gerdesj

gerdesj, 11 days ago

My wife’s laptop absolutely has to work. For some mad reason I decided on Arch for it. Actually a rolling distro is not so mad. You get the latest stuff and in general issues are fixed as quickly as a LTS jobbie or you get a work around in the forums or you dig out the source and a compiler. It’s no accident that the Arch wiki is an oft cited resource. Its not for everyone!

I’ve been looking at a similar thing for my company and Kubuntu so far is my choice and I’ve already ditched the LTS bit. I need to run AV and the usual corporate bollocks to pass silly tick box exercises, so my options are rather limited.

There is no perfect one size fits all distro, that’s what we have rather a lot of them to choose from - they rise and fall according to natural selection and not artifice. Imagine if all computers were sold with a free/libre OS or none at all and Windows or Apples were a paid for add on. Monolithic OSs are completely deluded about being able to cater for all, without some dreadful contortions.

Anyway, back to the job in hand! If you want a LTS then you must accept older software or you use an LTS as a base and add newer stuff yourself. Most Linux distros allow you to run your own add-ons formally or informally. Gentoo has a rather nifty user patching mechanism for distro ebuilds and you can have your own ebuilds take over entirely. RPM and pkg distros can handle user packages and Ubuntu has PPAs too. I could go on. Also you can go off piste and put stuff into /opt and/or /usr/local!

Please reconsider your use of the term “unstable”. I suggest you write down a list of your requirements and score them according to importance. Then grab a list of OSs and distros - all of them, don’t preclude Windows and Apples: they have their uses. Then score the OSs/distros against your requirements. The scoring might be in the form of a matrix (table). I suggest keeping it simple with a score of -1 to 1 for each item (-1=dislike, 0=neutral/whatevs, +1=like)

Do a pilot project and see how that goes. Take your time. If it is for personal use then run your tests in a VM. Most modern hardware can easily run a VM or two. Virtualbox or VMware Worskstation or KVM (libvirt is a good effort)

The choice is yours. Note that word “choice” - its very important.

gerdesj, 13 days ago

I’ve just moved my work PC from a cast off from a customer - it had a BIOS date stamped 2012, and was a rather shag Lenovo with a … Intel Core something and four GB RAM. Cheap though, ie free. I did wedge in a SSD to make it usable.

I run KDE which isn’t known for being tiny and I have a Postgres DB and a few containers for experiments running. The new box is a i5 Intel G13 thingy - HP mini jobbie. Luxury

To ensure that I am as disadvantaged as everyone else, I run ESET Endpoint AV and full disc encryption on it. It boots EFI and Secure Boot is enabled. I will pass a Cyber Essentials Plus audit (UK standard) without having to employ any misdirection. I’ve also read up on the US standards. The STIG for Ubuntu 22.04 is doable but my desktop is running 23.04 and 24.04 has just come out.

I run my company and we have some customers who have some rather more stringent requirements than others. We also have our own standards.

gerdesj, 13 days ago (edited 13 days ago)

“I understand that Canonical has every right to make the decision about their product.”

That seems fair. There are loads of distros available so why not try something else if you don’t like Ubuntu?

Linux and other mainstream Unices such as FreeBSD or OpenBSD int al (that’s not something I ever thought I’d be able to say a few decades back) are not Windows or Apples or whatevs. You do you and not them!

If Ubuntu fails to scratch your itch then move on. Debian is the upstream for Ubuntu so you’ll probably be fine with that instead. There is loads of documentation for Debian via the wiki etc and of course most Ubuntu docs will apply as well.

gerdesj, 24 days ago

I feel like I’m the only person who can’t make heads or tails of

It doesn’t matter if you get the result you want. The important thing is you have choice and that what you have chosen … works!

gerdesj, 25 days ago

They don’t need a new distro, unless they hire a lot of highly skilled packagers. I’d take say Ubuntu or OpenSuSE … but it would be RedHat with Oracle for the NHS - they just can’t help losing money.

For my tiny company, I’m going Kubuntu … bear with … Ubuntu means:

• Multiple “enterprise AV” are available (ESET and others)
• Secure Boot
• Full disc encryption is available

Those boxes ticked gets you on the way in the rather naff enterprise security word of tick boxes. Without those - give up now.

The K(DE) bit gets you a lot of configurability and its reasonably easy to get an environment out of the box that Windows users can get to grips with. Besides, I like KDE/Plasma.

I then tack on this rather fine project: cid-doc.github.io for AD, SYSVOL, “Drive letter” etc integration. Evolution with EWS does email.

My test machine is my desktop (it used to run Arch (actually), my laptop still does) - I started off with Kubuntu 22.04 and wired up all the above and then whilst in a Teams meeting kicked off the upgrade to 23.04 for a laugh. Sound stopped after a while because the kernel modules switched out. Anyway, all good after a reboot.

Seeing as I am competing with something that has GPO, I’ll allow myself to use Ansible.

PS - I should point out that an Arch box can run one of the ESET for Linux products OK (I have). You can get it to do secure boot and it can do FDE. So can Gentoo but I spent 15 years constantly fixing my Gentoo pets too.

gerdesj, 28 days ago

I (my little company) employ a bloke to support www.uzerp.com - we use it ourselves and ditched Sage (yay!)

If you fancy it then give us a shout - it is open source - you get it for free but our time is costed if you need assistance.

That is the Open Source Covenant

gerdesj, 1 month ago

I do IT security for a living. It is quite complicated but not unrealistic for you to DIY.

Do a risk assessment first off - how important is your data to you and a hostile someone else? Outputs from the risk assessment might be fixing up backups first. Think about which data might be attractive to someone else and what you do not want to lose. Your photos are probably irreplaceable and your password spreadsheet should probably be a Keepass database. This is personal stuff, work out what is important.

After you’ve thought about what is important, then you start to look at technologies.

Decide how you need to access your data, when off site. I’ll give you a clue: VPN always until you feel proficient to expose your services directly on the internet. IPSEC or OpenVPN or whatevs.

After sorting all that out, why not look into monitoring?

gerdesj, 28 days ago

I do use it quite a lot. The pfSense package for ACME can run scripts, which might use scp. Modern Windows boxes can run OpenSSH daemons and obviously, all Unix boxes can too. They all have systems like Task Scheduler or cron to pick up the certs and deploy them.

gerdesj, 1 month ago

A quick search comes up with “Phone Link” which only seems to work with Windows on the “PC” end, whereas KDE Connect will work everywhere that KDE works, which includes Windows.

www.microsoft.com/…/sync-across-your-devices

It really isn’t the same as Konnect which is a bloody marvel! I’ve used it for years.

gerdesj, 1 month ago

Errm, Wireshark. Please bear with me.

Wireshark is a shining example of an open source project completely and utterly crapping on the closed source competition. As a result we all benefit. I recall spending a lot of someone else’s money on buying a sort of ruggedized laptop with two ethernet ports to do the job back in the day.

Nowdays, I can run up a tcpdump session on a firewall remotely with some carefully chosen timings and filters and download it to my PC and analyse it with Wireshark.

OK, all so convenient but is it any use?

Say you have a VoIP issue of some sort. The PCAP from tcpdump that you pass to Wireshark can analyse it to the nth degree. Wireshark knows all about SIP and RTP (and IAX) and you can even play back the voice streams or have them graphed so you can see what is wrong or whatever. That’s just VoIP, it has loads of other dissectors and decorators built in.

So what?

The UK (for example) will be dispensing with boring old, but reliable, POTS (Plain Old Telephony System) by 2025. Our entire copper telephony and things like RedCare (defunct soon) will go away.

We are swapping out circuit switching for packet switching. To be fair, a lot of the backend is already TCP/UDP/IP that is shielded away from us proles. When SoGEA (Single Order Generic Ethernet Access) really kicks in then the old school electric end to end connection will be lost in favour of packet switching, which never fails (honest guv).

If you are an IT bod of any sort, you really should be conversant with Wireshark.

gerdesj, 1 month ago

Which distro do you use? Ubuntu, Debian, Arch and Gentoo have packages and I’ve no doubt that most others do too. On Linux you should not have to go to random websites and download stuff and faff around - use the built in distribution packages. If you are not sure what you’ve got try this at a command prompt and read the output:

<span style="color:#323232;">$ cat /etc/os-release
</span><span style="color:#323232;">
</span>

As a last resort, you can run tcpdump on nearly anything and dump to .pcap, transfer that and then open that in Wireshark. Note that modern Windows has a OpenSSH client and server available so getting files around via scp is a doddle. Windows can even do NFS too and there is of course Samba - but CIFS/SMB can be tricksy.

gerdesj, 1 month ago

I know what you mean. You’ve already read a load of log files on behalf of an “engineer” who seems incapable of doing it themself. You’ve also eliminated DNS and NTP and laughed at suggestions relating to SFC /SCANNOW. Then you roll up your sleeves and plug into the Matrix …

gerdesj, 1 month ago

In the UK at least, the POTS (Plain Old …) copper phone lines carry an electrical current as well as signals and can power the handset. There are certain guarantees about this so that in an emergency your phone will still work so you can dial 999 (our original emergency number) or 112. Our fire regulations require something like 30 minutes before things should start failing. In the real world, you get out immediately and use your mobile.

We have an emergency alarm monitoring system used by businesses. Its generally known as “Red Care” which was a brand run by BT (British Telecom). You have a small device connected to a phone line (and powered by it) and it will monitor your fire detectors and building access control systems and a 24 hour manned monitoring centre will notify you in the event of an emergency. Nowadays, these devices will use your wifi and internet connection. Sometimes: old school is best.

gerdesj, 1 month ago

I think we might be writing at cross purposes. The system you had for your mum obviously worked effectively for you and that is the important thing.

POTS provide(s|d) a fixed point of reference - your address is registered against the number for 999 etc; it provides power for a handset or device; Its been like that for a lot of decades! These are cast iron guarantees. A POTS line has guarantees, enshrined in UK law, that mobile etc does not have. POTS is circuit switched (well it was) which means there is a physical path between the ends for the duration of the conversation.

So, by old school, I mean that you currently have important guarantees about telephony in the UK that will evaporate in future. In 2025 or so, we in the UK will have finished migrating from our old school POTS copper lines and will enjoy our smart new SoGEA lines instead. Single Order Generic Ethernet Access. Instead of an emulated circuit switched line we will use VoIP across the entire country. Nothing wrong with that but it probably won’t have the guarantees that POTS had.

Red Care is no more - BT have dropped it on the floor as of Feb this year which may indicate that things are not well with our future comms promises. The general system that Red Care was one product of is still available.

This is the important point: Promises (in law) that we used to be able to rely on for comms may (will) be binned.

gerdesj, 2 months ago

9th Jan …

“A hell of an improvement especially for the AMD EPYC servers”

Look closely at the stats in the headers of those three tables of test results. The NICs have different line speeds and the L3 cache sizes are different too. IPv4 and 6 for one and only IPv6 for the other.

Not exactly like for like!

gerdesj, 2 months ago

Mmm first releases! Working from home, its nearly close of play. I know … I’ll update my work laptop.

OK I now have LXDE for a fall back WM so I can read stuff rather more easily than using links in a TTY and switched out SDDM for LightDM - I needed sddm-git to get LXDE to start up. SDDM now simply crashes and dumps core - no idea why. Oh and I have switched to Wayland because X11 no longer works for me. I might put off updating the wife’s laptop for a while, at least until I’ve done my work desktop 8)

I must say its all rather pretty and smooth. Scrolling now has drag and acceleration, which is nice. I’m sure I’ll get KRDC to talk to the sodding wallet so my 100s of RDP connections will work again. For now I’ll call xfreerdp from the konsole. Perhaps I’ll get around to configuring KeePassXC and get around to using that instead. I share several rather large .kdbx with the rest of the firm.

gerdesj, 2 months ago

atop and htop and glances and several others 8)

gerdesj, 2 months ago

Mint is lovely, as are all other Linux distros. However, if you want the latest stuff without going off piste and compiling it yourself, then a rolling, bleeding edge distro might appeal to you. You do mention that you have prior Linux experience.

I own a UK based IT company (as you do) with two other partners (I’m MD and not a doctor) and a slack handful of (lovely - obvs) employees. I personally like Arch on my gear. I used to sport Gentoo but my nadgers complained about being overheated too often. I still have a fair few Gentoo VMs lying around the place.

You might like to try a manjaro.org effort - I prefer the Plasma desktop spin (KDE). That’s Arch with a few more GUIs. Their Konsole is quite something with zsh and a very stylish prompt.

So far I have managed to get Linux to work on everything I have access to which is rather a lot of hardware. Back in the day wifi was a bit wanky and there was ndiswrapper but nowadays I generally find that laptops from HPE and Dell are just as well supported with Linux as Windows, often better.

I finally ditched Windows on my stuff at Windows 7 - that was my wife’s laptop - a GPU update screwed up and that was the final straw. She has been an Arch user for a good seven years and could not give a shit about what is running on her laptop, provided it works and does stuff.

gerdesj, 3 months ago

It’s been around for a very long time. It used to be Gentoo based.

gerdesj, 3 months ago

Use whatever you are comfortable with and works for you. At the moment it sounds like Windows might be the path of least resistance. Fine, go with that.

For me, I finally ditched Windows altogether around 15 years ago. Well, I say ditched - my customers and staff … haven’t.

The list of stuff you have problems with might be tricky on Linux simply because the vendors of music gear are unlikely to give a shit. Nvidia should be fine. I have a VMware VM at home which runs Zoneminder on Ubuntu, with a passed through Nvidia GPU. Surely it should be easier on physical hardware. I wrote this: wiki.zoneminder.com/GPU_passthrough_in_VMWare

You mention gaming so you’ll probably not be bothered with CUDA. You’ll need wiki.archlinux.org/title/NVIDIA If that doesn’t do it for you, hit the Arch forums …

The forums can be a bit intimidating but if you keep your query concise and show some evidence of effort, someone will probably get you over the line.

gerdesj, 3 months ago

The logical replacement for Ubuntu is probably Debian. I have quite a lot of Ubuntu servers at work. I am quite seriously considering going upstream. I do like the LTS to LTS promise and that fits well for my customers who like to see enterprisey features without going RedHat or Oracle. You may not have had to deal with “enterprise grade” stuff which loosely translates to bloody expensive and often horrible.

I’m an Arch fan too - actually I’m a Linux fan. I used to do Gentoo (10+ years) but I got tired of my lap overheating. Before that Slackware, Mandrake (Mandriva), RH, Yggdrassil oh and a fair bit of SuSE, not to mention everything Novell did since NetWare 3.1. Whoops, sorry, mind wandering 8)

Wayland and Pipewire will probably do everything eventually but for now, you have functionality gaps. Pipewire is quite amazing and being developed at nearly indecent haste. It might be worth diving in to their community. At worst you will find a lot of like minded people to you.

gerdesj, 3 months ago

Nextcloud is simply software that runs on something. You might use DNS to find the something that your Nextcloud runs on … or not. A domain can cost as little as say £10/year (no details given - loose costing provided!) but you say you don’t want one.

You could do some weird stuff involving something like this: Your clients update a database on the server with their current IP address(es) and the server reciprocates in kind regularly.

For an internets conversation, both sides need to know IP address, protocol, and optionally port; for both ends. For example, a webby conversation might involve:

My end: 192.168.100.20/24, tcp port 2399 -> NAT -> 33.22.4.66, tcp port 2245 Remote web server: 99.22.33.44/37, tcp port 443

Now, provided both sides are warned off about changes to addresses and port numbers on a regular basis, then comms will still work.

Say, your home external IP address changes, then your browser writes that new address to the remote server and comms continue. Provided one end knows all the details of the other end at any point in time and can communicate local changes then we are good.

000000000000000000000000000000000000000000000000000000000000000000

Maybe not. Lookup: Dynamic DNS.

gerdesj, 3 months ago

My phone is on 23. Nextcloud is on 27.

I’m Arch and so is my wife (actually) and it doesn’t have a version. We just roll … and today my dongled, wireless mouse has stopped moving. The buttons still work and my laptop touchpad works fine.

wtf!

gerdesj, 4 months ago

I use Linux (Arch actually) as my daily driver - I’m the MD of a small IT business in the UK. I have at least one employee who is asking me to create a Linux standard deployment to replace Windows because they don’t like it anymore - W11 is quite divisive.

For a corp laptop/desktop you might need Exchange email - so that might be Evolution with EWS. You’ll want “drive letters” - Samba, Winbind and perhaps autofs. You’ll need an office suite - Libre Office works fine. There’s this too: cid-doc.github.io for more MS integration - if that’s your bag.

I often see people getting whizzed up about whether LO can compete with MSO. I wrote a finite (yes, finite) capacity scheduler for a factory in MS Excel, back in 1995/6 - it involved a lot of VBA and a mass of checksums etc. I used to teach word processing and DTP (Quark, Word, Ventura and others). LO cuts it. It gets on my nerves when I’m told that LO isn’t capable by someone who is incapable of fixing a widow or orphan or for whom leading and kerning are incomprehensible.

gerdesj, 4 months ago

Problem: I want to sync data from a Linux PC to a NAS Samba share. You do impose a constraint that a GUI should be available. I’ll bear that in mind.

If you can access it via scp (which is very likely, but you don’t mention the NAS model) then use rsync or similar - multiple GUIs are available and it sounds like you’ve found some already

It’s a Samba share, mount it and then sync data. GUIs are available for the sync bit. Depending on your distro a GUI may be available for the mounting thing. If you specify a mount in /etc/fstab then it is a permanent mount.

I suggest you break the problem down into two bits and solve those independently. The first one is data access ie via Samba and the second is the sync bit.