/443, otherwise why connection to localhost? You need a server like apache, nginx, or whatever web server listening on 80/443 for a browser to find a webpage on localhost, which is your system. Otherwise the browser won't find a socket to connect to let alone a web page, which is what it's telling you. ## this will show you anything listening locally on http|https ports and what app did it sudo ss -tpl | grep http ## try to connect if you think you should see an open socket from above, below fails [~]# telnet 127.0.0.1 80 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused No active firewall right? If you wanted to you can limit host access to bind external sockets like 80/443, or whatever to only 127.0.0.0/8 <http://127.0.0.0/8> meaning only local processes can access sockets, not even someone on your local lan. This is a security practice in application cases for high-speed caching or inter-process communications local to this system only. -mb On Sat, Oct 9, 2021 at 12:24 PM Michael via PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote: the browser shows the error as: The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer’s network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. I need to specify a port. Cool. That's all I needed to know. On Sat, Oct 9, 2021 at 3:05 PM James Mcphee via PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote: Regarding the original question of why the browser is saying "problem with address", what is the actual error? Name resolution, connection, cert, etc etc? Those friendly human readable errors leave too much open to interpretation. On Sat, Oct 9, 2021 at 11:59 AM Snyder, Alexander J via PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote: The IP address range *127.0.**0.0 – 127.255.**255.255* is reserved for loopback, i.e. a Host's self-address, also known as localhost address. This loopback IP address is managed entirely by and within the operating system. Thanks, Alexander. Sent from my Samsung S20+ 5G On Sat, Oct 9, 2021, 11:58 greg zegan via PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote: localhost <https://en.wikipedia.org/wiki/Localhost> localhost The local loopback mechanism may be used to run a network service on a host without requiring a physical network... <https://en.wikipedia.org/wiki/Localhost> you need to specify the port number On Saturday, October 9, 2021, 02:29:07 PM EDT, Michael via PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote: Are the addresses for localhost 127.0.0.1 and 127.0.1.1 ? That was a rhetorical question. What isn't rhetorical is why, when I enter either of those addresses into a browser , do I get a 'problem with address' page? Are there -- :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss <https://lists.phxlinux.org/mailman/listinfo/plug-discuss> --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org <mailto:PLUG-discuss@lists.phxlinux.org>
Re: localhost
Do you have a web server running on your local system? Regards, George Toft On 10/9/2021 12:24 PM, Michael via PLUG-discuss wrote: the browser shows the error as: The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer’s network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. I need to specify a port. Cool. That's all I needed to know. On Sat, Oct 9, 2021 at 3:05 PM James Mcphee via PLUG-discuss <mailto:plug-discuss@lists.phxlinux.org>> wrote: Regarding the original question of why the browser is saying "problem with address", what is the actual error? Name resolution, connection, cert, etc etc? Those friendly human readable errors leave too much open to interpretation. On Sat, Oct 9, 2021 at 11:59 AM Snyder, Alexander J via PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote: The IP address range *127.0.**0.0 – 127.255.**255.255* is reserved for loopback, i.e. a Host's self-address, also known as localhost address. This loopback IP address is managed entirely by and within the operating system. Thanks, Alexander. Sent from my Samsung S20+ 5G On Sat, Oct 9, 2021, 11:58 greg zegan via PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote: localhost <https://en.wikipedia.org/wiki/Localhost> localhost The local loopback mechanism may be used to run a network service on a host without requiring a physical network... <https://en.wikipedia.org/wiki/Localhost> you need to specify the port number On Saturday, October 9, 2021, 02:29:07 PM EDT, Michael via PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote: Are the addresses for localhost 127.0.0.1 and 127.0.1.1 ? That was a rhetorical question. What isn't rhetorical is why, when I enter either of those addresses into a browser , do I get a 'problem with address' page? Are there -- :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss <https://lists.phxlinux.org/mailman/listinfo/plug-discuss> --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss <https://lists.phxlinux.org/mailman/listinfo/plug-discuss> --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss <https://lists.phxlinux.org/mailman/listinfo/plug-discuss> -- James McPhee jmc...@gmail.com <mailto:jmc...@gmail.com> --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss <https://lists.phxlinux.org/mailman/listinfo/plug-discuss> -- :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Side Gig Available
I have a project and need some help. Unfortunately, life has gotten in the way and I need someone with PXE Boot and UEFI knowledge. History: I created a PXE Boot server for the customer that delivers an image to the net booted client based on the Linux Terminal Server Project. The client, once booted, mounts the LTSP NFS export for the root filesystem. The start up scripts extract root's homedir on the client (some changes are made on the local system and I don't want that going to NFS). The client then proceeds to erase all hard drives found on the system. It's like DBAN, but it records data for audit purposes. It's been working fine for years. Current problem: Intel has deprecated BIOS in favor of UEFI, so more and more systems come with UEFI instead of Legacy BIOS. I tried to create a PXE Boot image for UEFI with some success. The client downloads the image, but has no network drivers installed, so the LTSP NFS mount doesn't mount. I have a master system with all the drivers installed - I just need to make an image that will boot from UEFI and add it to the PXE Boot server. If anyone can help me with this, please let me know - I'll set up a working lunch/dinner to go over any of the fine details and discuss compensation and NDA. -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Cheap DDR3 memory
Prefer cans :) taking conversation offline... Regards, George Toft On 3/5/2021 5:07 PM, Matt Graham via PLUG-discuss wrote: On 2021-03-04 21:05, George Toft via PLUG-discuss wrote: I have 12 pieces of 4GB DDR3. Can it find a home? Will trade for Guinness. I could use 2 pieces of 4G DDR3, but I will not be able to go pick up any Guinness until tomorrow. Would sir prefer cans, bottles, a mini keg, or extra stout? --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: OT: Off topic ... Hi from an old timer ... plus, a Question
I've had CenturyLink and now have Cox. I would still have CenturyLink if they would have given me a discount when my promotion was up - they refused, so I switched to cox. When I called up to cancel the service and return equipment, they suddenly found a 50% off for 2 years discount code. Too late - that ship sailed. Cox has me so bundled up that to split the video from the Internet from the phone and just go with Cox video and CL internet will cost me more than what I'm paying now, and the Cox video features were better than CL at the time I switched. It was literally like stepping from the 20th century with CL into the 21st Century with Cox. In the end, in my opinion, bandwidth is good, but latency is king, but QoS trumps everything. I have a co-worker who has been having problems with his provider in Prescott Valley. They implemented "a fix" that drops him offline for 23 seconds at 10:00am every day (sounds like rebooting a router). I also know Cox' service seems to vary from neighborhood to neighborhood, and I got lucky as I have had no problems, except bandwidth from my gamer kids who have to download 25-100GB of games every week. Regards, George Toft On 1/26/2021 6:16 PM, Stephen Partington via PLUG-discuss wrote: Streaming media is indeed a set bandwidth, but the headroom that a faster connection gives will hel offset the more bursty downloads without stalling or impacting the streaming content. Having had cox and century link gig fiber century link has been the better experience so far. And for concurrent streams fiber has been far more graceful and I think that the latency was a portion of it. On Tue, Jan 26, 2021, 4:54 PM AZ Pete via PLUG-discuss <mailto:plug-discuss@lists.phxlinux.org>> wrote: I would think hard about upgrading to a "faster" plan. The Wall St. Journal did a study that basically said you gain no advantage for streaming media by upgrading to a faster plan. The WSJ article is behind a pay wall, but this article summarizes the results. https://medium.com/gowander/quick-take-wsj-the-truth-about-faster-internet-its-not-worth-it-c73d79a616b9 <https://medium.com/gowander/quick-take-wsj-the-truth-about-faster-internet-its-not-worth-it-c73d79a616b9> I've been working from home since last March when Covid started. I have two kids. One is in high school who is on Zoom all day for school. The other is streaming Pluralsight/Youtube/Coursera all day doing self-learning to become a software dev. I'm a DBA and am on all kinds of video calls/meetings throughout the day as well as transferring large files to/from my local network. My wife works remotely as well (altho not very many video meetings). In the evening the kids are streaming movies/Youtube/video games/Discord/etc. With all this streaming going on I've never experienced any noticeable lag/dropouts in streaming or video conference calls. However, we consistently *almost* reach our 1.25TB cap each month. I have the Cox "Internet Preferred" plan (100Mb down/10 up). Since we are using a lot more data I'm considering upgrading our data cap (but not the speed). As far as the redundant ISP idea, I too worry about this. But my plan in the event of an ISP outage is to use my mobile phone as a hot spot. It'll work in a pinch to get me by until the outage is resolved. I've only ever experienced short outages with Cox, so having a backup ISP seems like a lot of wasted money in my opinion. But, you have to assess you're own situation and make the decisions that work for you. Something to consider Peter On 1/26/2021 3:49 PM, der.hans via PLUG-discuss wrote: Am 26. Jan, 2021 schwätzte Mike Schwartz so: moin moin Mike, OT: Off topic ... Hi from an old timer ... plus, a Question Please forgive me if I have been "out of radio contact" for too long. Yeah, it's been a while :). I believe both CenturyLink and Cox are offering Gigabit if you're in the right part of town. At least Cox puts a data maximum on it. I believe someone pointed out that a true gigabit connection can hit the monthly maximum in a few hours. I was switching ISPs about the time that the pandemic started, so just kept the old connection. I'm on one connection for dayjob and the family uses the other. Since the pandemic has started both ISPs have had multi-hour outages, so it's been handy to have a spare. Paying for two connections is a lot cheaper than not getting paid due to overloaded bandwidth :). ciao, der.hans (as in ... the "Wolf Brand chili" slogan) (see, e.g., https://duckduckgo.com/?q=%22Wolf+Brand+chili%22+slogan=h_=web <https://duckduckgo.com/?q=%22Wolf+Brand+chili%22+slogan=h_=web> OR ... just cl
Re: Free Parts
Need more Guinness :)
I'll bring them along. I generally work 6am-3pm - what's good for you?
Regards,
George Toft
On 1/24/2021 9:25 PM, Stephen Partington via PLUG-discuss wrote:
And if not taken, the Dell T5600 coolers would be given a good home.
On Sun, Jan 24, 2021 at 9:23 PM Stephen Partington
mailto:cryptwo...@gmail.com>> wrote:
I am at 60 and Mill ave. The most middle point is Glendale Rd and
the 51 or 17.
On Sun, Jan 24, 2021 at 8:59 PM George Toft via PLUG-discuss
mailto:plug-discuss@lists.phxlinux.org>> wrote:
Thanks for the clarification. Wanna meet somewhere? I live at
I-17 & Carefree Hwy.
Regards,
George Toft
On 1/24/2021 11:12 AM, Stephen Partington via PLUG-discuss wrote:
Clarification, the 2 x E5-2680, and the 4x8g modules.
On Sun, Jan 24, 2021 at 11:11 AM Stephen Partington
mailto:cryptwo...@gmail.com>> wrote:
Yes please!
On Sun, Jan 24, 2021 at 10:18 AM George Toft via
PLUG-discuss mailto:plug-discuss@lists.phxlinux.org>> wrote:
Free to good home. Or will accept Guinness.
CPU's
#1: Xeon E5-2619 - two each -
https://ark.intel.com/content/www/us/en/ark/products/64588/intel-xeon-processor-e5-2609-10m-cache-2-40-ghz-6-40-gt-s-intel-qpi.html
<https://ark.intel.com/content/www/us/en/ark/products/64588/intel-xeon-processor-e5-2609-10m-cache-2-40-ghz-6-40-gt-s-intel-qpi.html>
#2: Xeon E5-2680 - two each -
https://ark.intel.com/content/www/us/en/ark/products/64583/intel-xeon-processor-e5-2680-20m-cache-2-70-ghz-8-00-gt-s-intel-qpi.html
<https://ark.intel.com/content/www/us/en/ark/products/64583/intel-xeon-processor-e5-2680-20m-cache-2-70-ghz-8-00-gt-s-intel-qpi.html>
CPU Coolers
Also have the CPU coolers for a Dell T5600.
Memory
8GB 1Rx4 PC3 12800R - 4 pieces
2GB 1Rx8 PC3 12800R - 4 pieces
--
Regards,
George Toft
---
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
<mailto:PLUG-discuss@lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail
settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
<https://lists.phxlinux.org/mailman/listinfo/plug-discuss>
--
A mouse trap, placed on top of your alarm clock, will
prevent you from rolling over and going back to sleep
after you hit the snooze button.
Stephen
--
A mouse trap, placed on top of your alarm clock, will prevent
you from rolling over and going back to sleep after you hit
the snooze button.
Stephen
---
PLUG-discuss mailing list -PLUG-discuss@lists.phxlinux.org
<mailto:PLUG-discuss@lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
<https://lists.phxlinux.org/mailman/listinfo/plug-discuss>
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
<mailto:PLUG-discuss@lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
<https://lists.phxlinux.org/mailman/listinfo/plug-discuss>
--
A mouse trap, placed on top of your alarm clock, will prevent you
from rolling over and going back to sleep after you hit the snooze
button.
Stephen
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Free Parts
Thanks for the clarification. Wanna meet somewhere? I live at I-17 &
Carefree Hwy.
Regards,
George Toft
On 1/24/2021 11:12 AM, Stephen Partington via PLUG-discuss wrote:
Clarification, the 2 x E5-2680, and the 4x8g modules.
On Sun, Jan 24, 2021 at 11:11 AM Stephen Partington
mailto:cryptwo...@gmail.com>> wrote:
Yes please!
On Sun, Jan 24, 2021 at 10:18 AM George Toft via PLUG-discuss
mailto:plug-discuss@lists.phxlinux.org>> wrote:
Free to good home. Or will accept Guinness.
CPU's
#1: Xeon E5-2619 - two each -
https://ark.intel.com/content/www/us/en/ark/products/64588/intel-xeon-processor-e5-2609-10m-cache-2-40-ghz-6-40-gt-s-intel-qpi.html
<https://ark.intel.com/content/www/us/en/ark/products/64588/intel-xeon-processor-e5-2609-10m-cache-2-40-ghz-6-40-gt-s-intel-qpi.html>
#2: Xeon E5-2680 - two each -
https://ark.intel.com/content/www/us/en/ark/products/64583/intel-xeon-processor-e5-2680-20m-cache-2-70-ghz-8-00-gt-s-intel-qpi.html
<https://ark.intel.com/content/www/us/en/ark/products/64583/intel-xeon-processor-e5-2680-20m-cache-2-70-ghz-8-00-gt-s-intel-qpi.html>
CPU Coolers
Also have the CPU coolers for a Dell T5600.
Memory
8GB 1Rx4 PC3 12800R - 4 pieces
2GB 1Rx8 PC3 12800R - 4 pieces
--
Regards,
George Toft
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
<mailto:PLUG-discuss@lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
<https://lists.phxlinux.org/mailman/listinfo/plug-discuss>
--
A mouse trap, placed on top of your alarm clock, will prevent you
from rolling over and going back to sleep after you hit the snooze
button.
Stephen
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
For sale - Dell T430
Dell T430 Went out of warranty March 2019. PROC 2x Xeon E5-2623 v3.0 Procs (2 proc x 4 core x 8 threads = 64 vCPU) RAM 128GB DDR4 RAM Storage 4x 1.2TB 10K SAS drives 4x 3TB 7.2K SATA drives Onboard RAID controller Power 2x 750W hot-pluggable power supplies The Server Monkey price for this box is $2475 (Amazon was over $3,000). I got it in trade for labor and am looking to turn it into truck parts (IG: 4x4zeus and you'll see what I mean). I powered it up to get the CPU specs, memory size, run diagnostics and look at the event log. Box was built in March, 2016, ran until November, 2016, and powered off. It was powered up a few times in 2018 and 2020, but the OS never booted. It has no OS at this time. What a waste - several thousand dollar server just sat for years unused. So it's practically new. Looking at the power supply, there is no video card connection, so this is purely a server - can't use it as a gaming/VR rig. Asking $1500. -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Free Parts
Free to good home. Or will accept Guinness. CPU's #1: Xeon E5-2619 - two each - https://ark.intel.com/content/www/us/en/ark/products/64588/intel-xeon-processor-e5-2609-10m-cache-2-40-ghz-6-40-gt-s-intel-qpi.html #2: Xeon E5-2680 - two each - https://ark.intel.com/content/www/us/en/ark/products/64583/intel-xeon-processor-e5-2680-20m-cache-2-70-ghz-8-00-gt-s-intel-qpi.html CPU Coolers Also have the CPU coolers for a Dell T5600. Memory 8GB 1Rx4 PC3 12800R - 4 pieces 2GB 1Rx8 PC3 12800R - 4 pieces -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Need Network Engineer for Small Project
Taking conversation off list. Regards, George Toft On 1/3/2020 8:39 AM, Herminio Hernandez Jr. wrote: I can meet with you. What is your availability? Sent from my iPhone On Jan 2, 2020, at 6:57 PM, George Toft wrote: Need Network Engineer to consult/guide for a few hours on a small project. Existing: Three node mesh VPN between three locations. Been in-place since 2012. Recently upgraded VPN devices (Linksys LRT-224's) as a part of the next step. However, the VPN device at one node is not the default gateway for that LAN segment - the old device is as it is bound to a public IP address that the customer's customers access by IP address and not name. Added static routes to LAN devices to route traffic to the other two nodes via the VPN device. This has been working since September. This doesn't mean we can't reconfigure if we have to. Next Step: Customer wants two ISP connections using different media. Old ISP is Cox Business. New ISP is CenturyLink. Have installed new devices at office and data center and created second VPN tunnel between these two nodes. Unable to get traffic to reliably use second VPN. I can get the traffic to go down the CenturyLink VPN, but only by configuring the CenturyLink devices with the same IP addresses as the Cox devices. This is OK for an emergency, but not the desired end result. Final step: Get traffic to fail-over from one tunnel to the other when the primary VPN fails. Cox has already notified customer that the cable needs to be replaced and there will be several days of downtime, so this is a certainty. Lots more details to share. Need to show topology. If you're with me at this point, saying "Uh-huh, George, easy stuff" then please email me. I'm willing to pay, so this will get you some fine craft beer, not that free beer. I anticipate a preliminary meeting to discuss requirements, then some on-site working sessions. -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Need Network Engineer for Small Project
Need Network Engineer to consult/guide for a few hours on a small project. Existing: Three node mesh VPN between three locations. Been in-place since 2012. Recently upgraded VPN devices (Linksys LRT-224's) as a part of the next step. However, the VPN device at one node is not the default gateway for that LAN segment - the old device is as it is bound to a public IP address that the customer's customers access by IP address and not name. Added static routes to LAN devices to route traffic to the other two nodes via the VPN device. This has been working since September. This doesn't mean we can't reconfigure if we have to. Next Step: Customer wants two ISP connections using different media. Old ISP is Cox Business. New ISP is CenturyLink. Have installed new devices at office and data center and created second VPN tunnel between these two nodes. Unable to get traffic to reliably use second VPN. I can get the traffic to go down the CenturyLink VPN, but only by configuring the CenturyLink devices with the same IP addresses as the Cox devices. This is OK for an emergency, but not the desired end result. Final step: Get traffic to fail-over from one tunnel to the other when the primary VPN fails. Cox has already notified customer that the cable needs to be replaced and there will be several days of downtime, so this is a certainty. Lots more details to share. Need to show topology. If you're with me at this point, saying "Uh-huh, George, easy stuff" then please email me. I'm willing to pay, so this will get you some fine craft beer, not that free beer. I anticipate a preliminary meeting to discuss requirements, then some on-site working sessions. -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Anyone hiring Linux?
Just got word my team is requesting a Linux Developer type next year. Sticking my thumb in the wind, I'm going to guess Linux system administration would be A Good Thing(TM) - but not the most important thing - and more important is structured programming ability (perl, ksh, bash) and knowing how to reuse code. If I were to add in my own requirements, which I may be able to do, I would have to say a solid understanding of TCP networking, REST protocols, mysql/mariadb basics would be on the list. Toss in some LDAP or Active Directory. Finish it off with fluency in agile and testing methodologies. You could liven it up with test-driven development and really make me smile :) I'll post more when I have the req - probably Feb/March time frame. Regards, George Toft On 9/6/2019 8:01 AM, Seabass wrote: Hello everyone. I am on the job hunt, and am curious if anyone knows places hiring for Linux systems administrators. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Job opening - LDAP
I-17 & 101.
I just found out it's contract-to-hire, and they are making a decision
tomorrow. (That was fast!)
Regards,
George Toft
On 9/12/2018 11:04 PM, Matthew Gibson wrote:
How north valley are we talking George?
On Wed, Sep 12, 2018, 10:06 PM George Toft <mailto:geo...@georgetoft.com>> wrote:
My intel says there is an LDAP position coming up real soon now in
the
North Valley. This position is operational in nature and requires an
understanding of a DIT and how to submit search queries. Also
required
is an understanding of LDAP as implemented in Active Directory. The
team is responsible for overseeing the operation of four different
LDAP
Directories. Experience with Active Directory bridging technology
for
Linux is a definite plus (and may be a requirement). Intense
curiosity
and a willingness to learn are welcomed. Abandoning your myths &
legends and your "eeww - it's Microsoft" prejudice will clearly
help you
here. This is largely supposition based on my knowledge of the team
(and it was my job 4-6 years ago), and is subject to change.
Incumbent
just delivered his 2 weeks notice.
When I get the job req, I'll pass it on. There may be a referral
bonus
- if so, I'll post my work email and share the lootz (but ya gotta
put
my name/email in the job app).
--
Regards,
George Toft
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
<mailto:PLUG-discuss@lists.phxlinux.org>
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Job opening - LDAP
My intel says there is an LDAP position coming up real soon now in the North Valley. This position is operational in nature and requires an understanding of a DIT and how to submit search queries. Also required is an understanding of LDAP as implemented in Active Directory. The team is responsible for overseeing the operation of four different LDAP Directories. Experience with Active Directory bridging technology for Linux is a definite plus (and may be a requirement). Intense curiosity and a willingness to learn are welcomed. Abandoning your myths & legends and your "eeww - it's Microsoft" prejudice will clearly help you here. This is largely supposition based on my knowledge of the team (and it was my job 4-6 years ago), and is subject to change. Incumbent just delivered his 2 weeks notice. When I get the job req, I'll pass it on. There may be a referral bonus - if so, I'll post my work email and share the lootz (but ya gotta put my name/email in the job app). -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
OT: Looking for Network Engineer for Small Project
I have a small VPN project where I need some advice. Any networking folks want to make some beer money? (I'll be out of town the next 4 days, so if I don't respond immediately, do be offended - I'll get back to you on Monday.) -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Grey Beards
I was hired 10 years ago and the interviewer liked the touch of grey - he was looking for someone who had experience and the grey implied wisdom, and that's what he wanted. As I look around my team, I would have to say the bell curve is solidly centered around 55. When I turned 40, that was the kiss of death for IT - that's when I started my [civilian] IT career. Like David said - it's a problem only if you let it. Regards, George Toft On 12/8/2016 8:15 AM, Keith Smith wrote: Hi, If being over 50 in technology is the kiss of death then why not come together and form a business and do contract work? Might be the opportune time given Trump is making sounds like the HB1 is going away. Keith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Dracut help
Here we are, 10 days later, and I found it. DHCP of all things. When I
changed the default lease time on the DHCP server, the freeze time
changed, "coincidentally" to the same value as the lease. Then I found
a Red Hat bug report
(https://bugzilla.redhat.com/show_bug.cgi?id=1256042) with the same
issue and the end result is "it's by design." Ugh. So I changed the
default lease time to a week - now no problems.
Regards,
George Toft
On 12/7/2016 8:55 AM, Brian Cluff wrote:
Is there any common storage they all have write access to? Perhaps
you have a file lock issue.
Brian Cluff
On 12/07/2016 07:00 AM, George Toft wrote:
Round 2 . . .
So in my quest for diskless workstation, I found that if I boot more
than 6 at a time, after 10 minutes uptime, they freeze. Nothing in
/var/log/messages; nothing in the screen. And it's not a full lock -
I can switch from TTY to TTY, but "He's dead, Jim." I can do them in
waves of 6 with 2 minutes in between and that gets 24 up and running
with no problem.
Any ideas?
Regards,
George Toft
On 11/29/2016 11:00 PM, George Toft wrote:
Of course, 5 minutes after I sent this, I got the modules to load
into the initramfs:
[root@localhost tftpboot]# dracut --force -m "network" --add-drivers
"sunrpc.ko `find
/usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
-type f -exec basename {} \;`" drive3testing.img
3.10.0-327.36.3.el7.x86_64
[root@localhost tftpboot]# lsinitrd drive3testing.img | grep ethernet
drwxr-xr-x 22 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
drwxr-xr-x 6 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/alx
-rw-r--r-- 1 root root59805 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/alx/alx.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1c
-rw-r--r-- 1 root root71549 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1c/atl1c.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1e
-rw-r--r-- 1 root root66885 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1e/atl1e.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx
-rw-r--r-- 1 root root64405 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx/atl1.ko
-rw-r--r-- 1 root root55613 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx/atl2.ko
drwxr-xr-x 3 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom
-rw-r--r-- 1 root root58053 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/b44.ko
-rw-r--r-- 1 root root 125461 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2x
-rw-r--r-- 1 root root 1040525 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2x/bnx2x.ko
-rw-r--r-- 1 root root93997 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/cnic.ko
-rw-r--r-- 1 root root 243413 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/tg3.ko
drwxr-xr-x 3 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade/bna
-rw-r--r-- 1 root root 226757 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade/bna/bna.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence
-rw-r--r-- 1 root root18269 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence/at91_ether.ko
-rw-r--r-- 1 root root40797 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence/macb.ko
drwxr-xr-x 2 root root
Re: H1B Visa
Jumping a little late . . "So what if they get paid $10-$20k lower annual salaries?" <-- not even close where I work. How about $60-80K lower? My employer pays Tata Consulting $66K/year for DBA's. They keep 1/3 so the H1B worker gets $44K. That's $22/hr - soon to be just double minimum wage. This H1B worker usually comes with a Master's Degree in Computer Science or similar. Find me one American with a Graduate Degree in Science willing to work for $22/hr. Yes, the struggle is real to find talent [that will work for peanuts]. Almost everyone I know makes more than that, except those in the fast-food industry. So where's the incentive to get a degree? I call it "exploitation." Regards, George Toft On 11/8/2016 10:46 AM, David Schwartz wrote: More propaganda from right-wing pro-corporate anti-American talking heads about a topic they are ill-informed about. (Most Americans have no clue about US immigraion laws.) The recent Defense Appropriations Budget opened the floodgates to H-1B visas, thanks to non-stop lobbying from large US tech firms like Microsoft, Oracle, Apple, Dell, etc. I saw something a while back on cable channel that covers congress, and it was a public meeting of some sort about H-1B issues. Representatives from Microsoft, HP, and some huge consulting firm. One interesting thing they all agreed upon was that their budget for prosecuting each H-1B visa was $50k. This was ONLY for the legal fees! Then there was salary, benefits, relocation, and later on the legal fees and relocation expenses for their family members. Forget about annual salaries for a minute, which I don’t believe are really that much lower for people residing here in America and awaiting permanent residency (green cards). Here’s what job offers for US Citizens would look like if they were comparable to H-1B offers: * $50k hiring bonus (used for legal fees) * Full relocation (from overseas, way more expensive than even across country in USA) * Guaranteed job for 6-10 years (how long it takes for green cards to issue) * Guaranteed on-the-job training for whatever new projects these people are destined to fill during their 6-10 year tenure * Full relocation to other cities that might have projects these people can fill to keep employed * Tacit agreement to never complain, never file any kind of labor actions or lawsuits against the company for any reason at all So what if they get paid $10-$20k lower annual salaries? Would YOU accept a job with these “benefits” for a slightly lower salary like this??? -David Schwartz On Nov 8, 2016, at 10:07 AM, Keith Smith <techli...@phpcoderusa.com> wrote: Hi, While at the polls I talked with a man running for Chandler City Council who told me the H1B Visa was necessary because there are not enough qualified Americans to fill those positions. I do not agree. And if it is true then why, for example, is there no Microsoft University that finds those with the talent and help develop them into the qualified employee they are looking for? It is my understanding M$ is one of the biggest users of the H1B Visa program. This is an example of there not being an shortage. -->> McDonald's lays off 70 American accountants from Ohio and gives their jobs to foreign workers as part of cost-cutting exercise http://www.dailymail.co.uk/news/article-3800381/McDonald-s-lays-70-American-accountants-Ohio-gives-jobs-foreign-workers-cost-cutting-measure.html <https://u2206659.ct.sendgrid.net/wf/click?upn=tzJbcg2o-2FNh3kfIF32sRUZ3KsE0V-2BQQrEXAyVDkZHcUy34DGikx-2F-2FrzJlg9gPr5sgRKhPChSITXAyENVINiHGotNto-2BxEe4aUwuIq7v5xHKeUKqW3qfKSs6MHK9MXWoWqm-2FS37JTSqDixivqIaixnI7r0hC4YLbr4nEeT0PZq3RL4QfjxO6g6VuDcjSd6OMriMV7I5OpJnOBI1YJu997dw-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBegWsuA7zh3riD0qMxgE7DRTo9-2FBOBoEQyUGWhIKKVZx3cbKSxNEvGtTyQod3InADu6n7QXrjzecHph-2B7-2Bh3qSUqc-2BYQkO8ue2cqbHSR-2FVO5yc-2BIhnZm9WdQHAdhbSWYHINqUHwqHEP1FSMMwyWntpkoRfz-2BcG6qdDBJwu0dy-2BGqw-3D> — Keith Smith --- PLUG-discuss mailing list – PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss <https://u2206659.ct.sendgrid.net/wf/click?upn=5DvWGaZUY8Sh5aRLWfQTKYiRLVzunonVk948p8WIzMe-2FXlJ9Cta8w8U9xoku9LrUSHNMJbSd3ZEwH-2BqnW2UHlA-3D-3D_6lpMB7VLnN-2Fj9-2FEErg8-2F-2BMBpb5QxlByTgv2M3fbWD9ebvC-2BWrN3h7jImK8EVWYBegWsuA7zh3riD0qMxgE7DRaykA0zAwuCdFyT8m1bapnhv0-2BDMBuitwiXbVyXCP-2F-2FXk9ecUSWuOftlOJLEht32Cs3dRkT-2FkUGbFKwUVE52CgdrlEHopOV8g4EIcZc0yxcNDIwmgkCjVI-2BKG-2FG6mtEMTuUleHBjQAhB4w8dSqFBqXI-3D> --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, uns
Re: Dracut help
Round 2 . . .
So in my quest for diskless workstation, I found that if I boot more
than 6 at a time, after 10 minutes uptime, they freeze. Nothing in
/var/log/messages; nothing in the screen. And it's not a full lock - I
can switch from TTY to TTY, but "He's dead, Jim." I can do them in waves
of 6 with 2 minutes in between and that gets 24 up and running with no
problem.
Any ideas?
Regards,
George Toft
On 11/29/2016 11:00 PM, George Toft wrote:
Of course, 5 minutes after I sent this, I got the modules to load into
the initramfs:
[root@localhost tftpboot]# dracut --force -m "network" --add-drivers
"sunrpc.ko `find
/usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
-type f -exec basename {} \;`" drive3testing.img
3.10.0-327.36.3.el7.x86_64
[root@localhost tftpboot]# lsinitrd drive3testing.img | grep ethernet
drwxr-xr-x 22 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
drwxr-xr-x 6 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/alx
-rw-r--r-- 1 root root59805 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/alx/alx.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1c
-rw-r--r-- 1 root root71549 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1c/atl1c.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1e
-rw-r--r-- 1 root root66885 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1e/atl1e.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx
-rw-r--r-- 1 root root64405 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx/atl1.ko
-rw-r--r-- 1 root root55613 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx/atl2.ko
drwxr-xr-x 3 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom
-rw-r--r-- 1 root root58053 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/b44.ko
-rw-r--r-- 1 root root 125461 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2x
-rw-r--r-- 1 root root 1040525 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2x/bnx2x.ko
-rw-r--r-- 1 root root93997 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/cnic.ko
-rw-r--r-- 1 root root 243413 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/tg3.ko
drwxr-xr-x 3 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade/bna
-rw-r--r-- 1 root root 226757 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade/bna/bna.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence
-rw-r--r-- 1 root root18269 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence/at91_ether.ko
-rw-r--r-- 1 root root40797 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence/macb.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/calxeda
-rw-r--r-- 1 root root38957 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/calxeda/xgmac.ko
drwxr-xr-x 5 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/chelsio
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/chelsio/cxgb3
-rw-r--r-- 1 root root 242437 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/chelsio
Re: Dracut help
And a couple days later found the easiest way was: dracut --force -m
"nfs nfs4" drive3testing.img `uname -r`
Regards,
George Toft
On 11/29/2016 11:00 PM, George Toft wrote:
Of course, 5 minutes after I sent this, I got the modules to load into
the initramfs:
[root@localhost tftpboot]# dracut --force -m "network" --add-drivers
"sunrpc.ko `find
/usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
-type f -exec basename {} \;`" drive3testing.img
3.10.0-327.36.3.el7.x86_64
[root@localhost tftpboot]# lsinitrd drive3testing.img | grep ethernet
drwxr-xr-x 22 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
drwxr-xr-x 6 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/alx
-rw-r--r-- 1 root root59805 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/alx/alx.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1c
-rw-r--r-- 1 root root71549 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1c/atl1c.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1e
-rw-r--r-- 1 root root66885 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atl1e/atl1e.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx
-rw-r--r-- 1 root root64405 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx/atl1.ko
-rw-r--r-- 1 root root55613 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/atheros/atlx/atl2.ko
drwxr-xr-x 3 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom
-rw-r--r-- 1 root root58053 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/b44.ko
-rw-r--r-- 1 root root 125461 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2x
-rw-r--r-- 1 root root 1040525 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/bnx2x/bnx2x.ko
-rw-r--r-- 1 root root93997 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/cnic.ko
-rw-r--r-- 1 root root 243413 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/broadcom/tg3.ko
drwxr-xr-x 3 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade/bna
-rw-r--r-- 1 root root 226757 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/brocade/bna/bna.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence
-rw-r--r-- 1 root root18269 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence/at91_ether.ko
-rw-r--r-- 1 root root40797 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/cadence/macb.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/calxeda
-rw-r--r-- 1 root root38957 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/calxeda/xgmac.ko
drwxr-xr-x 5 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/chelsio
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/chelsio/cxgb3
-rw-r--r-- 1 root root 242437 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/chelsio/cxgb3/cxgb3.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/chelsio/cxgb4
-rw-r--r-- 1 root root 343149 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/che
Re: Dracut help
-- 1 root root 508133 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/sfc/sfc.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/smsc
-rw-r--r-- 1 root root44309 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/smsc/epic100.ko
-rw-r--r-- 1 root root48869 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/smsc/smsc9420.ko
drwxr-xr-x 2 root root0 Nov 29 22:26
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/ti
-rw-r--r-- 1 root root57581 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/ti/tlan.ko
[root@localhost tftpboot]#
Still doesn't work - getting this error:
localhost.localdomain dracut-initqueue[240]: RTNETLINK answers: File exists
and only loopback network is up. 3 minutes later, it drops me into the
dracut emergency shell.
Thoughts?
Regards,
George Toft
On 11/29/2016 10:17 PM, George Toft wrote:
OS: CentOS 7
I'm building an image for a diskless workstation, and it turns out
about 25% of the clients don't work (great description).
The problem is the laptop NIC hardware. What I found works are the
older laptops that use the e1000 NIC, but some newer ones don't work -
they are using something else. I tried to create the initramdisk
using dracut:
dracut --force -m "nfs network base" drive3testing.img
3.10.0-327.36.3.el7.x86_64
and when I look at the modules included, I get:
[root@localhost tftpboot]# lsinitrd drive3testing.img | grep ethernet
drwxr-xr-x 4 root root0 Nov 29 21:54
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
drwxr-xr-x 3 root root0 Nov 29 21:54
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/intel
drwxr-xr-x 2 root root0 Nov 29 21:54
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/intel/e1000e
-rw-r--r-- 1 root root 389989 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/intel/e1000e/e1000e.ko
drwxr-xr-x 2 root root0 Nov 29 21:54
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/realtek
-rw-r--r-- 1 root root51205 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/realtek/8139cp.ko
-rw-r--r-- 1 root root68877 Oct 24 09:50
usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/realtek/8139too.ko
[root@localhost tftpboot]#
yet the number of ethernet kernel modules are far greater:
[root@localhost tftpboot]# find
/usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
-type f -exec basename {} \;
alx.ko
atl1c.ko
atl1e.ko
atl1.ko
atl2.ko
b44.ko
bnx2.ko
bnx2x.ko
cnic.ko
tg3.ko
bna.ko
at91_ether.ko
macb.ko
xgmac.ko
cxgb3.ko
cxgb4.ko
cxgb4vf.ko
enic.ko
de2104x.ko
de4x5.ko
dmfe.ko
tulip.ko
uli526x.ko
winbond-840.ko
xircom_cb.ko
dnet.ko
be2net.ko
ethoc.ko
ipg.ko
e1000.ko
e1000e.ko
fm10k.ko
i40e.ko
i40evf.ko
igb.ko
igbvf.ko
ixgbe.ko
ixgbevf.ko
jme.ko
mvmdio.ko
skge.ko
sky2.ko
mlx4_core.ko
mlx4_en.ko
mlx5_core.ko
myri10ge.ko
pch_gbe.ko
netxen_nic.ko
qla3xxx.ko
qlcnic.ko
qlge.ko
8139cp.ko
8139too.ko
r8169.ko
sfc.ko
epic100.ko
smsc9420.ko
tlan.ko
[root@localhost tftpboot]#
So I thought I found the answer, and shoved that list into the dracut
command like so:
[root@localhost tftpboot]# dracut --force -m "nfs network base `find
/usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet
-type f -exec basename {} \;`" drivewipe3testing.img
3.10.0-327.36.3.el7.x86_64
dracut module 'alx.ko' cannot be found or installed.
dracut module 'atl1c.ko' cannot be found or installed.
dracut module 'atl1e.ko' cannot be found or installed.
dracut module 'atl1.ko' cannot be found or installed.
dracut module 'atl2.ko' cannot be found or installed.
dracut module 'b44.ko' cannot be found or installed.
dracut module 'bnx2.ko' cannot be found or installed.
dracut module 'bnx2x.ko' cannot be found or installed.
dracut module 'cnic.ko' cannot be found or installed.
dracut module 'tg3.ko' cannot be found or installed.
dracut module 'bna.ko' cannot be found or installed.
dracut module 'at91_ether.ko' cannot be found or installed.
dracut module 'macb.ko' cannot be found or installed.
dracut module 'xgmac.ko' cannot be found or installed.
dracut module 'cxgb3.ko' cannot be found or installed.
:
dracut module 'epic100.ko' cannot be found or installed.
dracut module 'smsc9420.ko' cannot be found or installed.
dracut module 'tlan.ko' cannot be found or installed.
[root@localhost tftpboot]#
I even tried to just list the directory name like so:
[root@localhost tftpboot]# dracut --force -m "nfs network base `find
/usr/lib/modules/3.10.0-32
Dracut help
el/e1000e/e1000e.ko drwxr-xr-x 2 root root0 Nov 29 22:04 usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/realtek -rw-r--r-- 1 root root51205 Oct 24 09:50 usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/realtek/8139cp.ko -rw-r--r-- 1 root root68877 Oct 24 09:50 usr/lib/modules/3.10.0-327.36.3.el7.x86_64/kernel/drivers/net/ethernet/realtek/8139too.ko [root@localhost tftpboot]# Listing of /etc/dracut.conf (space-saving mode - comments left out): [root@localhost tftpboot]# grep -v "^#" /etc/dracut.conf | grep -v "^$" add_dracutmodules+="nfs" [root@localhost tftpboot]# What am I doing wrong? -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Need excellent admin with perl/bash scripting skills looking for more than being an SA
BCC Recipients - take for action or disseminate to interested parties. This is an operations/engineering role (system administration is about 5%) - you'll be in the thick of IT, solving problems many people/companies have never seen before. On-call rotation is oneweek long with several people sharing the duties. Pay is good and benefits are awesome (1:1 matching 401K, shit-ton of vacation/sick, legal plan, medical, dental, yada yada yada). This is a high-performing team - if "average" or "flying under the radar" is your thing, delete this email. If you can justify a risk with solid metrics and research, use the link below. And the architect is a jerk - no wait, I didn't say that. Need good attitude, no jade, snarkiness a plus. If your mindset is "That's the way we've done it" or "How do you want your sandwich" then delete this email. If you want to make things better and help design the menu, use the link below. If you can debate a position with facts and credible references, use the link below. If you can't separate your feelings from a risk-based business decision, delete this email. Let me emphasize, Perl and bash scripting are critical. If you can demonstrate any other structured programming language proficiency and have the Sam's book "Learn Perl in 21 Days," then RTFM and use the link below. We use a language that is very Perl-esque and bash. Linux sysadmin experience a must. If chmod 777 is how you solve file access problems, delete this email. If you need Gnome, delete this email - run level 3, baby! If you don't know why /var and /tmp should be on their own file systems and not a part of /, delete this email. Good to know the basics of systemd (go watch the YouTube video) - System V init is so yesterday. When to use a daemon versus xinetd is a good concept to understand. One of the interviewers (the jerk) has a reputation of interrogating, not interviewing. Can't take the heat, stay out of the kitchen, and delete this email. This is a bank - drug test, background check. If you're on the pipe, delete this email. Many team members are former military - if that mindset bothers you, delete... or, if you want to know what "adapt, improvise, overcome" means in the InfoSec world, use the link below. We solve problems, forge new pathways. Failure is not an option. "Can't" is not in our vocabulary. "I don't know" is the wrong answer - "I'll have that for you tomorrow" is better. "I'll have that for you in a few minutes" is best. Feel free to email me directly for any questions about the position. If you made it this far, you're either the nutcase we're looking for and laughing your ass off, or have your finger poised above the delete key hoping it gets better. And if you think the above is hard-core...delete. HR hint: make sure your resume has the same keywords in it as the job description - failure to comply will filter your resume to /dev/null.Seen it done. (or not) Go here: https://jobs.americanexpress.com/jobs/16015188/Information+Security+Analyst?lang=en-US Put in "george.t...@aexp.com" for the referral - we'll party together if there's a referral bonus. Cheers! George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Interesting job . . .
Never a dull day and every day is different. If you know the difference between a CN and a DN in LDAP, this job might be for you. https://jobs.americanexpress.com/jobs/15020436/Phoenix-Arizona-Information-Security-Specialist-Directory-Services-UNIX?lang=en-US There's a referral bonus and I'm not selfish :) Put george.t...@aexp.com as the person who referred you. -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Read Errors on USB Drive
There is a special version of dd that will retry on bad sectors and try to formulate a best guess for the bad sector. I've used it with some success - took about 2 weeks to recover a 300GB drive. I also had to keep it refrigerated. Regards, George Toft On 12/19/2015 9:32 AM, Stephen Partington wrote: There is an application called test disk that might be handy for data recovery. But this looks like your drive is in bad shape. On Dec 19, 2015 9:25 AM, "Mark Phillips" <m...@phillipsmarketing.biz <mailto:m...@phillipsmarketing.biz>> wrote: I have a 2 TB WD USB drive that I formated with NTFS. I have a rather extensive movie/TV library on it for my plex media server, and I am getting read errors. I hope I haven't lost all of that data! It has been attached to one of my Netgear wireless access points, hence the need for NTFS. fdisk -l gives for the drive /dev/sdc1 2048 3906963455 19534807047 HPFS/NTFS/exFAT I tried running smartctl on the device, (which is now plugged into a usb 3.0 port on my laptop) and got this error after a few tests SMART Self-test log structure revision number 1 Num Test_DescriptionStatus Remaining LifeTime(hours) LBA_of_first_error # 1 Short offline Completed: read failure 90% 10086 494859396 # 2 Extended offlineCompleted: read failure 90% 10073 494859396 # 3 Extended offlineCompleted: read failure 90% 10072 494859396 # 4 Short offline Completed: read failure 90% 10072 494859396 I noticed this in the attributes section of smartctl - Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x002f 200 200 051Pre-fail Always - 122 3 Spin_Up_Time0x0027 202 200 021Pre-fail Always - 4891 4 Start_Stop_Count0x0032 100 100 000Old_age Always - 464 5 Reallocated_Sector_Ct 0x0033 200 200 140Pre-fail Always - 0 7 Seek_Error_Rate 0x002e 100 253 000Old_age Always - 0 9 Power_On_Hours 0x0032 087 087 000Old_age Always - 10086 10 Spin_Retry_Count0x0032 100 100 000Old_age Always - 0 11 Calibration_Retry_Count 0x0032 100 253 000Old_age Always - 0 12 Power_Cycle_Count 0x0032 100 100 000Old_age Always - 40 192 Power-Off_Retract_Count 0x0032 200 200 000Old_age Always - 17 193 Load_Cycle_Count0x0032 198 198 000Old_age Always - 6187 194 Temperature_Celsius 0x0022 121 102 000Old_age Always - 31 196 Reallocated_Event_Count 0x0032 200 200 000Old_age Always - 0 197 Current_Pending_Sector 0x0032 200 200 000Old_age Always - 31 198 Offline_Uncorrectable 0x0030 100 253 000Old_age Offline - 0 199 UDMA_CRC_Error_Count0x0032 200 200 000Old_age Always - 0 200 Multi_Zone_Error_Rate 0x0008 100 253 000Old_age Offline - 0 Any thoughts on how I can fix this drive, or do I need to get a new one? What is the best way to copy the contents of the drive with these errors to a new drive? Thanks! Mark --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org <mailto:PLUG-discuss@lists.phxlinux.org> To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
OT: LDAP Engineer position in Linux environment [North Valley]
Came across this . . . https://jobs.americanexpress.com/jobs/15007430/Phoenix-Arizona-IT-Risk-Information-Security-Analyst-Directory-Services-Operations?lang=en-US George --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: file-integrity monitoring
AIDE works well, and comes on the CentOS distribution. caveats: Must have SELinux in Permissive/Enforcing, and they recommend having the database stored on removable media. I have AIDE on all my servers and run aide --check every day with an alert if the result is not ok. Regards, George Toft On 3/5/2015 4:17 PM, Keith Smith wrote: Hi, I am in the final steps of an annual Payment Card Industry compliance process. I have two CentOS servers that require file-integrity monitoring or change-detection. I was looking at Tripwire and it is not open source which is what I expected it to be and there are some complaints of it being difficult to configure, employee turnover, etc. Thank you in advance for any suggestions. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Determine when, by who, a centos 6 package was installed.
ls -lc might give you better insight on package install time. Also rpm -qa | grep git, then rpm -qi package name Regards, George Toft On 12/31/2014 6:13 AM, Keith Smith wrote: Hi, I am trying to determine who installed GIT and when GIT was installed and what repository it came from. The date stamp on /usr/share/git-core says Oct 31 16:55. The server did not exist until early November. Thanks!! Keith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Best way to keep up with server vulnerabilities
I subscribe to Red Hat's security bulletins. I used to have a grey-hat friend who would tell me about problems before it was ever reported, but that was years ago. https://www.redhat.com/mailman/listinfo/enterprise-watch-list Regards, George Toft On 10/29/2014 9:37 AM, Keith Smith wrote: Hi I normally do not pay much attention to vulnerabilities since I am a LAMP developer. I now need to and am looking for a simple way to keep up without spending a lot of time doing so. Your thoughts are much appreciated. Thanks! Keith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: How smart is S.M.A.R.T.?
Credible - hmmm - all I have is the vendor's assertion the drives were new from Seagate. Times two vendors. For you WD fans out there - I just had 4 WD Enterprise drives fail on me in the past month (out of 18 in two arrays). They were all dated Nov 2010 - that should give you an indication how long they last under 24x7x365 use in a data center. Regards, George Toft On 10/17/2014 8:43 AM, techli...@phpcoderusa.com wrote: If you have credible evidence that Seagate is selling used Hitachi drives as new and under their label I'm sure your State Attorney General would like to hear from you. On 2014-10-17 10:08, George Toft wrote: How many [thousand] hours on the drive? I think you're gambling if you have more than 26,000 hours (3 years) and ESPECIALLY if it's really a Hitachi drive. Seagate bought Hitachi recently, and from what I've seen, are selling used Hitachi drives as new Seagate drives - check the model number and the run hours! Hard drives are killing me this year - I've spent over 80 hours in rework because of failed drives - especially with Seatachi drives (see above). 80 hours of rework at no pay is a painful lesson. Regards, George Toft On 9/11/2014 4:06 PM, parabell...@yahoo.com wrote: Greetings! I have a 500GB Seagate ST3500312CS SATA drive salvaged from a decommissioned DVR. The DVR's OS said SMART status OK. The latest Seatools disk utility from the Seagate website says the drive is A-OK (short test, long test, full erase, re-test) no errors found. However, the Gnome disk utility in Mint 17 says 'Threshold not exceeded' and 'Disk is OK, 178 bad sectors'. Some other SMART attributes displayed: ID1Read Error Rate: 152141757 ID5 Reallocated Sector Count: 178 sectors ID187 Reported Uncorrectable Errors: 0 sectors ID198Uncorrectable Sector Count: 0 sectors ID199UDMA CRC Error Rate: 0 GSmart Control 0.8.7 is reading the same thing, 178 sectors, but also says it's OK. running an e2fsck from gparted reports 0 bad blocks. I've also retested in another machine with different cables to minimize the possibility of bogus hardware or BIOS issues, but the results remain the same. Seagate's website has a FAQ that says their tools should be the final say as they're designed to work correctly with their drives. Normally a bad sector or two wouldn't bother me, I have drives that have been running for years like that. I just keep backups fresh and check for bad sector growth. A few bad sectors is within spec and that's why HDD's have a reserved area. Yet somehow 178 sectors seems like a lot. Should I trust this drive for anything more than a paperweight? Should I trust anything with the words 'smart', 'affordable', or 'free' in the name? ;] Thanks! --Kenn --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Co-Location providers in Phoenix.
8 years ago I rented a physical server for $25/month and had full root access. You should be able to find similar deals out there. Regards, George Toft On 10/19/2014 10:38 PM, Wayne Davis wrote: I've been toying with the idea of setting up a server CoLo. Who is the least expensive? --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Co-Location providers in Phoenix.
I have a client who has 1/2 rack in Phoenix NAP. From my perspective, PNAP's physical security is very good, their network connectivity is excellent, and their customer service is pretty good, too. Just beware the PDU takes up 1U of your space. Fortunately, it's not full depth, so you can use the front side for something else that's not too deep, like a switch or firewall . . . it you're tight for space :) Regards, George Toft On 10/19/2014 10:40 PM, Sesso wrote: Phoenix nap is 300$ a month for a 1/4 rack. Sent from my iPhone On Oct 19, 2014, at 10:38 PM, Wayne Davis wayda...@centurylink.net wrote: I've been toying with the idea of setting up a server CoLo. Who is the least expensive? --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: How smart is S.M.A.R.T.?
How many [thousand] hours on the drive? I think you're gambling if you have more than 26,000 hours (3 years) and ESPECIALLY if it's really a Hitachi drive. Seagate bought Hitachi recently, and from what I've seen, are selling used Hitachi drives as new Seagate drives - check the model number and the run hours! Hard drives are killing me this year - I've spent over 80 hours in rework because of failed drives - especially with Seatachi drives (see above). 80 hours of rework at no pay is a painful lesson. Regards, George Toft On 9/11/2014 4:06 PM, parabell...@yahoo.com wrote: Greetings! I have a 500GB Seagate ST3500312CS SATA drive salvaged from a decommissioned DVR. The DVR's OS said SMART status OK. The latest Seatools disk utility from the Seagate website says the drive is A-OK (short test, long test, full erase, re-test) no errors found. However, the Gnome disk utility in Mint 17 says 'Threshold not exceeded' and 'Disk is OK, 178 bad sectors'. Some other SMART attributes displayed: ID1 Read Error Rate: 152141757 ID5 Reallocated Sector Count: 178 sectors ID187 Reported Uncorrectable Errors: 0 sectors ID198 Uncorrectable Sector Count: 0 sectors ID199 UDMA CRC Error Rate: 0 GSmart Control 0.8.7 is reading the same thing, 178 sectors, but also says it's OK. running an e2fsck from gparted reports 0 bad blocks. I've also retested in another machine with different cables to minimize the possibility of bogus hardware or BIOS issues, but the results remain the same. Seagate's website has a FAQ that says their tools should be the final say as they're designed to work correctly with their drives. Normally a bad sector or two wouldn't bother me, I have drives that have been running for years like that. I just keep backups fresh and check for bad sector growth. A few bad sectors is within spec and that's why HDD's have a reserved area. Yet somehow 178 sectors seems like a lot. Should I trust this drive for anything more than a paperweight? Should I trust anything with the words 'smart', 'affordable', or 'free' in the name? ;] Thanks! --Kenn --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
OT: Re: Why the police are listening to your calls and why Congress won't stop them
I love how the media blames the law for not keeping up with technology. If the law said Thou shalt not monitor citizen's communications except with a warrant signed by a judge accompanied by articulate probable cause it wouldn't matter about the tech used - monitoring, whether by tapping a wire, or MitM cell tower attacks is still monitoring. The problem is the law is purposely written to be obsolete, which ensures the law makers have a job in the future. Regards, George Toft On 9/4/2014 8:27 AM, techli...@phpcoderusa.com wrote: This is LOCAL Gov. Notice how they hide that they have this equipment. They are forced to sign a non-disclosure. http://www.dailydot.com/opinion/police-listening-calls-congress-wont-stop/ Keith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: firewall
It was in /var/log/messages. Regards, George Toft On 9/1/2014 4:44 PM, Michael Havens wrote: What logs would record that stuff? I want to see! :-)~MIKE~(-: On Wed, Aug 27, 2014 at 7:32 AM, Bob Elzer bob.el...@gmail.com mailto:bob.el...@gmail.com wrote: My question would be, how many times a day does someone try to break into your system ? If you don't know the answer then maybe you should be running a firewall. It really depends on whether your network is secure or not, usually what secures your network is a firewall. If that's the one on your router then that should be enough. Looking in your log files for strange IP's and failed password attempts will let you know if people are trying to get in, if you're running a web server look in the error logs for attempts to access non existing files, usually a bunch from the same IP. Windows may have more vulnerabilities, but they will still try to break into Linux systems. Search and read about fail2ban, that's one tool to use when you need to have a service open to the internet. Hope this helps On Aug 26, 2014 8:15 PM, Michael Havens bmi...@gmail.com mailto:bmi...@gmail.com wrote: I hear people say, Even Linux users need a firewall. My question is. why? I've runlinux since '98 w/o a firewall (aside from the one sent with my modem/router). Isn't that good enough? :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: firewall
Because I had outgoing rules defined, I actually found out I had an infected Windows 98 box (yeah - long time ago). Said Win98 box was running a leading AV program and was infected by one of the most popular viruses. This event boosted my faith in outbound monitoring and destroyed my faith in AV products. Regards, George Toft On 8/27/2014 9:39 AM, Lisa Kachold wrote: The most important thing you can do is FIREWALL outbound traffic as well as inbound. It's a great deal of work, but clearly nepharious traffic will be dropped. On Wed, Aug 27, 2014 at 7:32 AM, Bob Elzer bob.el...@gmail.com mailto:bob.el...@gmail.com wrote: My question would be, how many times a day does someone try to break into your system ? If you don't know the answer then maybe you should be running a firewall. It really depends on whether your network is secure or not, usually what secures your network is a firewall. If that's the one on your router then that should be enough. Looking in your log files for strange IP's and failed password attempts will let you know if people are trying to get in, if you're running a web server look in the error logs for attempts to access non existing files, usually a bunch from the same IP. Windows may have more vulnerabilities, but they will still try to break into Linux systems. Search and read about fail2ban, that's one tool to use when you need to have a service open to the internet. Hope this helps On Aug 26, 2014 8:15 PM, Michael Havens bmi...@gmail.com mailto:bmi...@gmail.com wrote: I hear people say, Even Linux users need a firewall. My question is. why? I've runlinux since '98 w/o a firewall (aside from the one sent with my modem/router). Isn't that good enough? :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Revisionist history?
Nowhere in the article does it say Microsoft wrote/created MS-DOS. The only error I can see in there is that MS-DOS did not ship on IBM PC's in 1981. It was just called DOS - MS-DOS came out with version 2 when Microsoft changed the OS to a license model and then deployed their own for the clones. My memory may be getting a bit scrambled as that was over 30 years ago. Regards, George Toft On 7/30/2014 2:36 PM, techli...@phpcoderusa.com wrote: I just read a bit of it and it appears to be not as factual as when others are saying. For instance M$ did not create DOS. They bought it. On 2014-07-30 15:22, Michael Havens wrote: http://windows.microsoft.com/en-US/windows/history#T1=era0 [1] :-)~MIKE~(-: Links: -- [1] http://windows.microsoft.com/en-US/windows/history#T1=era0 --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: CentOS 6.x and CentOS 7 upgrade path and testing PHP on current and future versions.
Hi Keith, I have solid word from Red Hat that each minor rev to their major releases are 100% binary compatible, and yes, they lock the version numbers for the entire release. If you look at the RH version numbers, you'll see something like this: 5.3.3-27.el6_5 Everything after the dash is Red Hat's patch. So even after they backport a fix, the version (5.3.3) remains the same, but the patch number increases. So in this case, this is the 27th Red Hat patch to PHP 5.3.3. I had fun with that when this high-falutin' Washington DC Beltway Bandit risk assessment team came rolling in to do an assessment. They grabbed the SSL banner (0.9.8 something) off some web servers and called an OMG emergency meeting with the system administrators and management about why we're running outdated versions of Apache and SSL. After they presented their findings they all looked at me, and I said flatly We don't use Apache here. We use IHS. (IBM HTTP Server - based on Apache, but with IBM secret sauce.) You could have heard a pin drop as they huddle and whisper and look silly. Yeah, that was fun. They hate me. They should have done their research and asked a couple questions first. Oh well. Then I had to research the SSL thing and show the Red Hat Errata demonstrating the old version of SSL was patched against known vulnerabilities. As far as Centos and RHEL, I don't know why you assume CentOS would be a year or two later than RHEL. This article indicates CentOS will be tightly coupled and more fluid than RHEL: http://www.zdnet.com/red-hat-reveals-centos-plans-727812/ However, there's a firewall between RHEL and CentOS developers. The net effect is that CentOS will continue to lag a bit behind RHEL in releases. Even so, CentOS releases will be coming out on RHEL heels rather than weeks or months behind. I'm amused that you are trying to plan 6-10 years out in the IT field. /sarcasm Regards, George Toft On 5/6/2014 10:23 AM, keith smith wrote: Hi, I want to test some PHP code on future versions of PHP / MySql / MariaDB. I'm running CentOS 6.5 that installs php 5.3.3-27 which is at it's end of life. It is my understanding RHEL 6.x will always be using PHP 5.3. Is that correct? RHEL will be supported until Nov of 2020. That is a long time to be running a PHP version that is at end of life. I understand RH will back port any bug or security fixes to PHP 5.3 (which actually breaks the version numbering system). It is my understanding RHEL will be based on Fedora 19. I am downloading Fedora 19 now. I assume testing on Fedora 19 will get me in the ball park for RHEL 7. RHEL 7 will come with MariaDB as it's default DB. I assume I will not see RHEL 7 in the form of CentOS 7 for year or two? I assume there will be several more releases of RHEL 6 since it will be supported for over 6 more years. If I plan to stay with CentOS 6.x and if it will use the same MySql and PHP versions until end of life and if RHEL/CentOS 7 will be based on Fedora 19, I assume that is the only configurations I need to test on and I assume that will take me through 6 to 10 years. Is this a fair expectation and a valid plan? Any feed back and advice is much appreciated. Thanks!! Keith --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: OT- What I got today
Too funny - getting spam from a country that doesn't even exist. Regards, George Toft On 4/27/2014 9:43 PM, Michael Havens wrote: yipee! I got my first foreign spam today from persia! :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: Off Topic Server recommendations
I manage an HP server for a small company and it has an ILO (Dell calls it a DRAC). If you never want to set foot in the company (AKA, work in your pajamas), setting up the ILO is awesome. Even if the box is going through reboot, or you're stuck in maintenance mode (the infamous Press ^D to continue startup message) and SSHD isn't even running, the ILO gives you the console over TCP/IP and you can do everything from ILO. I think you can even power off/on the server from ILO. I'm pretty sure I'll never buy another server for a customer without it. Regards, George Toft On 4/7/2014 7:01 PM, Nadim Hoque wrote: I just want to get your experiences regarding server purchases. The server is meant for a small business with about 10+ people and does not need to be utilized 24/7. I was wondering if I should build my own or go with and OEM such as dell. I would consider HP but I do like Dell's direct to purchase/customization but I am free for suggestions. I was thinking an Xeon E3 quad core, about 8gb of ram, 4 500gb hard drives and that should be about it. I am thinking about building my own because a lot of the server boards come with IPMI support and the Dell model I was looking at was the T1102 which does not inlcude IPMI what so ever. Thanks for taking the time. -- Nadim Hoque --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
OT: Need MS Exchange help
Pretty far off topic, but there are lots of smart people here :) I have a client that has an Exchange server that also is an open relay as determined by http://www.mailradar.com/openrelay/. They route all their incoming/outgoing email through mxlogic for anti-virus/phishing removal and about 5 days ago, they started sending out 2000+ phishing emails per hour. Needless to say, mxlogic shut down their outgoing email. I did an open relay test (see above) and got back 3 failures out of 18 tests. This is impacting their business and they need help NOW. Anyone care to help out? Anyone know someone that can help? This is not a gratis gig - they will pay. -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Speaking of quad cores . . .
I have an AMD quad core box for free - it was my VMware server. 4GB RAM, AMD Phenom X4 @1.8GHz, no hard drive, tower case, Gateway brand. -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: beowulf cluster
I built a mosix cluster about 12 years ago - much kernel re-compiling - and then I found out my workload was single-threaded - oops :) Regards, George Toft On 3/20/2014 12:59 PM, Michael Havens wrote: well if you Google beowulf cluster you will find the first one i had learned about. but there are a number of options out there. the main thing is once you have it set up you need to figure out what you will do with it. and that is where it gets interesting because you then usually have to build and design a workload for it. :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: bitcoin mining
I just bought two HP DL 380 G5's for a project. Server cost was under $500 for 32GB RAM, two quad core XEON CPU's, and four 73GB SAS drives with hardware RAID in a 2U package. That's 8 real cores of processing for $300 and they were quiet, too - it didn't sound like a turbine engine like most servers. At this point, I would shop for 3 year old hardware coming off lease rather than building a cluster. Just a thought. Regards, George Toft On 3/19/2014 2:51 PM, Michael Havens wrote: actually I have another use for the hardware if the bit coins become worthless so I am not overly concerned. :-)~MIKE~(-: On Wed, Mar 19, 2014 at 2:43 PM, Brian Cluff br...@snaptek.com mailto:br...@snaptek.com wrote: Look into ASIC based bitcoin mining it's way way way faster than using standard computers to do the mining. That being said, I would wait a little while and see how bitcoin plays out. It's on rocky ground right now and you might find that you have purchased a bunch of hardware and burned a ton of electricity to mine a bitcoin that turns out to be worthless. Brian On 03/19/2014 02:35 PM, Michael Havens wrote: what I'm thinking of doing is buying a bunch of used computers and turning them into a super-computer and using that for the bit-coin mining. What is super-computerizing called? :-)~MIKE~(-: On Mon, Mar 17, 2014 at 5:29 PM, Michael Havens bmi...@gmail.com mailto:bmi...@gmail.com mailto:bmi...@gmail.com mailto:bmi...@gmail.com wrote: how do I get involved with this? Any pointers... how-tos? :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: beowulf cluster
I would use whatever distribution offers the best community forum (support). I like Red Hat / Fedora (no distro war!!!) because so many people use it, someone has usually solved my problem and I just need to google for it. In my Mosix cluster, I only had to recompile the kernels and rpm install them on the other systems (plus NFS setup, IIRC). I think Linux from scratch would make your build time much much longer. Regards, George Toft On 3/21/2014 6:36 AM, Michael Havens wrote: would using it to compile linux from scratch be a good use for it? :-)~MIKE~(-: On Fri, Mar 21, 2014 at 2:23 AM, eric oyen eric.o...@gmail.com mailto:eric.o...@gmail.com wrote: um Yeah! I would certainly call that a big OPS!. Still, we have far better code today than 12 years ago. -eric On Mar 21, 2014, at 12:04 AM, George Toft wrote: I built a mosix cluster about 12 years ago - much kernel re-compiling - and then I found out my workload was single-threaded - oops :) Regards, George Toft On 3/20/2014 12:59 PM, Michael Havens wrote: well if you Google beowulf cluster you will find the first one i had learned about. but there are a number of options out there. the main thing is once you have it set up you need to figure out what you will do with it. and that is where it gets interesting because you then usually have to build and design a workload for it. :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org mailto:PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: need help with RAID1 EFI GPT disks
/mnt/raid mount: wrong fs type, bad option, bad superblock on /dev/md0, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so [root@localhost ~]# But this is wrong - sdc1 is 200MB boot partition, but it proves the command works :) - It seems like I may be able to mount /dev/sdc3 if I can correct the size. Thoughts? Regards, George Toft On 2/2/2014 10:47 AM, Brian Cluff wrote: If it's a RAID 1 you shouldn't need to assemble it to get your data, just mount the raid partition directly read only and copy your data off to somewhere else. You should be able to do something like: mount --read-only /dev/sdb1 /mnt or if the above one doesn't work: mount --read-only /dev/sdc1 /mnt The other possibility you could try sounds terrifying but it works... Just create a new array: mdadm --create /dev/md0 -n2 -l1 /dev/sdb1 /dev/sdc1 When you create an array all it does, for the most part, is write a superblock at the end of the partition so that it can later identify the associated drives and be able to automatically put them back together. The data area itself it unaffected, so it should be safe to just create a new array (just don't mkfs it afterwards). Creating a new array will change the RAID's UUID and such, so you won't be able to just put it back into service without first creating a new mdadm.conf and running mkinitrd but otherwise it should just mount up and go... as long as the data isn't completely corrupted. Tripple check that the partitions are absolutely correct or it will destroy your data when it starts to resync the array upon creation. You could also give yourself 2 chances to get your data back and make 2 RAID1 arrays out of your 2 raid drives by doing this: mdadm --create /dev/md0 -n2 -l1 /dev/sdb1 missing mdadm --create /dev/md1 -n2 -l1 /dev/sdc1 missing That will give you /dev/md0 and /dev/md1 which you could then mount up and hopefully copy all your data off. I hope this helps, Brian Cluff On 02/02/2014 09:25 AM, George Toft wrote: I've spent over 15 hours on this (google . . . head . . .desk . . . repeat). I need to recover the data off of one of these hard drives. Background Two 3TB hard drives in a Raid 1 mirror, working fine for months. OS: Centos 6.5 Woke up a few days ago to a dead system - looks like motherboard failed. And when it failed, it appears to have corrupted the RAID partition (supposition - see problems below). I moved the drives to another system and it will boot then the kernel panics. Partitions part 1 - /boot part 2 - swap part 3 - RAID I think the RAID partition has just one filesystem (/). What I've done: Rescue mode: Boots, unable to assemble raid set: # fdisk -l | egrep GPT|dev WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted. WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted. Disk /dev/sda: 80.0 GB, 8002528 Disk /dev/sdb: 3000.6 GB, 3000591900160 bytes /dev/sdb1 1 267350 2147483647+ ee GPT Disk /dev/sdc: 3000.6 GB, 3000591900160 bytes /dev/sdc1 1 267350 2147483647+ ee GPT # mdadm --assemble --run /dev/md0 /dev/sdb mdadm: Cannot assemble mbr metadata on /dev/sdb mdadm: /dev/sdb has no superblock - assembly aborted # mdadm --assemble --run /dev/md0 /dev/sdb1 mdadm: cannot open device /dev/sdb1: No such file or directory mdadm: /dev/sdb has no superblock - assembly aborted parted tells me I've found a bug and gives me directions to report it. --- Booted Knoppix and ran disktest. I can copy the RAID partition to another drive as a disk image and I end up with image.dd. When I try to build an array out of it, I get an error: Not a block device. Tried commercial RAID recovery software (Disk Internals) - it hung after identifying 2.445 million files. - Ideas on what to do next? Is anyone here up for a challenge? Anyone need beer money? I need the data recovered, and will pay :) All help is appreciated :) --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: need help with RAID1 EFI GPT disks
Hi Michael, lsblk does not show the third partition, but gdisk knows it's there - see below. See also results when trying to mount the 3rd partition. [root@localhost ~]# ls -l /mnt total 6 drwxr-xr-x. 2 root root 4096 Feb 2 15:33 raid drwxrwxrwx. 1 root root 2304 Feb 2 15:46 sdd1 [root@localhost ~]# mount --read-only /dev/sdc3 /mnt/raid mount: you must specify the filesystem type [root@localhost ~]# mount --read-only -t ext4 /dev/sdc3 /mnt/raid mount: special device /dev/sdc3 does not exist [root@localhost ~]# lsblk NAMEMAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:00 596.2G 0 disk ├─sda18:10 500M 0 part /boot └─sda28:20 595.7G 0 part ├─VolGroup-lv_root (dm-0) 253:0050G 0 lvm / ├─VolGroup-lv_swap (dm-1) 253:10 7.8G 0 lvm [SWAP] └─VolGroup-lv_home (dm-2) 253:20 537.9G 0 lvm /home sdb 8:16 0 2.7T 0 disk sdc 8:32 0 2.7T 0 disk ├─sdc18:33 0 200M 0 part └─sdc28:34 0 2G 0 part sr0 11:01 200M 0 rom sdd 8:48 0 3.7T 0 disk └─sdd18:49 0 3.7T 0 part /mnt/sdd1 [root@localhost ~]# gdisk /dev/sdc GPT fdisk (gdisk) version 0.8.8 Partition table scan: MBR: protective BSD: not present APM: not present GPT: present Found valid GPT with protective MBR; using GPT. Warning! Secondary partition table overlaps the last partition by 4294968498 blocks! You will need to delete this partition or resize it in another utility. Command (? for help): p Disk /dev/sdc: 5860531055 sectors, 2.7 TiB Logical sector size: 512 bytes Disk identifier (GUID): BC837200-8528-4F8C-A78B-C529DA2B56CB Partition table holds up to 128 entries First usable sector is 34, last usable sector is 1565563725 Partitions will be aligned on 2048-sector boundaries Total free space is 2014 sectors (1007.0 KiB) Number Start (sector)End (sector) Size Code Name 12048 411647 200.0 MiB EF00 2 411648 4605951 2.0 GiB 8200 3 4605952 5860532223 2.7 TiB FD00 Command (? for help): Maybe this is as simple as getting the Linux to see the 3rd partition? I have another email in the works, but I'm waiting for the 3TB to dd to another drive . . . Regards, George Toft On 2/3/2014 12:23 AM, Michael Butash wrote: The only time I've used gpt with linux was with a efi-boot-only laptop, but prior I can raid the boot sector drive still with software and not have to use fakeraid at all for full partition redundancy. Still kind of a new concept for a lot of people I think. Ubuntu otherwise happily still uses mbr, so was a bit of a curve for me to have to adapt as they don't bake their gpt or raid tools well in the initrd or install. If you raided your /boot and *other* raid volume, I'd say just redo the partitions with gdisk and resync the raid which is pretty easy (I have to do this somewhat commonly with my ssd's). I can run swap and root from lvm on the raid otherwise for full redundancy and easy disk rebuilds if/when needed. That keeps failure recovery very easy. Only EFI complicates this with crappy non-raidable fat32 partitions needed now (eww, thanks microsoft). My gpt/efi laptop looks much the same with dual ssd's, but has the first partition as an identical fat32 partition on each to satiate ubuntu as /boot/EFI and /bootEFI1, plus a mdraided /boot second, and crypt volume third. If not adding encryption, lvm atop the mdraid pv for a lot more flexibility in volume/redundancy restoration among disks. I just rsync the stupid efi fat32 disks. mb@host:~$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdh 8:112 0 111.8G 0 disk ├─sdh1 8:113 0 100M 0 part │ └─md127 9:127 0 100M 0 raid1 /boot └─sdh2 8:114 0 111.7G 0 part └─md126 9:126 0 111.7G 0 raid1 └─spv0 (dm-0) 252:0 0 111.7G 0 crypt ├─vg0-root (dm-1) 252:1 0 2G 0 lvm / ├─vg0-swap (dm-2) 252:2 0 2G 0 lvm [SWAP] ├─vg0-var (dm-3) 252:3 0 2.5G 0 lvm /var ├─vg0-usr (dm-4) 252:4 0 10G 0 lvm /usr ├─vg0-home (dm-5) 252:5 0 32G 0 lvm /home sdi 8:128 0 111.8G 0 disk ├─sdi1 8:129 0 100M 0 part │ └─md127 9:127 0 100M 0 raid1 /boot └─sdi2 8:130 0 111.7G 0 part └─md126 9:126 0 111.7G 0 raid1 └─spv0 (dm-0) 252:0 0 111.7G 0 crypt ├─vg0-root (dm-1) 252:1 0 2G 0 lvm / ├─vg0-swap (dm-2) 252:2 0 2G 0 lvm [SWAP] ├─vg0-var (dm-3) 252:3 0 2.5G 0 lvm /var ├─vg0-usr (dm-4) 252:4 0 10G 0 lvm /usr ├─vg0-home (dm-5) 252:5 0 32G 0 lvm /home -mb On 02/02/2014 08:44 PM, George Toft wrote: installed gdisk and it looks like /dev/sdb is damaged, but /dev/sdc is good :) doing a dd on the whole drive to a file on another drive so I have a backup. I'll check back in a couple days when it's done. Regards, George Toft On 2/2/2014 2:58 PM, Matt Graham wrote: # fdisk -l | egrep
Re: need help with RAID1 EFI GPT disks
Too late - bought a My Book from WD. (Strange that a My Book was $40
cheaper than a bare drive.)
See email to Michael about what happens when I try to mount the
partition. Since /dev/sdb seems corrupted, I might reformat it to store
/dev/sdc3 which I can get - only takes a day to dd.
Regards,
George Toft
On 2/3/2014 8:35 AM, Carruth, Rusty wrote:
I recommend doing a DD of each partition to its own file, then a 'dd
if=/dev/sdx count=1' to a file to get the partition table.
For one thing, it means you can try mounting each file readonly ('mount
-o ro,loop file.for.partition.1 /mnt/looking').
For another, if you had multiple partitions, each of which would fit on
drives you have 'laying around', but all of which wouldn't fit on a
single drive - you can restore the partitions to different drives and
possibly be up and running without having to buy a new drive
immediately
Rusty
-Original Message-
From: plug-discuss-boun...@lists.phxlinux.org
[mailto:plug-discuss-boun...@lists.phxlinux.org] On Behalf Of George
Toft
Sent: Sunday, February 02, 2014 8:44 PM
To: Main PLUG discussion list
Subject: Re: need help with RAID1 EFI GPT disks
installed gdisk and it looks like /dev/sdb is damaged, but /dev/sdc is
good :) doing a dd on the whole drive to a file on another drive so I
have a backup. I'll check back in a couple days when it's done.
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
need help with RAID1 EFI GPT disks
I've spent over 15 hours on this (google . . . head . . .desk . . . repeat). I need to recover the data off of one of these hard drives. Background Two 3TB hard drives in a Raid 1 mirror, working fine for months. OS: Centos 6.5 Woke up a few days ago to a dead system - looks like motherboard failed. And when it failed, it appears to have corrupted the RAID partition (supposition - see problems below). I moved the drives to another system and it will boot then the kernel panics. Partitions part 1 - /boot part 2 - swap part 3 - RAID I think the RAID partition has just one filesystem (/). What I've done: Rescue mode: Boots, unable to assemble raid set: # fdisk -l | egrep GPT|dev WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted. WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted. Disk /dev/sda: 80.0 GB, 8002528 Disk /dev/sdb: 3000.6 GB, 3000591900160 bytes /dev/sdb1 1 267350 2147483647+ ee GPT Disk /dev/sdc: 3000.6 GB, 3000591900160 bytes /dev/sdc1 1 267350 2147483647+ ee GPT # mdadm --assemble --run /dev/md0 /dev/sdb mdadm: Cannot assemble mbr metadata on /dev/sdb mdadm: /dev/sdb has no superblock - assembly aborted # mdadm --assemble --run /dev/md0 /dev/sdb1 mdadm: cannot open device /dev/sdb1: No such file or directory mdadm: /dev/sdb has no superblock - assembly aborted parted tells me I've found a bug and gives me directions to report it. --- Booted Knoppix and ran disktest. I can copy the RAID partition to another drive as a disk image and I end up with image.dd. When I try to build an array out of it, I get an error: Not a block device. Tried commercial RAID recovery software (Disk Internals) - it hung after identifying 2.445 million files. - Ideas on what to do next? Is anyone here up for a challenge? Anyone need beer money? I need the data recovered, and will pay :) All help is appreciated :) -- Regards, George Toft --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
