gerdesj

gerdesj, 27 days ago (edited 27 days ago)

“I understand that Canonical has every right to make the decision about their product.”

That seems fair. There are loads of distros available so why not try something else if you don’t like Ubuntu?

Linux and other mainstream Unices such as FreeBSD or OpenBSD int al (that’s not something I ever thought I’d be able to say a few decades back) are not Windows or Apples or whatevs. You do you and not them!

If Ubuntu fails to scratch your itch then move on. Debian is the upstream for Ubuntu so you’ll probably be fine with that instead. There is loads of documentation for Debian via the wiki etc and of course most Ubuntu docs will apply as well.

gerdesj, 1 month ago

I do IT security for a living. It is quite complicated but not unrealistic for you to DIY.

Do a risk assessment first off - how important is your data to you and a hostile someone else? Outputs from the risk assessment might be fixing up backups first. Think about which data might be attractive to someone else and what you do not want to lose. Your photos are probably irreplaceable and your password spreadsheet should probably be a Keepass database. This is personal stuff, work out what is important.

After you’ve thought about what is important, then you start to look at technologies.

Decide how you need to access your data, when off site. I’ll give you a clue: VPN always until you feel proficient to expose your services directly on the internet. IPSEC or OpenVPN or whatevs.

After sorting all that out, why not look into monitoring?

gerdesj, 2 months ago

Errm, Wireshark. Please bear with me.

Wireshark is a shining example of an open source project completely and utterly crapping on the closed source competition. As a result we all benefit. I recall spending a lot of someone else’s money on buying a sort of ruggedized laptop with two ethernet ports to do the job back in the day.

Nowdays, I can run up a tcpdump session on a firewall remotely with some carefully chosen timings and filters and download it to my PC and analyse it with Wireshark.

OK, all so convenient but is it any use?

Say you have a VoIP issue of some sort. The PCAP from tcpdump that you pass to Wireshark can analyse it to the nth degree. Wireshark knows all about SIP and RTP (and IAX) and you can even play back the voice streams or have them graphed so you can see what is wrong or whatever. That’s just VoIP, it has loads of other dissectors and decorators built in.

So what?

The UK (for example) will be dispensing with boring old, but reliable, POTS (Plain Old Telephony System) by 2025. Our entire copper telephony and things like RedCare (defunct soon) will go away.

We are swapping out circuit switching for packet switching. To be fair, a lot of the backend is already TCP/UDP/IP that is shielded away from us proles. When SoGEA (Single Order Generic Ethernet Access) really kicks in then the old school electric end to end connection will be lost in favour of packet switching, which never fails (honest guv).

If you are an IT bod of any sort, you really should be conversant with Wireshark.

gerdesj, 3 months ago

It’s been around for a very long time. It used to be Gentoo based.

gerdesj, 4 months ago

My phone is on 23. Nextcloud is on 27.

I’m Arch and so is my wife (actually) and it doesn’t have a version. We just roll … and today my dongled, wireless mouse has stopped moving. The buttons still work and my laptop touchpad works fine.

wtf!

gerdesj, 4 months ago

I use Linux (Arch actually) as my daily driver - I’m the MD of a small IT business in the UK. I have at least one employee who is asking me to create a Linux standard deployment to replace Windows because they don’t like it anymore - W11 is quite divisive.

For a corp laptop/desktop you might need Exchange email - so that might be Evolution with EWS. You’ll want “drive letters” - Samba, Winbind and perhaps autofs. You’ll need an office suite - Libre Office works fine. There’s this too: cid-doc.github.io for more MS integration - if that’s your bag.

I often see people getting whizzed up about whether LO can compete with MSO. I wrote a finite (yes, finite) capacity scheduler for a factory in MS Excel, back in 1995/6 - it involved a lot of VBA and a mass of checksums etc. I used to teach word processing and DTP (Quark, Word, Ventura and others). LO cuts it. It gets on my nerves when I’m told that LO isn’t capable by someone who is incapable of fixing a widow or orphan or for whom leading and kerning are incomprehensible.

gerdesj, 5 months ago (edited 5 months ago)

A scan performed by the researchers found that 77 percent of SSH servers exposed to the Internet support at least one of the vulnerable encryption modes, while 57 percent of them list a vulnerable encryption mode as the preferred choice.

That means a client could negotiate one or the other on more than half of all internets exposed openssh daemons.

I haven’t got too whizzed up over this, yet, because I have no ssh daemons exposed without a VPN outer wrapper. However it does look nasty.

gerdesj, 5 months ago

Start off with Gentoo to get the hang of the basics. Switch to Arch because compile times and heat burns. Try Linux from Scratch for a laugh, giggle and move on, but with a new found respect for distro maintainers.

What’s your use case? If it involves AAA games then that will narrow things a bit but if you simply want a bit of docs n that and, internet browsing and a spot of email and realtime sound and CAD then we’ll need a broader chat.

Debian, Fedora, Ubuntu, OpenSuSE, Mint - those would be my starters for 10 in no particular order. Pick yours and your hip angle. I personally run Arch (actually) and Gentoo. I don’t recommend them as a dip your toe in the water job 8)

Feel free to dive in, the water is lovely.

gerdesj, 5 months ago

How should someone who expresses an opinion - that receives downvotes - request feedback?

gerdesj, 5 months ago

Did anyone really think that making UEFI systems the equivalent of a mini OS was a good idea

UEFI and Secure Boot were pushed forcibly by MS. That’s why FAT32 is the ESP filesystem.

If I had to guess, a brief was drafted at MS to improve on BIOS, which is pretty shit, it has to be said. It was probably engineering led and not an embrace, extinguish thing. A budget and dev team and a crack team of lawyers would have been whistled up and given a couple of years to deliver. The other usual suspects (Intel and co) would be strong armed in to take whatever was produced and off we trot. No doubt the best and brightest would have been employed but they only had a couple of years and they were only a few people.

UEFI and its flaws are testament to the sheer arrogance of a huge company that thinks it can put a man on the moon with a Clapham omnibus style budget and approach. Management identify a snag and say “fiat” (let it be). Well it was and is and it has a few problems.

The fundamental problem with UEFI is it was largely designed by one team. The wikipedia page: en.wikipedia.org/wiki/UEFI is hilarious in describing it as open. Yes it is open … per se … provided you decide that FAT32 (patent encumbered) is a suitable file system for the foundations of an open standard.

I love open, me.

gerdesj, 5 months ago

Me too. I just ran time tree across my home directory a few times. Native console (ie C-A-F3) - 54 seconds, Konsole - eight seconds.

Waveterm is still installing (Arch AUR). The fan has a Gentooesque sound to it as a suspiciously complicated thing gets built. Oh God … electon … terminal shaking … golang … fans whining … lap melting … the Old Ones are stirring.

The deps for this thing are many. " I watched Firefox builds on Gentoo glitter in the dark near the Tannhäuser Gate". OK, its now arrived and my laptop case is making ping noises as it cools.

It takes 10 seconds or so to start up. Look pretty. Accept license agreement (wtf). Now what? Hmm lets try typing in that box. OK. time tree. Go back to Lemmy to type the last two paras of this comment, get bored and uninstall waveterm.

gerdesj, 5 months ago

Good on you mate. I have no idea why you are being downvoted when you are being the big man when called out.

I do understand your position - it is bloody annoying to have to remind people how the web works but in this case you are doing a “show and tell”.

When doing something like that I think you should show all and tell all. “Here’s what I did and how I did it and here’s how you can do it too”. That’s why I went in with the rather dodgy ankle reference! Think about when you see those influencers with worryingly pneumatic lips and arses that might double as seating for a friend. They show all, really all and some make a decent living at it. Now think about what sort of response you want for one of your show and tells.

I do confess that I used to do the same as you - I blasted away at someone on The Register a fair few years ago and was called out and subsequently apologised. That was a game changer for me and I suspect for you now. That doesn’t mean that you can’t get riled occasionally but make sure it counts and you are in the right or at least nearly right … OK you think you are right 8)

Cool beans!

Cheers Jon

PS I’m 53 today

gerdesj, 5 months ago

Perhaps but if you are doing a show and tell, why not do the full tell?

I can remember when Google didn’t exist and Altavista was the cool kid, or when the www didn’t exist and gopher and WAIS were the tools of choice. … and I can go much further back.

My real point is: If you are going to show a bit of ankle, and it is yours, make sure that everyone realises it is your ankle. If it isn’t your ankle, then tell us whose it is. It’s not fair asking people to search for pictures of ankles and then try to guess which one you have posted about.

gerdesj, 5 months ago

Employer here (UK)! I’m probably not normal being the MD and running Arch (actually) on my gear. I had to switch from Gentoo because I kept on burning myself.

For me, something like the LFCSA is something I respect because it is practical. Back in the day I did something similar (Novell I think). I’ve also grabbed a VMware … whatever … and that was a memory test and a waste of money. Who cares if you can quote the maximums?

When I’m hiring, I want to see application and knowledge and not a plethora of industry “quali-wankery”! You can always search for facts but knowing how to apply them is what I want to see.

Be flexible but do try to develop what sort of direction you want to take. What floats your boat out of dev ops, sysadmin etc?

You could also consider self employment/consultancy. I sort of fell into it 23 years ago …

gerdesj, 5 months ago

“I’ve been considering installing Arch the traditional way, on my X220, as a way to force myself to improve.”

I use Arch and so does my wife (she has no idea). The wiki is legendary because it is well used (I’ve written a few bits myself). I’ve used Gentoo for quite a while too but you will find compilation times a bit of a bore.

I own an IT company - I am the MD. I use Arch actually! (and so does my wife)

gerdesj, 6 months ago

No. Those tools are tried and well tested. Yes there may still be bugs lurking but simply rewriting in Rust does not guarantee safety. I do hope that this: doc.rust-lang.org/book/ch19-01-unsafe-rust.html doesn’t get used in that repo.

That said, I’ll take a look in say five years and see how they are getting on.

gerdesj, 7 months ago

So you “make config” once and then you just tweak it from time to time! I used to run make config until I discovered xconfig (when X was xfree86) and settled on menuconfig.

I was still using menuconfig on Gentoo until around five years ago. OK I still have one or two Larry’s lying around doing useful stuff but generally I just copy the old kernel config to the new one and compile away with genkernel.

make config did take a while back in the day. You literally run through the entire kernel’s options one by one: y/n/m for drivers. I haven’t done that since 2.0.x days. Then you forget to sort out lilo and reach for the boot floppy. No I don’t miss those days.

gerdesj, 7 months ago

They will if enough people whine about it.

In the old days (I’m 50+) tumbleweed drifted through ~/ apart from my drivel and I’d have a folder for that so /home/gerdesj/docs was the root of my stuff. I also had ~/tmp/ for not important stuff. I don’t have too much imagination and ~/ was pretty clean. I was aware of dot files and there were a shit load of them but I didn’t see them unless I wanted to.

This really isn’t the most important issue ever but it would be nice if apps dumped their shit in a consistently logical way. XDG is the standard.

gerdesj, 8 months ago

Never used Flatpak or Snap in nearly 30 years of using Linux. I might one day but not yet.

I don’t use Fedora these days but your package manager will probably have some hooks. Add one to update your Flatpaks when it has finished its main job.

gerdesj, 9 months ago

I once named a load of servers for a helicopter company in the UK with elements. The cluster nodes were copper, silicon, etc. The cluster itself was called iron. The volumes were labelled fe_function.

It worked - it was easy to read and the bits that implied “cluster” were grouped appropriately. All the other servers had random elemental names unless they were associated in some way, in which case the group would be used. The engineers (real engineers with oil or distressingly nasty lubricants in their veins) loved it - it made sense, without being too quirky. It was very legible.

When those systems were hoicked out and replaced, the usual nonsense was applied: 2 char country code + 2 char site code etc etc ad nauseam. Followed by my absolute pet hate: 01. Oh so you might need 99 domain controllers? Yes you might, but not on one site.

Let’s face it, it is mostly AD admins who don’t get hostnames. I blame MS - their docs and blogs strive to be … authoritative or at least look so. An entire generation (possibly two) of sysadmins have been sold up the river by MS and their wankery.

gerdesj, 9 months ago

I’ve spent over 25 years with Linux. With multiple distros and a lot of that with Gentoo and Arch. At work I specify Ubuntu or Debian, for simplicity and stability. I always used to use the minimal Ubuntu, because it was tiny with no frills. For quite a few years I managed a fleet of Gentoo systems across multiple customers - with Puppet. Those have quietly gone away. I’ve dallied with SuSE (all varieties), Mandrake, Mandriva, RedHat, Slackware, Yggdrassil and more.

Arch is surprisingly stable and being a rolling job there are no big jumps. When I replace one of our laptops, I simply clone the old one to it and crack on. I used to do the same with Gentoo - my Gentoo laptops went from an OpenRC job with dual Nokia N95 ppp connections around 2007 to through to around 2018 with systemd and decent wifi when I switched to Arch to allow the burns on my lap to heal. I still have a Gentoo VM running (amongst friends) on the esxi in my attic.

It was installed in 2006 according to some of the kernel config files. I left it for way too long and had to use git to make Portage advance forwards in time and fix around a decade of neglect. It would have been too easy to wipe and start again. It took about a fortnight to sort out. At one point I even fixed an issue following a forum post I made myself years ago.

Anyway, Arch is pretty stable.

gerdesj, 9 months ago

Define stable! Both are non rolling distros so that means that you have the upgrade jolt every few years. I have several VMs that started off life as Ubuntu LTS around 16 so from 2016 and are still running but now on 2022.04. Those are servers so relatively simple - web, PHP, Samba, DBs, etc. PHP is a pain to fix up. Ubuntu doesn’t have the rather neat slotting feature that Gentoo has so you get to do quite a lot of detective work to put it back together again. Debian is similar - again I have several systems that I manage that have gone through at least three or four Toy Story names.

Arch is rolling so there is no break and continue point. There have been some packages that have broken or been broken but not the entire system and that suits me. The QA is surprisingly good from the devs. Arch really isn’t the bugbear, nightmare super ricer thingie that it is sometimes painted out to be. I find it a very thoughtfully put together distro with an awful lot of moving parts that are well integrated and a great toolset. Choice is paramount and delivered in spades without the micro management that Gentoo requires.

It also helps that I have been doing this stuff for well over two decades so some challenges are no longer the challenge they once were.

gerdesj, 9 months ago

USE please.

Each to their own.

gerdesj, 9 months ago

My wife uses Arch (actually). She calls it the internet, when she really means Facebook. She knows it isn’t Apple but it gets a bit vague after that!

The last time I had to fire up the Mesh Central client to sort something out on her desktop from work was around three months ago. Every couple of weeks I ssh into it, update it and schedule a reboot for 03:00.