Re: [GTALUG] Linux Journal, RIP

2017-12-06 Thread Blaise Alleyne via talk 
On 06/12/17 06:50 AM, o1bigtenor via talk wrote:
> 
> 
> On Tue, Dec 5, 2017 at 8:27 PM, James Knott via talk  > wrote:
> 
> On 12/05/2017 07:59 PM, Stewart C. Russell via talk wrote:
> > Looks like last month was their last month of even digital publication:
> 
> I used to subscribe to it, but when Shawn Powers took over as editor,
> the content really suffered.  As a result, I stopped subscribing some
> time after they dropped the print version.
> 
> Greetings
> 
> Any ideas as to where to collect information similar to that provided by
> the
> magazine?
> (project ideas with examples, news, tips, etc)
> 
> I've looked and there doesn't really seem to be a live magazine focused on
> LInux anymore - - - they're all doa. Maybe someone out there has some ideas.
> 

Linux Voice?

https://www.linuxvoice.com/

Though it looks like that was discontinued a year ago and merged with
Linux Magazine:
http://www.linux-magazine.com/

I was a Linux Voice subscriber for a few years, and it was great. No
experience with Linux Magazine though.



---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Request for a talk (or a doc)

2017-09-02 Thread Blaise Alleyne via talk 
On 02/09/17 04:07 AM, Evan Leibovitch via talk wrote:
> [...] I have never quite mastered how to get random
> Unicode characters from a keyboard on a Linux desktop. I've allways been
> able to switch keyboards, and I can do French (and some other) accents
> using dead keys. But I've never been able to duplicate the Windows trick
> of (for instance) ALT-0128 to get the Euro symbol.
> 
> Most keyboards these days, in addition to Control keys, have a pair each
> Windows and Alt keys. On my KDE desktop the Windows key brings up the
> applications menu - fine. But if I look at
> /usr/share/X11/locale/en_US.UTF-8/Compose I see references to a
> that would allow me to combine keystrokes to make ligatures
> (such as combining "R" and "=" to make the Rupee symbol. I don' t see a
> key marked "multi key"  and I haven't found the ability to do these
> combined characters.
> 
> In the KDE keyboard settings there is mention of mapping a  key to
> one of the low-row keyboard keys ... but isn't that an EMACS thing? And
> what is a  key?
> 

In GNOME, the trick is called the Compose key.

https://help.gnome.org/users/gnome-help/stable/tips-specialchars.html.en

You set a compose key in the GNOME settings (I like to set it as
CapsLock personally), and hit that key and then a combination of other
characters to get special characters.

I haven't done this in KDE before, but a quick web search suggests that
it might also be called the Compose Key in KDE:
https://userbase.kde.org/Tutorials/ComposeKey

HTH

Blaise
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Linux hardening question

2017-06-29 Thread Blaise Alleyne via talk 
On 27/06/17 07:37 PM, Truth Hacker via talk wrote:
> Hi All,
> 
> I am starting to go down the road to harden a Linux server, I am using
> the Ubuntu server image as my starting point.
> 
> I searched a few articles and compiled a list of things to do, so far
> the stuff is a bit dated. So I was wondering if anyone has stuff ideas
> to help me harden my system which I plan to use to host my website
> using a VPS host.
> 
> So far I've got step for the following:
> 
> SSH / No root login, public key login
> 

I don't disable root login, I actually use it frequently. But I disable
PasswordAuthentication (occasionally, on some servers, whitelisting some users
who are allowed to use PasswordAuthentication using 'Match user').

I certainly disable PasswordAuthentication for root, but I allow root login with
a keypair.


fail2ban, as others have mentioned, I always enable too. Though it's nice to
whitelist some of your own IPs if they're steady, as a few times a year
otherwise I found legit users getting themselves banned (using a different
computer, or forgetting a password, and thinking keys were setup when they
weren't, typo in the username, etc.). Whitelisting the office IP address has
stopped my co-workers from tripping fail2ban :)





signature.asc
Description: OpenPGP digital signature
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] Any experience with these FOSS platforms?

2017-05-08 Thread Blaise Alleyne via talk 
On 05/05/17 03:21 PM, Evan Leibovitch via talk wrote:
> Hey all,
> 
> A group I'm working with is looking to see if the following self-hosted FOSS
> tools are a worthwhile migration from their closed alternatives:
> 
>   * Mattermost - for group collaboration, instead of Slack

I host this for a team. Haven't used it (or Slack) really myself, but as far as
hosting and admin goes, it's quite easy to set up and use.


>   [...]
>   * BigBlueButton - for webinars, instead of Adobe Connect or GoToWebinar
> 

I've hosted this for several years. Biggest reason I don't use it myself is that
the client requires Flash. Also a bit awkward to have to integrate with another
web application as a front-end. I find it had a lot of potential, but feels kind
of awkward to use and admin, and doesn't seem to have grown much over the last 5
years (unless I just haven't been paying attention). It did serve our team well
for several years though in terms of screen sharing remote meetings.




signature.asc
Description: OpenPGP digital signature
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] What Not To Backup

2016-12-27 Thread Blaise Alleyne via talk 
On 23/12/16 12:11 PM, John Moniz via talk wrote:
> Hi everyone,
> 
> I'm backing up my system on a more regular basis and am trying to fine tune 
> the
> files that I backup. I am looking for advice on what NOT to bother to backup 
> on
> the /home directory.
> 
> I am using rsync (took a long time and lots of trials to figure out the man 
> page
> - and still don't know 90% of it) and presently have the following on my
> exclude_list.txt:
> (Note: multiple items shown on one line are just for readability, each line in
> the file only has one item)
> 
> tmp* TMP*
> .cache* cache* Cache* CACHE* *CACHE *Cache *cache
> .cookies* cookies*
> Trash Trash* TRASH*
> Junk* junk*
> .gvfs
> Backups backups
> Crash*
> .xsession-errors*
> .macromedia
> .thumbnails
> .mozilla/firefox/*/thumbnails
> *.corrupt
> minidumps
> .local/share/gvfs*
> 
> I'd love to exclude things that perhaps one would never use from a backup to
> rebuild a system after an accidental clean wipe of all data.
> 

Personally, I wouldn't be comfortable with so many wildcards in an rsync
exclude. I compiled mine through trial and error, running manual backups
frequently at first and finding directories that constantly had new stuff to
backup with names like tmp or cache and excluding those.

Here's my rsync exclude file (might be a little out of date, as I constructed in
a few years back on an Ubuntu machine, now using Debian):
# These files are not necessary to backup
*.swp
.cache/
.config/banshee/covers/
.evolution/cache/
.gnash/
.gnome2/epiphany/favicon_cache/
.gnome2/epiphany/mozilla/epiphany/Cache/
.gvfs/
.liferea_1.8/cache/
.local/share/Trash/files/
.macromedia/
.mozilla/firefox*/Profiles/*.default/Cache/
.mozilla/firefox*/Profiles/*.default/*.sqlite
.mozilla/firefox*/Profiles/*.default/weave/
Trash.msf
.mythtv/themecache/
.pulse/
.thumbnails/
.icedove/*.default/Cache/
.icedove/*.default/ImapMail/
.wine/
.wapi
.xchat2/scrollback/


Now, some things in there are conscious decisions, like I'm excluding my
IceDove/Thunderbird ImapMail folder because I don't want to constantly rsync my
cache of my ImapMail folders -- I have proper backups directly from my mail
server instead.


I also have a bunch of other custom folders excluded on any given machine,
usually ~/Downloads/ or some kind of directory where I may download large files
like ISOs which I have no need or desire to be going through my backup system.


> Similarly, any recommendations of what I should back up outside of /home? I am
> thinking of things like /etc/fstab, files that would make it easier to recover
> from a crash or to upgrade a distro.
> 

Here's the script I put in /usr/local/bin/backup to run every hour or so on all
my laptops/N900:

#!/bin/sh
START=`date +%s`
LOCAL_HOST='192.168.2.160'
REMOTE_HOST='myhome.domain.tld'
DEST_DIR="backups/thinkpad-x60"  # this would be different on each client


# Try to connect to host locally, otherwise use remote connection
if ssh -q $LOCAL_HOST exit;
then
HOST=$LOCAL_HOST
else
HOST=$REMOTE_HOST
fi

echo "== Backup to $HOST =="
date

DESTINATION="$HOST:$DEST_DIR"

# Backup home directory (Note: this is only for primary user!)
echo "-- ${HOME} --"
rsync -e ssh -avz --delete --delete-excluded
--exclude-from=${HOME}/.rsync.exclude --numeric-ids --relative ${HOME}
${DESTINATION}

rsync -e ssh -avz --relative --delete --exclude-from=${HOME}/.rsync.etc.exclude
/etc/ ${DESTINATION}/
rsync -e ssh -avz --relative --delete /usr/local/bin/ ${DESTINATION}/

# Calculate elapsed time
END=`date +%s`
ELAPSEDTIME=`expr $END - $START`
echo Finished at: `date` - "It took $ELAPSEDTIME seconds"



I can run manually with `backup`, but I have it set to run every hour.

Not I'm backing up most of /etc/ too. I have an exclude file that leaves out
some stuff there (also trial and error by running the backup manually and seeing
what perhaps wasn't necessary).


Some important notes!

Are there sensitive files you don't want bac

As other people have mentioned, this just mirrors your home directory to a
backup server somewhere, which is awesome, but not a real backup because you
can't go back to older versions.

So what I do is I use rsnapshot for versioned backups.

I have a server running at my apartment, and a server running at my parents' 
place.

- laptops and mobile devices do rsync mirrors to the local server
- the remote server and the opposite place does a nightly rsnapshot of the
backup directories (and other stuff on the servers)

This way, my laptops/mobiles mirror ~hourly to my living room server, but if
anything ever went wrong, I could go back to the last 7 days, last 4 weeks or
last 3-6 months in the rsnapshot backup. And with that being at my parents'
place, it's also in a separate physical location in the even of fire, flood,
theft, etc.

(If there was some kind of nuclear bomb or natural disaster or something that
took out physical locations across Toronto, then I wouldn't be covered, but I
also

Re: [GTALUG] Voting with our Dollars on Computing Future that Respects our Freedom.

2016-08-27 Thread Blaise Alleyne via talk 
On 27/08/16 11:34 AM, Anthony de Boer via talk wrote:
> Alvin Starr via talk wrote:
>> The reason for laptop upgrades is often needing more memory or disk 
>> space but by the time you get there 2-3 years down the road the keyboard 
>> has food bits under it and the touch pad is wearing out so getting a new 
>> laptop is the way to go.
> 
> I had a Thinkpad from around 2000 that lasted more than a decade; it
> was solid hardware and I didn't abuse it.  And ultimately Moore's Law
> caught up with it, even though I'd maxed out RAM once that got cheap
> and upgraded the hard drive.
> 
> I could probably haul it out today and get it booted, but why bother?
> 
> Lesson from that is buy it to use it not coddle it, and plan to upgrade
> in not more than five years.  Though maybe Moore's Law is levelling out?
> 

I'm still using a ThinkPad X60 (2006) bought in July 2007 and a ThinkPad T61
(2007) from Nov 2007 as my primary machines...

My X60 has a SSD. Both had RAM maxed. The T61 has been shelved for the past year
though, hard drive died and I haven't replaced it yet because the keyboard/fan
need some attention if I'm going to continue to use it. I've used both these
machines heavily...

I've been seriously considering a new machine on and off for about 3 years...
that is, I've been wondering whether or not to buy a new machine for the entire
lifespan of many other people's machines!

Not quite 10 years of use, but the X60 is into its 9th year.

(I feel like there's a bit of a difference between a machine from 2000 in 2010
versus a machine from 2006 in 2016 though... Moore's Law has been applied in a
different way over the last 5-10 years, in that my refurbished X60 might still
be competitive in some ways with some lower-end netbooks sold today, but I the
same wouldn't be true of a laptop from 2000 in 2010.)




signature.asc
Description: OpenPGP digital signature
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] GUI for Ubuntu 16.04

2016-08-04 Thread Blaise Alleyne via talk 
On 03/08/16 04:29 PM, Scott Allen via talk wrote:
> 
> 

Ubuntu GNOME is great if you want GNOME 3. (I've been happy with GNOME 3 since I
discovered https://extensions.gnome.org/ )

But if you want the more traditional GNOME 2 experience, you'd want to check out
MATE, like others have suggested.




signature.asc
Description: OpenPGP digital signature
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] OwnCloud vs Nextcloud?

2016-07-11 Thread Blaise Alleyne via talk 
On 11/07/16 02:14 PM, Lennart Sorensen via talk wrote:
> On Mon, Jul 11, 2016 at 11:44:58AM -0400, D. Hugh Redelmeier via talk wrote:
>> I don't use PHP so my opinion isn't reliable.
>> 
>> Historically it has been too hard to write secure code in PHP.  Or perhaps
>> it was the culture.  I know that things have gotten better over the years.
>> Culture is pretty resistant to change.
> 
> Actually I think the right way to word it is:
> 
> It is too easy to make it insecure in php.
> 
> It is perfectly possible to write secure php code.  It just happens to be
> stupidly easy to write insecure php.
> 

Yes, totally -- it's far too easy to write insecure code in PHP.


> [...] a lot of the problems are really just that people don't know what they
> are doing and it makes it very easy to make something that "works" even if it
> is also very insecure in non obvious ways.  You can do some of those 
> stupidities in other languages, but usually you actually have to try a bit
> harder to get bitten.  Trusting user input and using it directly is pretty
> much always a bad idea in any language.
> 

Absolutely.

Beyond that, PHP just makes it really easy to write code in general, and then
really easy to do stupid stuff when you're writing code. It's a bad combination
of democratizing web programming and bringing the masses in but also abandon
moral and technical standards and traditions in the process... you just get a
free for all where any schlub can hack together terribly insecure code...


Thing is, I don't think you can generalize from a particular culture of PHP devs
to say something about all PHP applications though. It's not like the
ownCloud/nextCloud community is a bunch of unsophisticated people using PHP to
cobble together some shoddy thing.

The ownCloud/nextCloud developer community rose out of the KDE developer
community (not like, Joomla! or something). Not that I've poured through the
source code, but ownCloud feels sophisticated -- they've got top-knotch
libraries employed, like SabreDAV, and support a ton of APIs and standards,
which would be tough for an unsophiticated bunch to pull off, plus a
fully-featured management CLI, which is another sign to me of a well-designed
application.

There are well-designed and sophisticated PHP-based applications, like SabreDAV,
like Symfony, like ownCloud/NextCloud. It's possible to write secure,
well-designed code in PHP, and some people choose PHP because of it's broad
accessibility for hosting, not because they don't know how to write secure code.

I'm not that old, but I've seen and worked with my fair share of terrifying PHP
applications... ownCloud/NextCloud isn't one of them. *shrugs*



signature.asc
Description: OpenPGP digital signature
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] OwnCloud vs Nextcloud?

2016-07-11 Thread Blaise Alleyne via talk 
On 11/07/16 11:44 AM, D. Hugh Redelmeier via talk wrote:
> 
> | From: Blaise Alleyne via talk <talk@gtalug.org>
> | On 11/07/16 10:19 AM, D. Hugh Redelmeier via talk wrote:
> | > Nextcloud forked OwnCloud last month and made its first release this 
> month.
> 
> | However, they'll need a bit of time. As an ownCloud user, I expect to move 
> to
> | NextCloud some time, but not today or tomorrow -- maybe later in 2016 or in
> | 2017, as they get things in order.
> 
> Yeah.  But what do you think needs to get in order?  Infrastructure?
> 

Well, for example, I went to look at doing an install last week, and they've got
a tarball, but with my ownCloud installs I've got the ownCloud Debian repo
configured. I know there have been issues that the ownCloud community has been
confronting in the best way to provide updates... but I'd rather not be
unpacking *.tar.gz and figuring out whatever NextCloud's unique upgrade process
is every time there's a bug fix or security release. I'd rather wait until they
have their recommending update method / repo situation sorted out, so it's
easier to maintain an installation.

(Admittedly, I spent all of 5 minutes checking this out before deciding to check
back again in a few months -- maybe I've missed something.)


> Is it likely inferior to the ownCloud product that it started with?
> 

I doubt the application itself is inferior, since it's probably identical to the
community edition. More the apt versus tarball type consideration.


> Is it likely that a lot of changes will happen at the start such that
> it is better to wait for things to slow down?
> 

Less of a concern there... my hunch would be that a ton of their effort would be
immediately spent on things *other* than creating a bunch of changes to the
functionality of the program. Plus, it's a lot of the same leading developers.


> Are you waiting for them to shake-down their new processes?
> 

Yeah, more this kind of thing -- I guess just waiting for the dust to settle a
bit? I'm not sure specifically, but I think about OpenOffice.org/LibreOffice, or
MySQL/MariaDB -- it's hard to tell in the days preceding a high profile fork
just how it will pan out and when things will stabilize, and when there will be
enough momentum/stability that you can have some confidence you know what the
new thing is and that it has a solid future, or which project has the better
future, etc. I think it's clear from all the defections that NextCloud is the
future over ownCloud, but waiting to see things stabilize...


I'm no expert here. Just a daily ownCloud user and sysadmin (probably soon to be
a daily nextCloud user and sysadmin...).




signature.asc
Description: OpenPGP digital signature
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk

Re: [GTALUG] OwnCloud vs Nextcloud?

2016-07-11 Thread Blaise Alleyne via talk 
On 11/07/16 10:19 AM, D. Hugh Redelmeier via talk wrote:
> Nextcloud forked OwnCloud last month and made its first release this 
> month.
> 
> 
> Includes links to "Related Stories".
> 
> Does anyone have any insight into which would be worth adopting?  Or
> something else?
> 

This is the big blog post announcement:
http://karlitschek.de/2016/06/nextcloud/


> - it looks as if more devs went with Nextcloud
> 

Yes, it seems like all the key people, including some of the founders of the
project, are going with NextCloud. That seems very likely to be the future.

However, they'll need a bit of time. As an ownCloud user, I expect to move to
NextCloud some time, but not today or tomorrow -- maybe later in 2016 or in
2017, as they get things in order.


> - both are trying to make a commercial go of it.  I fear that this doesn't 
>   match my desire for open source from an open project.
> 

"Commercial" is too broad -- from what I gather, the NextCloud fork exists
specifically to do a better job at governance of the project from a software
freedom perspective, to avoid too much control in the business side.

For example, from that blog post ( http://karlitschek.de/2016/06/nextcloud/ ):
- We will no longer require a contributor license agreement from contributors.
- We no longer do dual-licensing
- The new trademark will be hold by an independent foundation.
- We no longer do internal development planing behind closed doors. Everything
will happen in the open.

These are the kinds of things they've forked over, getting that relationship
*right* between a free software project and a corporate sponsor.


There are commercial approaches, like Automattic's with WordPress, where you
have a separate foundation and a pretty healthy relationship with a primary
corporate sponsor. Apparently, large chunks of the ownCloud community found
there wasn't that proper governance and relationship through ownCloud Inc. -- at
least, that's how I've understood it.


> - I cringe at PHP.  Especially since I'd like to expose my
>   installation to the internet.
> 

PHP isn't inherently a problem, especially for sure a vibrant and strong project
like this. I'd be worried about some module written by a single developer or
something, but NextCloud/ownCloud being PHP itself is less important that the
health and strength and approach to security of the project and its developers.
*shrugs*




signature.asc
Description: OpenPGP digital signature
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk