GTALUG September 8, 2020 Meeting Notes

1 GTALUG Q&A Suggested topics for September

1.1 AGM Preparations

Hear ye! Hear ye! This is a Call for Candidates for the GTALUG Board.

October 13th is GTALUG’s Annual General Meeting, our tiny piece of “political pageantry.”

There are two seats opening, for 2 year terms (2020-2022).

Please consider running for the board, and keep in mind the following.

There are two formal qualifications that candidates need to satisfy:

  • Must be a GTALUG member in good standing
  • Must not have any undischarged bankruptcy

It is also important to be able to be available most months for Board/Operations meetings where we plan GTALUG meetings and activities. These meetings normally take place on the Monday evening following the regular Tuesday meeting. These days, this takes place on-line, using Jitsi.

This is not an extraordinarily huge burden, but it does mean that there are 48 meetings (counting both “second Tuesday” and “the following Monday”) where we hope to see you, and we hope to see you most of the time.

Board members are involved in and support the following activities.

  • Finding speakers for our monthly presentations
  • Operating our internet infrastructure (website and mailing lists)
  • Organizing and running our annual Linux in the Park picnic (in less pandemic-stricken times)
  • Our involvement as a member organization of ICANN

If you are interested, we’d appreciate it very much if you can submit your intention to run to the email address: board at gtalug.org

The incumbents whose previous terms are expiring are:

  • Chris Browne
  • Alex Volkov

Potential Candidates are welcome to announce their intention all the way up to the day of the AGM itself.

1.2 GTALUG Membership In These COVID-19 Times

In most years, membership has been handled via comparatively informal in-person processes, and those that wish to support GTALUG via membership would (broadly) follow the following steps:

  • Grab a membership form (that Chris passed out)
  • Try to pass Chris a $20 bill, whereupon Chris would say “give it to me along with the filled-in form”
  • Fill in the form, and hand it to Chris along with payment
  • Chris returns a few minutes later with a membership card

As GTALUG is meeting virtually, these days, this process cannot occur as described.

For those wishing to support GTALUG via membership, two routes are suggested:

The Cheque is In The Mail
Send a payment via Canada Post.
Interac eTransfer
Send funds from your bank to ours

To ensure that membership has been addressed for voting at the 2020 AGM on October 13th, it is imperative to handle this earlier than that, as mail can take several days for delivery. Alas, either way, this imposes more bureaucracy and some more cost than we have been accustomed to.

Payment via check using Canada Post

In this case, please send a cheque, made out to “GTALUG”, in the amount of $20, along with the identification information indicated below, and please send to the following address:

GTALUG 914-10 Carabob Court Toronto, ON M1T 3N5

Interac eTransfer
In this case, three pieces of information are critical, and must be shared both with your bank as well as with GTALUG.
Recipient
The recipient email address is membership@gtalug.org
Security Question
The content of this is not too important; “Random Value” or “Sooper Sekrut Data” are fine values.
Security Answer
It is suggested that a random value be used. For instance, 215db45eb7f54e1e5907de3b50ac50ee is a value I got from passing 1K of data from /dev/random through md5sum, and that is a decent mechanism to get a relatively unguessable password. (Of course, since many people have seen that specific value, 215db45eb7f54e1e5907de3b50ac50ee, it would not be a good choice.) This security answer also needs to be emailed to the membership@gtalug.org address in order for us to receive the payment.
Common information
Whichever of the above mechanisms is used for payment, please email the following membership information to membership@gtalug.org. Note that by longstanding policy, we do not pass your information on to outside organizations.
Name
Your preferred name
Email
Your preferred email address (if using Interac eTransfer, it’s best to use the same address, so we know which email address to associate each security answer with)
Address
If you are comfortable providing such
Security Answer
If eTransfer is used, we need the Security Answer in order to actually receive funds

1.2.1 Generating a random value, the Linux way

Here is a script that repeatedly takes 1K of random data from /dev/random, and turns it into an md5 checksum to ensure that the value is human readable and not too long.

for i in 1 2 3 4 5; do dd if=/dev/random bs=1k count=2 status=none | md5sum; done
215db45eb7f54e1e5907de3b50ac50ee  -
4f8f0e3a2944c857ebc3a7a776659134  -
1a52010a29ef3b2446d532ba389f65cb  -
84e6b072e2661fc88b3a7b1ed1ce5873  -
ef3f10a8b634760691e2ae53a0952707  -

1.3 Debconf 2020 was last week

  • anyone make it to parts of that?
  • DebConf 2020 Talks
  • 1.4 Mozilla let some people go 🙁

  • anyone know the impact?
  • appeared to include the folk that had been redoing the browser in Rust (Servo)
  • risk of there being less diversity in the web browser marketplace
  • 1.5 Sharpening your tools: Editors

    Vim – Sharpening the Axe

    This talk/presentation speaks about how it is important to update your editor configuration on an ongoing basis, due to several things:

    • Make the editor serve you better by supporting your individual needs
    • Learn more features, over time, which feeds into the above…
    • Editor functionality is enhanced over time, and making use of those enhancements requires new configuration
    • What tools do you NEED to sharpen?
    • What new tools do you need to create from scratch?

    1.6 Upcoming Conferences

    VimConf 2020
    Apparently was to be held in Japan, but cancelled, for the obvious reasons
    EmacsConf 2020
    Being held November 28/29, on-line
    • Call for Proposals is active now, until September 30

    1.7 Everything rewritten in Rust

    Shell Commands Redone in Rust

    bat
    like cat
    exa
    like ls
    fd
    like find
    procs
    like ps
    sd
    like sed
    dust
    like du
    starship
    custom shell prompt
    ripgrep
    like grep
    tokei
    calculates statistics about a directory full of code
    hyperfine
    benchmarking wrapper
    ytop
    like top
    teeldir
    like tldr, displaying simplified man pages
    bandwhich
    displays network utilization
    grex
    generates a regex that matches test cases
    rmesg
    like dmesg
    zoxide
    autojumper, to replace cd
    nushell
    a shell with pipeline editing ala awk/SQL

    1.8 SSH Honeypot Credentials Analysis

    Lessons Learned from SSH Credential Honeypots

    1.8.1 Interesting passwords

    baikal
    a lake in Siberia
    prueba
    Spanish for test
    caonima
    a Mandarin profanity written in Pinyin
    meiyoumima
    Mandarin for “no password”
    woaini
    Mandarin for “I love you”
    poiuyt
    The name for an optical illusion also known as the “devil’s tuning fork” (A prank from Mad Magazine!) Edit: multiple redditors pointed out this is the beginning of the top row of the keyboard from right to left.

    1.9 Just pretty weird…

    Remember Mach? And VMS?
    I’ll bet you don’t remember that someone implemented a VMS multiserver atop Mach…
    (no term)
    BLISS from CMU…
    (no term)
    Microsoft starting to play games with GitHub

    1.10 Modern Linux desktop layers and performance

    • X11 or Wayland
    • DE; Gnome/KDE/XFCE
    • GTK / QT
    • Firefox / Chrome CODECs, DRM
    • can Gnome applications run under XFCE (with what limitations)
    • why is XFCE faster than GNOME / KDE (compositors using 3d operations?)
    • what CODECS should one install? Are they authorized?
    • how is it that Widevine can work on Linux?
    • interesting ArchLinux notes on Firefox

    2 Calls for proposals for LibrePlanet

    3 CAD software

    • Are there any good open-source tools to edit STEP files(CAD)?
    • FreeCAD? Rather complex…
    • GCAD-3D

    3.1 Anything interesting ongoing with RISC-V

    • Hugh had a recent conference
    • RISC-V is a design for an instruction set that is free to use
    • Many implementations ongoing, many “very free”
    • Aspires to a similar place in the “design space” as ARM, which has
      • Some cheap, nonsophisticated designs
      • Or expensive, sophisticated designs
      • Apple’s newest SOC is their own implementation of ARM instruction set
    • RISC-V has a “gold rush” of organizations rushing to stake out claims
      • Open source implementations of RISC-V are often toys, or academic projects
      • Some companies designing performant RISC-V chips
      • Western Digital is now deploying RISC-V chips embedded in their disk drives
      • Some of the implementations are basically like a 32 bit Arduino implementation
      • Lots of “sort of open source” implementations
      • Might be popular with Huawei because they can’t get at next versions of ARM due to US bans
      • RIOS (RISC International Open Source) moved out of the US to Switzerland to avoid US law
        • Collaboration between Shenzen university and Berkeley
        • initial plans involve a RPi-like design that is to be open source, provided by AliBaba
        • Some parts open source (CPU) others possibly not as much (USB)
        • Needed to add some custom instructions to accelerate their work load
        • Interesting to get something including MMU, perhaps even GPU

    Securing Your Online Presence

    Why and Where You Should Plant Your Flag presents a set of places where it would be wise to make sure that you have your ‘online identity’ defined in order to prevent fraud artists from impersonating you.

    The list is USA-centric, and as a Canadian, my set of things worth “planting” are slightly different, nevertheless many are relevant here. A more distinctly set of “Canada-relevant” places are:

    • Canada Revenue Agency – CRA My Account
    • Credit Bureaus – Equifax and TransUnion. Note that Canadians are allowed to request, from TransUnion, a free consumer’s credit report about themselves, once per month. Requesting a credit report isn’t exactly a “placing of a flag”; it is, however, a powerful tool for verifying that there aren’t any extra flags lurking out there with your name on them.
    • Online accounts for your bank(s)
    • Provincial government (e.g. – for drivers licenses and similar)
    • Utility accounts (power, water, as apropos)
    • Phone company
    • ISP
    • Email service

    The notion here is that, for any of these that you can possibly have an online account for, you should set it up, and secure it as well as you can, with such things as

    • Good passwords, securely recorded (e.g – randomly generated, as with tools like KeePass, OnePass, and such)
    • If multi-factor authentication is available, it is way better to have that than to not have that

    The purpose of “planting your flag” is to prevent someone else from surreptitiously taking that treated-as-unique piece of online presence, pretending to be you, and thereby giving themselves a back door into your finances.

    The sort of situation where this is especially troublesome is where seniors who never became “computer literate” have never bothered to have these sorts of online accounts, and therefore have no online footprint. Unfortunately, such people are very attractive to scam artists, who can probably search out enough information on the web to be able to get a guess on the old “Mom’s maiden name” authentication rules, and then initiate fraudulent activity.

    I’ll note that I was pretty impressed with the CRA process, which included an exchange of secrets before they sent a secret key to the address indicated on past tax returns. I imagine that for someone that moves regularly, there could be some inconvenience in proving your identity, but I have been sufficiently stationary that their process worked well for me, and seemed pretty secure. However, where people choose terrible passwords, apparently this led to thousands numbers of cracked CRA accounts in August 2020.

    At the bank, fraudulent activity might involve transferring funds away, or establishing an unexpected mortgage. At CRA, it might enable redirecting a tax refund, or initiating a COVID-19 assistance payment, directed to someone else’s bank account. The sets of possible frauds are, alas, decently large.

    GTALUG August 11th Notes

    Table of Contents

    1.1 Keybase Alternatives

    • Keybase has offered secured accesses to various sorts of data
      Key directory
      Associates social media identities to encryption keys
      • Twitter
      • Github
      • Reddit
      • Hacker News
      • Mastodon
      • Cryptocurrency wallet addresses
        • Bitcoin
        • Zcash
        • Stellar
      (no term)
      End-to-end encrypted chat
      • Quite a lot of us are using Telegram and Signal
      • Essentially amounts to encrypted chat; many parts are open source
      • Encrypted instant messaging and VOIP
        • Client is free software
        • Server is proprietary
      KBFS
      Encrypted filesystem
      • Public files
      • Private files
      • An end-to-end encrypted, peer-to-peer file storage, sharing and communication network
      • We used this for GTALUG a bit for exchanging server data across the executive
      Teams
      Encrypted chat, fileshare
      • For just key validation keyoxide, I’ve heard of it, have no experience yet. keyoxide.org
        • decentralized
        • MIT licensed

    1.1.1 Element

    1.1.2 The moderation problem

    1.2 Neat Monitoring observation

    Should put obvious information into monitoring alerts

    • The temperature alert that points to calling building managers should include contact information
    • When you create an alert, think through what those reading the alert will immediately want or need, and note that what is obvious today, when we’re reacting to the outage that caused us to set up the alert, may be less obvious in 18 months when a new sysadmin looks at it
    • Put those needed/wanted things in the alert, possibly as a link, tho in case your Wiki might go down, probably the phone number ought to actually be in the alert.
    • Make sure there aren’t any credentials in the alert text!
    • Motion-sensitive camera that gets activated when the sun comes up through the trees in the morning
      • what is the difference between burglars and squirrels and sunrise
      • hurray, flying burglars!
    • Useful to have some alerts suppress other ones

    1.3 Have you changed your ssh keys lately?

    SSH Keytypes Usage

    • There are new algorithms that are theoretically more secure than the old ones
    • Are you using your keys for too many services?
    • ssh config lets you specify per-host keys

    1.4 Have you labelled the disk drives in your desktop?

    Label Your Desktop Drives

    • Using a Dymo label maker or similar
    • Brother apparently makes much nicer label printers
    • Scott Sullivan was literally just preparing a label to attach to a recently scrubbed hard drive
      • need to know the serial number from the drive in a cheap RAID array
    • Howard pulled out a typewriter!
    • Drew generates a 4 digit number for each drive and keeps those as the “key”, sharpie is good enough
      • For personal use, this supports 9999 drives, which is enough; perhaps 3 digits (999) would suffice
      • For organizational use, a bigger serial number would be needful
    • Business cards attached with packing tape

    1.5 Raspberry Pi 4

    • There have been ongoing discussions about building a “Pi Desktop”
    • Evan suggested a notably better case (but that Scott had already posted!) but that was somewhat expensive
    • Budget was not especially clear
    • Initially, Pi4 was running extremely hot, but with modern software releases, way better/cooler

    1.6 IPv6 versus IPv4

    Interesting essay showing some of the inherent conflicts

    • Once you configure prefixes on the router, often Linux, Windows, MacOS often “just work” these days
    • Mozilla Addon ipvfoo-pmarks shows off IPv6 usage

    1.7 Latest grep reimplementation

    ugrep
    written in C++ 2011
    • can search inside compressed archives (numerous sorts, .jar, .zip, tar, .cpio, and compression such as .gz, .bzip2, .xz, …)
    • can search inside documents (.pdf, .xls, .docx, …)
    (no term)
    sift, written in go, parallelizing: https://sift-tool.org/
    (no term)
    ack, written in Perl, extended to do version control, graphics metadata https://metacpan.org/pod/distribution/ack/ack
    (no term)
    rg, written in Rust
    (no term)
    Full text search on Gnome desktop, locate was an olden days standard service
    • `mlocate` is a more user-friendly version of locate
    (no term)
    Tracker seems neat
    (no term)
    Find is still pretty useful
    (no term)
    FSELECT is a Rust-based command line tool that’s loosely find with SQL-like syntax

    1.8 Pinephone now available

    1.9 LibreOffice 7.0 released recently

    1.10 Perl 7 almost out

    1.11 MathML?

    I am using Octave and LaTeX to do calculations and write reports. Conceivably, I could output to HTML instead, but MathML does not seem to work on all browsers. Is this interesting to anyone?

    GTALUG Q&A July 14th, 2020

    1 Notes from GTALUG Meeting 2020-07-14

    1.1 Have you checked NTP recently? (Chris)

    • Upgrading DDWRT on a DIR-632 showed off that ntp config had been broken for years
    • Also router was pointing to DNS on a host that had been gone for years 🙂
    • I always used to use echo dmpeers | ntpdc to check synchronization
    • That apparently stopped working, probably years ago
    • The modern thing is the following:
    root@karush:/var/log# ntpq -p
          
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
     0.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
     1.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
     2.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
     3.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
     LOCAL(1)        .LOCL.          10 l  537   64    0    0.000   +0.000   0.000
     nash.int.linuxd 44.190.6.254     3 s   25   64    1    0.464  -19.446   0.000
     bellman.int.lin .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
     time2.facebook. .FB...           1 u  119   64    2  271.399  +102.36   0.000
     192.168.0.63    .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
     hpaq.int.linuxd 45.79.13.206     3 s   54   64    1    0.283   -4.946   0.000
     karush.int.linu .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
    *ntp1.torix.ca   .PTP0.           1 u   19 1024    3   48.489   -5.496  79.828
    +68-69-221-61.nb .ROSS.           1 u   23 1024    3  138.782  +25.387  39.417
    +ntp2.wiktel.com .GPS.            1 u   23 1024    3   72.396   -7.548  79.119
    +montreal.ca.log 172.105.103.85   3 u   27 1024    3  112.404  +22.622  40.738
    +208.67.72.50    128.227.205.3    2 u   24 1024    3  101.382   -9.729  95.870
    +clock.sjc.he.ne .CDMA.           1 u   37 1024    3  106.625  -11.264  97.836
    +ntp16.doctor.co 50.205.244.28    2 u   42 1024    3  133.717  +24.106  39.239
    +time.cloudflare 10.14.8.68       3 u   42 1024    3  111.500  +22.664  38.322
    +198.255.68.106  192.168.1.193    2 u   40 1024    3  117.507  -13.853  95.332
    +strongbad.voice 200.98.196.212   2 u   43 1024    3   60.177   -8.618  78.205
    

    1.1.1 (Bob B) Can anybody explain what all that stuff in the ntpq output means?

    • Some answers can come from “official NTP”…
    • lol RTFM!
    • still, good question, I’m happy to read thru it……. no, you are correct….. that’s a great page!
    • Chris did a “broad strokes” explanation of much of what was in there, which he hopes gives enough background that the deep detail of the “official” explanations aren’t as overwhelming.

    Scott S pointed out – Info on REFID

    1.2 (Bob B) What are people using for centralized authentication at home labs? Really don’t want AD.

    1.3 (Scott S): Opensource Physical Resource management

    • Room and Equipment bookings.
    • Integrations, MQTT, API
    • Hacklab needs this sort of thing from two perspectives:
      • With COVID-19 still around, they’d like to be able to trace where people have been and where and what physical resources they have touched
      • There is a need to arrange fair bookings for resources like 3D printers, as they now have some fairly reliable ones that will attract a lot of usage requests
    • No real answers came up in discussion
    • Later link added: List of Open Sourced Software for Resource Scheduling and Booking

    1.4 Question: (cbbrowne) Has anyone been making use of the new-ish packaging systems?

    AppImage
    a packaging format
    Snappy
    Canonical sponsored central app repo
    Flatpak
    central app repo, but individuals may host too

    In principle, these are supposed to make it easier to deploy applications where you want faster evolution than distributions offer. (E.g. – [https://wiki.debian.org/DebianReleases][Debian takes For-Ever to get new versions out…]])

    • Nobody seemed to be too much a fan of this
    • It was suggested that this concept was popular for developers that want to do their own thing, and that hate the idea of distribution makers renaming any of their stuff. This suggests a lack of appreciation for policy, which is why distribution makers do that sort of renaming…

    1.5 Question: (cbbrowne) Anyone using mesh networks yet? (802.11s)

    • now supported (if your hardware does) on OpenWRT
    • bridges networks together to give better network coverage by having devices talk to all the routers around them
    • Easy? Hard? Security pains-in-the-neck?
    • new router standards are coming out – 802.11ax aka WiFi6 so probably a good idea to wait

    1.6 Question: (cbbrowne) anyone been playing with the modern terminal fonts that are emerging?

    • Inconsolata
    • Mononoki
    • Ubunto Mono
    • There are barrels more of these
    • Some amount of trying to be kewl
    • some amount of trying to be readable+distinguishable (0!=O) even in small font sizes

    1.7 Security Question of the Month: Have you updated your router firmware lately?

    • OpenWRT just had a new major version (v19) released in May
    • DDWRT has per-device upgrades; how their versioning system is not especially clear
      • Did an upgrade from “v24” (from 2013) to “v3.0” (2019), that’s not overly clear!
      • DDWRT has some pretty proprietary stuff; means they can support Broadcom
    • OpenWRT is a bit better known than pfSense
      • OpenWRT pretty attractive for a place like Hacklab
      • can run Ansible against it!
      • Specialized Ansible for OpenWRT
      • UCI commands (can be seen in the LUCI Web UI) generate configuration; you could use these commands yourself
      • Also consider using Ansible commands + Ansible templates
    • Probably worth looking into pfSense on slightly better hardware
    • Ubiquity edge routers are good for non-wifi contexts

    1.7.1 Recommended OpenWRT Routers

    1.8 CHUWI LarkBox

    GTALUG EtherPad for Meeting of June 9, 2020

    1 GTALUG 2020-06-09

    1.1 Hugh on UEFI for ARM

    Is the raspberry pi sufficiently open so to allow a single distro to be adaptable for multiple different SBCs?

    • Raspbian is often used (forked to “armbian” for other systems)
    • Different devices often need what is termed a “device tree” that is unique to a board or family of related boards
    • Annoying thing about ARM is that many have GPUs, and unfortunately most of the GPUs have issues with NDAs so that it is troublesome to share low level code

    What are your thoughts on using Anaconda in Ubuntu or other Linux distro vs installing all Python packages and using Python virtual environments instead? I’m coming from Windows, so Anaconda was a straight answer, but now that I’m becoming a Linux user, is not that clear that I should use Anaconda, and could better learn to use the Python venv. Just wanted to get some thoughts.

    • pyenv
    • Should we use distribution-managed packages? Or build a virtual environment to pull fresh code?
    • These days, scripting languages have their own dependency systems which makes life difficult for distribution makers.
    • Awesome Alex, thanks for your thorough explanation, I’ll certainly look into pyenv…. my name is Nestor Sanchez btw…

    1.3 Python II – the Sunsetting of version2

    Note that Python 2 is officially sunsetted… https://www.python.org/doc/sunset-python-2/

    Some old Python code still lurks in distributions.

    1.4 Powershell

    Has anyone been playing with Powershell? What sorts of differences are there between that and our favorites?

    • It grew up with Windows so has lots of Windows bits
    • It operates on streams other than Unix “bags of bytes” which can be very different

    1.5 WFH Learning

    • I changed my commute time for walk/run around the neighbourhood time. To keep some routine.
    • Some tendency for longer days because we aren’t consuming any time on commute but maintain broadly similar hours
    • Daily “stand-up” meetings (common in SCRUM methodology) are useful to add a little bit of personal discipline
    • Audio bandwidth limitations are an issue
    • Microphones on laptops that are picking up fans and refrigerators are common problems
    • Microphones intended as speaking headsets provide improvement

    1.6 ROCm

    Any experience among this group with using ROCm for high performance computing?

    1.7 systemd, 10 years later: a historical and technical retrospective

    systemd, 10 years later: a historical and technical retrospective

    • everything needs to be decrudded once in a while

    1.8 JITSI results

    • mixture of opinions, for sure
    • a couple of people fell off the meeting, so not impressed
    • several reporting that sound is quite good
    • user interface is quite comparable to Google Meet and Zoom
    • Can use custom backgrounds similar to what are commonly done on Zoom

    1.8.1 Custom backgrounds for videoconferencing

    Get a green board to go behind, and then compile a virtual camera Using OBS Studio for Google Hangouts/Meet

    • implements a virtual camera that allows putting arbitrary backgrounds behind you
    • GitHub: CatxFish/obs-v4l2sink
    • I made a green screen for chroma key out of 4 pieces of green bristol board from Dollarama.
    • This can work with Jitsi, Zoom, Google Meet

    1.9 Upcoming events

    GTALUG Etherpad for May 13, 2020

    1 Notes from GTALUG Meeting 2020-05-13

    1.1 Running kvm (kernel virtual machine) on Raspberry Pi

    • Yes, it is possible
    • Raspberry PI 3 and above have HW support in the chip and bootloader
    • Possible to run it with docker
    • KVM can run x86 code or ARM code on any machine
    • The problem with ARM – No standard BIOS, an implementations with UEFI and device tree. Not trivial.
    • A version of kubernetes k3s (a simplified version) Runs on Raspberry Pi (containerization not kvm)
    • not a lot of documentation on how to run KVM for raspberry pi
    • Raspberry PI is typically 32-bit vs all of the ‘serious’ containerization projects prefer 64-bit ARM platforms
    • k3s (a sorta cheap Kubernetes) on RPi

    1.2 Has anyone tried POP!OS?

    • POP!OS?
    • An Ubuntu derivative
    • Reviews say this is the most beautiful thing since Elementary OS
    • Produced by system76
    • Really nice UI from the experiences
    • GPU drivers seem to be supported on more stable distributions (RHEL & CentOS) and not Fedora (specifically GPU computing from AMD or Nvidia)
    • Fedora 31 hung on used Dell XPS with NVIDIA graphics
      • ubuntu just works (proprietary drivers)
      • fedora 32 has nouveau
    • POP!OS seems to have sensible defaults
    • /r/popos
    • this is where System76 announced POP!OS, in 2017, when Ubuntu stopped working on Unity

    1.3 Video conferencing for teaching a-la software carpentry

    • (group breakouts & shared screens in small group only)
    • What is software-carpentry.org
    • Teamviewer available for linux but proprietary as hell (one-on-one)
      • this is the software that the scam artists that cold call you about your “Windows computer being filled with viruses and malware” use to take over your computer
      • that doesn’t imply that it’s evil, just that it’s useful
    • Chris wants to propose using tmux or GNU Screen to share terminals 🙂
    • K12 software (educational group software)
    • Not quite a shared / groupable screen, but we just presented to a conference with OBS, and it worked really well: https://obsproject.com/ [SR]
    • Google meet is pretty analogous to zoom and doesn’t offer extra answers
    • VR rooms that have ‘virtual’ breakout rooms
      • Mozilla hubs doesn’t require VR, allows you to log in with browser (hubs.mozilla.org)
      • https://hubs.mozilla.com/ZSJKAWd/loathsome-wooden-gathering
      • Al SpaceVR (no browser version, goggles required) App that comes with oculus
      • AltSpaceVR accessible with steam client
      • each space has concept of virtual board that can be a board, video or screen

    1.4 Let’s set up an etherpad

    location is May GTALUG EtherPad

    1.5 How do people back up their personal stuff

    • Chris has a horde of little Git repos, anything important gets added to a git repo and pushed places (what does “important” mean???)
    • should automate as much as possible so that we don’t forget to back it up
    • I don’t. I should, but everything is too much hassle or expense. I need something as simple as TimeMachine, but I don’t have bandwidth (or cash) to do a cloud backup [SR]
    • Cronopete claims to be a Time Machine clone for Linux:
    • I have a secondary server, and I have a rsync script that backs up my home directory (and a few others) every night.
    • rclone for encrypted backups with 1 local backup and b2 as remote
    • etckeeper stows /etc in your choice of repos automatically. When you run “apt upgrade”, it automatically checks things in. That doesn’t automatically back up the repo; that also needs to be handled

    1.6 Splitting audio and video streams that are still in sync

    ffmpeg -re -i $(youtube-dl -g -f 96 https://www.youtube.com/watch?v=9Auq9mYxFEE) -f v4l2 /dev/video2 -f alsa default 
    
    • Don’t split the streams
    • Video is fed through puredata
    • this has gotta be within OBS’ remit [SR]
    • use OBS to recombine audio and video stream but this is still a problem
    • a/v delay is not always the same

    1.7 People’s experiences with PiHole

    1.8 GPT harddrives vs Motherboards that do not support GPT

    • The issue might be advanced formatting 512 blocks (legacy) vs 4K blocks (now)
    • Seems to work fine except when it works as a boot device
    • Notes on buying new harddriver for an old system (i.e. Motherboard of 2012 vintage)
    • Try to upgrade BIOS there might be a workaround
    • On a GPT driver you can put fake MBR (older BIOS will see MBR drive, newer MBR will see GPT) This is a horrible hack
      • Refine (website)
        • https://www.rodsbooks.com/
        • lots of information on EFI firmware. Lots of discussion on GPT and Hybrid GPT
        • A lot of details on the website not explained in a beginner-friendly way but it is a great resource
    • Howard’s notes – http://home.eol.ca/~hgibson/Linux.html

    1.9 thoughts about the STL trying to merge in the high perfomance C++ folly library from facebook

    • Link to Folly library: https://github.com/facebook/folly
    • I don’t have a mic but the question is about the issues of using out of stream perfomance libraries to fix the gap caused by the STL
    • There is no RCU or high perfomance spinlocks for example.
    • RCU (read-copy-update)
    • Yes it has that but its not a standard so its a problem as your using a third library and having to merge both.
    • You basically have to right a lot of it by hand.

    1.10 Kubernetes (K8S)

    • Does anyone know what a “service mesh” is? There are systems: Istio, Consul, Linkerd. Service Mesh gets treated as “otta be obvious what this is”
    • In HA, a service mesh is a “meshing” of components so that if one component fails, others will take over immediately

    1.11 Thoughts on these database clients?

    • I’m using the MSSQL one. https://github.com/dbcli (seneca)
      • I’ve been finding typing laggy and it crashes on some commands on certain tables, but at least I don’t end up dealing with FreeTDS [SC}
      • Cannot connect to the MSSQL 2000 server that I still deal with [SC]
    • +1 for DBCLI! (I’m Not Giving My Name To A Machine)

    1.12 Cleaning my Laser printer – HP2605DL (Postscript)

    • It’s a colour printer
    • the colour toner seems to have gone cruddy
    • I wiped yellow and green toner off the plastic paper feed; a new supply emerges from somewhere every time I print a sheet
    • Can’t tell where the reservoir of “crud” is 🙁
    • Have you tried the built-in cleaning tool from the manual (page 131)?
      • Not yet, will do…

    1.13 Curious Calculators

    nnn – a terminal-based file manager

    nnn, findable at https://github.com/jarun/nnn, is a terminal-based file manager written in Go, which claims high performance and has a pretty flexible set of functionalities including:

    • Can spawn your favorite $VISUAL $EDITOR to edit files
    • Bookmarks (haven’t used)
    • Fuzzy searching for files
    • Pin frequently used files/directories
    • Mount and manage archives
    • Lots of plugins https://github.com/jarun/nnn/tree/master/plugins to extend its behaviour

    I have, several times, scheduled tasks (taskwarrior!) to poke some more at nnn. It seems inevitable to not go anywhere.

    Why that is finally occurred to me; the reason is that my workflow that would be most relevant to this takes place inside emacs, in the Dired mode.

    There are some neat things in nnn, notably the fuzzy searching, which would lend itself to somewhat more nondeterministic searches for Files Of Interest. However, the learning curve of switching to a dramatically different tool is not to my taste.

    If you’re one of the vi crowd, this may be to your taste; it seems interesting. (I was tempted enough to keep it lurking in my task list for a couple months.)

    My saga with tmux

    I have been a longstanding user of GNU screen, a terminal multiplexor, which is loosely a terminal-oriented equivalent to an X window manager. For a fair number of years now, I have been using tmux instead; it was written more recently, starting from scratch, with BSD license, and so is somewhat smaller, perhaps faster, and leaves behind features that weren’t of much interest.

    What I do with this

    I commonly set up tmux sessions when I first log onto a system, and set up some sub-terminals tied to useful tasks such as:

    • Command sessions – I’ll always have some terminals ready to run commands
    • Log tails – if I am debugging something, I will set up a tail -f command in a virtual terminal to watch the logs, so that I may quickly switch to that terminal and see what has recently happened
    • ssh sessions for command sessions running on remote hosts (on my laptop, these will be mosh sessions
    • kubernetes sessions – command sessions where the CLI environment is set up for one k8s environment or another

    Further tools

    The awesome-tmux Github site has a whole lot of useful links to “meta-tools” for use with tmux, various of which I have found useful:

    • tmuxinator allows setting up a whole tmux session complete with numerous virtual terminals connected to commands and environments
    • gitmux puts git status information into the tmux status bar, which is nicer than putting it (as I have done with zsh) onto the start or end of the command line
    • tmux-continuum will automatically save the state of a tmux session environment so that a complex environment may be automatically recreated. This is pretty cool as a “perhaps better than tmuxinator” thing; with tmuxinator, it’s easy to restart, but you need to add environment configuration manually to tmuxinator configuration, whereas continuum picks that up automatically. There are definitely advantages and disadvantages in both directions; tmuxinator will tend to have a “cleaner” environment, but you need to do more work to get that cleanliness.

    Also playing with 3mux

    3mux was inspired by tmux and by the i3 window manager; it makes more natural use of the mouse, has a claimed-more-sane set of keybindings, and claims a shorter learning curve.

    I have played with it a bit; in view that I had gotten through the GNU Screen learning curve many years ago, that’s not so much something I’d account as good, and the differences have proven demerits to me. Also note that there’s lots of third party projects improving on tmux that don’t naturally automatically apply to 3mux.

    Other References

    I did a talk in 2015 on Screen, Tmux, Byobu, the Secret Terminal Brains!!!

    See also my web page on GNU screen, which has further links about tmux and related tools.

    lm – list manual pages

    I have wanted this for… probably half of my life?

    lm (see https://woozle.org/papers/plan9.html) apparently existed in Plan 9 many years ago; it wraps apropos (and is similar to man -k) so that instead of just listing names and sections of manual pages, it sets up the line to have the man section whatever command at the start of the line, so that the gentle user may copy and paste this to a command line, because that’s almost certainly what the gentle user intends to do next.

    I reimplemented it as a zsh function, because, well, why not?

    (|N/A:default)cbbrowne@cbbrowne2 /tmp> lm ()
    {
      apropos -l "$@" | sed 's/(.) ((.)) * - /man \2 \1 # /'
    }

    So, how does this work?

    (|N/A:default)cbbrowne@cbbrowne2 /> lm dockerfile
    man 1 docker-build # Build an image from a Dockerfile
    man 1 docker-builder-build # Build an image from a Dockerfile
    man 1 docker-image-build # Build an image from a Dockerfile
    man 5 Dockerfile # automate the steps of creating a Docker image
    (|N/A:default)cbbrowne@cbbrowne2 />

    Awesome, no?

    CFEngine Alternatives

    I have been using CFEngine 2 (which is substantially different from version 3) for a great many years to manage various aspects of my home system environments, making use of such things as:

    • Copying files, to do simplistic backups where that works
    • Editing files to have particular content such as SSH keys, cron jobs
    • Restarting processes that I want to keep running (syncthing, dropbox, …)
    • Running shell commands on particular hosts
      • To run backups
      • To run cleanup jobs
    • Setting up symlinks to configuration files, so that I have authoritative configuration in a git repository, and then rc files in $HOME or $HOME/.config or such reference them
    • Ensuring ssh keys have appropriately non-revelatory permissions
    • Making sure new servers have my set of favorite directories

    I had used cfengine2 to build system management tools with a “PostgreSQL flair”, where the point was to help manage database instances, doing things like:

    • Deploying PostgreSQL binaries and libraries (our custom builds included Slony-I, for instance)
    • Rotating database logs
    • Building out the filesystem environment for database clusters, thus
      • Setting up needed directories for PGDATA
      • Setting up database log directories
      • Setting up symlinks for the latest binaries, alongside the above “deploying” of the binaries

    Eventually, others took this over, ultimately replacing CFEngine with newer tools like Puppet and Ansible, so these uses fell out of my hands.

    I never made the migration from CFEngine 2 to CFEngine 3; the latter is apparently a fair bit more featureful, but I found myself unhappy with how the authors decided that having decently trackable logging was something they felt should be a proprietary extra-price extension.

    Perhaps ten years later, now, I’m finding that builds of cfengine2 are getting sparse in Linux package management systems.

    I started looking around at the sorts of systems that are considered to be successors to CFEngine. My encounters with Puppet have left me with no desire to take that on for systems I’m operating for myself; it seems slow-running and tedious. The short list of plausible alternatives I found of most interest were Ansible and Salt Stack. But as I started poking further, I found that none of these actually reflected the ways in which I have been using CFEngine.

    Systems like Puppet, Ansible, and Salt Stack are intended for deploying services and applications, along with their configuration. That’s largely not what I’m doing. (Perhaps I should be looking at it more that way, but it certainly hasn’t been…)

    It looks like none of these are what I’m needing for my usual use cases. I am doing some replacements with more modern bits of technology, but with only partial migration away from CFEngine2.

    Services

    The situations where I was having CFEngine launch, and keep running, certain processes are looking, these days, like what systemd does. I am not especially a lover of systemd, but nor am I one of the haters. I am unhappy with the steady scope creep it seems to undergo, but I do like the way that Unit files provide a declarative way of describing services, their semantics, and their relationships.

    For the various services that I want operating, I have set up systemd user unit files. This has led to more CFEngine2 configuration, curiously enough:

    • I create Unit files for services in my favorite Git repo that manages my configuration
    • Configuration files for the service reside in that repo, too.
    • I added CFEngine link targets to point $(HOME)/.config/systemd/user/$SERVICE.service to the unit file in my git repo, and, typically, more to point $HOME/.config to the configuration for the service
    • I added CFEngine process rules that check for service processes that should be running, and run /bin/systemctl --user start $SERVICE if they are not running

    It means there’s a few more CFEngine rules, but basically of just two sorts:

    • Process rules, to manage the service process (and it’s using systemd tooling, which is pretty “native,” no horrendous hackishness), and
    • Link rules, to link files in the Git repo into the places where they need to be deployed.

    Links

    A lot of what I now have left in CFEngine is a set of rules for establishing symlinks.

    There has been an outgrowth of tools for doing this sort of thing, and, to be more precise, tools for managing “dotfiles”. There is an awesome-dotfiles repository linking to numerous tools that have been established to help with this.

    There are two that elicited the most interest from me:

    • dot-templater, a Rust-based tool with a system for customizing which files (and content) are exposed on each system
    • chezmoi, a more sophisticated system that has a "chezmoi” command for interactively attaching dotfiles to one’s configuration repository

    Sadly, they are all so much more sophisticated than symlinks that it has, thus far, seemed simpler just to add a few more link entries to my main CFEngine script.

    The direction I am thinking of is to take my “hive” of CFEngine link lines, which, in truth, are decently terse and declarative, and write a little shell-based parser that can read and apply that. Actually, there’s several approaches:

    • Read the link rules, and directly apply them
    • Read the link rules, and generate commands for one or another of the “dotfile manager” tools to put the files under management

    Cron Jobs

    My use of CFEngine has gone through various bits of evolution over time.

    • Originally, I set up shellcommand rules to run interesting processes periodically, so that my crontab would run cfengine some number of times per hour, and the shellcommand rules would invoke the processes.
      This is well and fine, but means that there are two sources of truth as to what is running, namely what is in the crontab, and what is in my cfengine script. Two sources of truth is not particularly fun.
    • As a part of the “Managing Database Servers” thing, years back, I had recognized that the above was not nice, and so wrote up a script that would capture one’s crontab into a file that would be captured in a specific place, complete with history. It would therefore check the current crontab against the previous version, capturing new versions any time there was a change. This is an output-only approach to things, but nevertheless very useful for tracking history of crontab over time.
      I had never applied this at home.
    • I determined that I needed to fix my “two sources of truth” problem, so took measures to Do Better.
      • A first step was to capture, on each host, the current contents of users’ crontabs, and, as a better thing than before, capturing this in a versioned fashion into a Git repository. This provides the history that Managing Database Servers had done, but as it resides, version-controlled within Git, even better.
        CRONHOME=${HOME}/GitConfig/InitFiles/cron
        pushd ${CRONHOME}
        CRONTABOUTPUT=$(whoami).$(hostname)
        echo "Saving crontab to ${CRONTABOUTPUT}"
        USERNAME=$(/usr/bin/whoami)
        HOST=$(hostname)
        crontab -l > ${CRONHOME}/${CRONTABOUTPUT}
        git add ${CRONTABOUTPUT}
        git commit -m "Saving crontab for user ${USERNAME} on host ${HOST}" ${CRONTABOUTPUT}
    • The new, still better step was to use editfiles to compute what I wanted to have in my crontabs. This would construct new files, $(CRONTABS)/$(hostname).$(username).wanted
      consisting of everything that my CFEngine script decided ought to be running on this host, for this user. Thus, the CFEngine script represents the Single Point Of Truth as to what is supposed to be in my crontab.
      I ran this, and in the interest of some lack of trust ;-), did not immediately automate application of this as a new crontab.
      • I did a nice manual run across each of my hosts, comparing the dumped crontab output with what is thought wanted, namely $(CRONTABS)/$(hostname).$(username).wanted
      • There were discrepancies (and since it wasn’t automatically applied, no consternation!), so some modifications were done to rectify shortcomings
      • When I concluded that everything matched my desires, it’s apropos to run crontab against $(CRONTABS)/$(hostname).$(username).wanted so that this is automatically applied
      • Now we have a series of single points of truth:
        • The captured-in-git history files document actual states of crontab over time
        • If I want to add or remove jobs, that takes place by modifying the CFEngine code to add/remove editfiles rules.

    This is not exactly a “migration away from CFEngine”, but it does make for a way better controlled set of cron jobs.

    I am quite sure that I am not sure what would be much better. I have looked into cron alternatives both small and large. At one point, we did a Proof of Concept at work looking at Dollar Universe (now a Computer Associates product), at the really sophisticated end. That would, personally, be ridiculous overkill, but there are places where it’s going to be a good choice.

    Cron has a number of weaknesses:

    • Not very easily auditable
    • Not good at handling “flow control” where a system may be getting overloaded by the set of cron jobs getting invoked
    • No in-system awareness of jobs that should be mutually exclusive or that should be ordered. (“Don’t run A and B simultaneously; make sure to only run B after having run A”)

    Nevertheless, for small-ish tasks where exact timing isn’t too critical and where conflicts may be addressed by running jobs in separate hours of the day, it isn’t worth looking to a job scheduling system that is way more complex to manage and heavier weight to run.

    One would-be alternative to cron that looks somewhat interesting is pg_timetable which has its data store backed by PostgreSQL and which has a notion of “task chains.”

    At one point, I did a bit of work creating a “pg_cron,” which had loosely similar requirements. It never reached the point of working; the place where I was pointedly short on answers was on how to establish the working environment for tasks. The environment needs to be “portable” in a number of ways; you’d want to be able to control tasks running on remote hosts, too. David Tilbrook’s QEF environment seemed to have relevance; it had ways of managing the launching of work agents with tight control over the environment they would receive. Unfortunately, time just hasn’t permitted experimenting more deeply with that.