GTALUG August 11th Notes

Table of Contents

1.1 Keybase Alternatives

  • Keybase has offered secured accesses to various sorts of data
    Key directory
    Associates social media identities to encryption keys
    • Twitter
    • Github
    • Reddit
    • Hacker News
    • Mastodon
    • Cryptocurrency wallet addresses
      • Bitcoin
      • Zcash
      • Stellar
    (no term)
    End-to-end encrypted chat
    • Quite a lot of us are using Telegram and Signal
    • Essentially amounts to encrypted chat; many parts are open source
    • Encrypted instant messaging and VOIP
      • Client is free software
      • Server is proprietary
    KBFS
    Encrypted filesystem
    • Public files
    • Private files
    • An end-to-end encrypted, peer-to-peer file storage, sharing and communication network
    • We used this for GTALUG a bit for exchanging server data across the executive
    Teams
    Encrypted chat, fileshare
    • For just key validation keyoxide, I’ve heard of it, have no experience yet. keyoxide.org
      • decentralized
      • MIT licensed

1.1.1 Element

1.1.2 The moderation problem

1.2 Neat Monitoring observation

Should put obvious information into monitoring alerts

  • The temperature alert that points to calling building managers should include contact information
  • When you create an alert, think through what those reading the alert will immediately want or need, and note that what is obvious today, when we’re reacting to the outage that caused us to set up the alert, may be less obvious in 18 months when a new sysadmin looks at it
  • Put those needed/wanted things in the alert, possibly as a link, tho in case your Wiki might go down, probably the phone number ought to actually be in the alert.
  • Make sure there aren’t any credentials in the alert text!
  • Motion-sensitive camera that gets activated when the sun comes up through the trees in the morning
    • what is the difference between burglars and squirrels and sunrise
    • hurray, flying burglars!
  • Useful to have some alerts suppress other ones

1.3 Have you changed your ssh keys lately?

SSH Keytypes Usage

  • There are new algorithms that are theoretically more secure than the old ones
  • Are you using your keys for too many services?
  • ssh config lets you specify per-host keys

1.4 Have you labelled the disk drives in your desktop?

Label Your Desktop Drives

  • Using a Dymo label maker or similar
  • Brother apparently makes much nicer label printers
  • Scott Sullivan was literally just preparing a label to attach to a recently scrubbed hard drive
    • need to know the serial number from the drive in a cheap RAID array
  • Howard pulled out a typewriter!
  • Drew generates a 4 digit number for each drive and keeps those as the “key”, sharpie is good enough
    • For personal use, this supports 9999 drives, which is enough; perhaps 3 digits (999) would suffice
    • For organizational use, a bigger serial number would be needful
  • Business cards attached with packing tape

1.5 Raspberry Pi 4

  • There have been ongoing discussions about building a “Pi Desktop”
  • Evan suggested a notably better case (but that Scott had already posted!) but that was somewhat expensive
  • Budget was not especially clear
  • Initially, Pi4 was running extremely hot, but with modern software releases, way better/cooler

1.6 IPv6 versus IPv4

Interesting essay showing some of the inherent conflicts

  • Once you configure prefixes on the router, often Linux, Windows, MacOS often “just work” these days
  • Mozilla Addon ipvfoo-pmarks shows off IPv6 usage

1.7 Latest grep reimplementation

ugrep
written in C++ 2011
  • can search inside compressed archives (numerous sorts, .jar, .zip, tar, .cpio, and compression such as .gz, .bzip2, .xz, …)
  • can search inside documents (.pdf, .xls, .docx, …)
(no term)
sift, written in go, parallelizing: https://sift-tool.org/
(no term)
ack, written in Perl, extended to do version control, graphics metadata https://metacpan.org/pod/distribution/ack/ack
(no term)
rg, written in Rust
(no term)
Full text search on Gnome desktop, locate was an olden days standard service
  • `mlocate` is a more user-friendly version of locate
(no term)
Tracker seems neat
(no term)
Find is still pretty useful
(no term)
FSELECT is a Rust-based command line tool that’s loosely find with SQL-like syntax

1.8 Pinephone now available

1.9 LibreOffice 7.0 released recently

1.10 Perl 7 almost out

1.11 MathML?

I am using Octave and LaTeX to do calculations and write reports. Conceivably, I could output to HTML instead, but MathML does not seem to work on all browsers. Is this interesting to anyone?

GTALUG Q&A July 14th, 2020

1 Notes from GTALUG Meeting 2020-07-14

1.1 Have you checked NTP recently? (Chris)

  • Upgrading DDWRT on a DIR-632 showed off that ntp config had been broken for years
  • Also router was pointing to DNS on a host that had been gone for years 🙂
  • I always used to use echo dmpeers | ntpdc to check synchronization
  • That apparently stopped working, probably years ago
  • The modern thing is the following:
root@karush:/var/log# ntpq -p
      
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 1.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 2.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 3.debian.pool.n .POOL.          16 p    -   64    0    0.000   +0.000   0.000
 LOCAL(1)        .LOCL.          10 l  537   64    0    0.000   +0.000   0.000
 nash.int.linuxd 44.190.6.254     3 s   25   64    1    0.464  -19.446   0.000
 bellman.int.lin .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
 time2.facebook. .FB...           1 u  119   64    2  271.399  +102.36   0.000
 192.168.0.63    .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
 hpaq.int.linuxd 45.79.13.206     3 s   54   64    1    0.283   -4.946   0.000
 karush.int.linu .XFAC.          16 s    -  128    0    0.000   +0.000   0.000
*ntp1.torix.ca   .PTP0.           1 u   19 1024    3   48.489   -5.496  79.828
+68-69-221-61.nb .ROSS.           1 u   23 1024    3  138.782  +25.387  39.417
+ntp2.wiktel.com .GPS.            1 u   23 1024    3   72.396   -7.548  79.119
+montreal.ca.log 172.105.103.85   3 u   27 1024    3  112.404  +22.622  40.738
+208.67.72.50    128.227.205.3    2 u   24 1024    3  101.382   -9.729  95.870
+clock.sjc.he.ne .CDMA.           1 u   37 1024    3  106.625  -11.264  97.836
+ntp16.doctor.co 50.205.244.28    2 u   42 1024    3  133.717  +24.106  39.239
+time.cloudflare 10.14.8.68       3 u   42 1024    3  111.500  +22.664  38.322
+198.255.68.106  192.168.1.193    2 u   40 1024    3  117.507  -13.853  95.332
+strongbad.voice 200.98.196.212   2 u   43 1024    3   60.177   -8.618  78.205

1.1.1 (Bob B) Can anybody explain what all that stuff in the ntpq output means?

  • Some answers can come from “official NTP”…
  • lol RTFM!
  • still, good question, I’m happy to read thru it……. no, you are correct….. that’s a great page!
  • Chris did a “broad strokes” explanation of much of what was in there, which he hopes gives enough background that the deep detail of the “official” explanations aren’t as overwhelming.

Scott S pointed out – Info on REFID

1.2 (Bob B) What are people using for centralized authentication at home labs? Really don’t want AD.

1.3 (Scott S): Opensource Physical Resource management

  • Room and Equipment bookings.
  • Integrations, MQTT, API
  • Hacklab needs this sort of thing from two perspectives:
    • With COVID-19 still around, they’d like to be able to trace where people have been and where and what physical resources they have touched
    • There is a need to arrange fair bookings for resources like 3D printers, as they now have some fairly reliable ones that will attract a lot of usage requests
  • No real answers came up in discussion
  • Later link added: List of Open Sourced Software for Resource Scheduling and Booking

1.4 Question: (cbbrowne) Has anyone been making use of the new-ish packaging systems?

AppImage
a packaging format
Snappy
Canonical sponsored central app repo
Flatpak
central app repo, but individuals may host too

In principle, these are supposed to make it easier to deploy applications where you want faster evolution than distributions offer. (E.g. – [https://wiki.debian.org/DebianReleases][Debian takes For-Ever to get new versions out…]])

  • Nobody seemed to be too much a fan of this
  • It was suggested that this concept was popular for developers that want to do their own thing, and that hate the idea of distribution makers renaming any of their stuff. This suggests a lack of appreciation for policy, which is why distribution makers do that sort of renaming…

1.5 Question: (cbbrowne) Anyone using mesh networks yet? (802.11s)

  • now supported (if your hardware does) on OpenWRT
  • bridges networks together to give better network coverage by having devices talk to all the routers around them
  • Easy? Hard? Security pains-in-the-neck?
  • new router standards are coming out – 802.11ax aka WiFi6 so probably a good idea to wait

1.6 Question: (cbbrowne) anyone been playing with the modern terminal fonts that are emerging?

  • Inconsolata
  • Mononoki
  • Ubunto Mono
  • There are barrels more of these
  • Some amount of trying to be kewl
  • some amount of trying to be readable+distinguishable (0!=O) even in small font sizes

1.7 Security Question of the Month: Have you updated your router firmware lately?

  • OpenWRT just had a new major version (v19) released in May
  • DDWRT has per-device upgrades; how their versioning system is not especially clear
    • Did an upgrade from “v24” (from 2013) to “v3.0” (2019), that’s not overly clear!
    • DDWRT has some pretty proprietary stuff; means they can support Broadcom
  • OpenWRT is a bit better known than pfSense
    • OpenWRT pretty attractive for a place like Hacklab
    • can run Ansible against it!
    • Specialized Ansible for OpenWRT
    • UCI commands (can be seen in the LUCI Web UI) generate configuration; you could use these commands yourself
    • Also consider using Ansible commands + Ansible templates
  • Probably worth looking into pfSense on slightly better hardware
  • Ubiquity edge routers are good for non-wifi contexts

1.7.1 Recommended OpenWRT Routers

1.8 CHUWI LarkBox

GTALUG EtherPad for Meeting of June 9, 2020

1 GTALUG 2020-06-09

1.1 Hugh on UEFI for ARM

Is the raspberry pi sufficiently open so to allow a single distro to be adaptable for multiple different SBCs?

  • Raspbian is often used (forked to “armbian” for other systems)
  • Different devices often need what is termed a “device tree” that is unique to a board or family of related boards
  • Annoying thing about ARM is that many have GPUs, and unfortunately most of the GPUs have issues with NDAs so that it is troublesome to share low level code

What are your thoughts on using Anaconda in Ubuntu or other Linux distro vs installing all Python packages and using Python virtual environments instead? I’m coming from Windows, so Anaconda was a straight answer, but now that I’m becoming a Linux user, is not that clear that I should use Anaconda, and could better learn to use the Python venv. Just wanted to get some thoughts.

  • pyenv
  • Should we use distribution-managed packages? Or build a virtual environment to pull fresh code?
  • These days, scripting languages have their own dependency systems which makes life difficult for distribution makers.
  • Awesome Alex, thanks for your thorough explanation, I’ll certainly look into pyenv…. my name is Nestor Sanchez btw…

1.3 Python II – the Sunsetting of version2

Note that Python 2 is officially sunsetted… https://www.python.org/doc/sunset-python-2/

Some old Python code still lurks in distributions.

1.4 Powershell

Has anyone been playing with Powershell? What sorts of differences are there between that and our favorites?

  • It grew up with Windows so has lots of Windows bits
  • It operates on streams other than Unix “bags of bytes” which can be very different

1.5 WFH Learning

  • I changed my commute time for walk/run around the neighbourhood time. To keep some routine.
  • Some tendency for longer days because we aren’t consuming any time on commute but maintain broadly similar hours
  • Daily “stand-up” meetings (common in SCRUM methodology) are useful to add a little bit of personal discipline
  • Audio bandwidth limitations are an issue
  • Microphones on laptops that are picking up fans and refrigerators are common problems
  • Microphones intended as speaking headsets provide improvement

1.6 ROCm

Any experience among this group with using ROCm for high performance computing?

1.7 systemd, 10 years later: a historical and technical retrospective

systemd, 10 years later: a historical and technical retrospective

  • everything needs to be decrudded once in a while

1.8 JITSI results

  • mixture of opinions, for sure
  • a couple of people fell off the meeting, so not impressed
  • several reporting that sound is quite good
  • user interface is quite comparable to Google Meet and Zoom
  • Can use custom backgrounds similar to what are commonly done on Zoom

1.8.1 Custom backgrounds for videoconferencing

Get a green board to go behind, and then compile a virtual camera Using OBS Studio for Google Hangouts/Meet

  • implements a virtual camera that allows putting arbitrary backgrounds behind you
  • GitHub: CatxFish/obs-v4l2sink
  • I made a green screen for chroma key out of 4 pieces of green bristol board from Dollarama.
  • This can work with Jitsi, Zoom, Google Meet

1.9 Upcoming events

GTALUG Etherpad for May 13, 2020

1 Notes from GTALUG Meeting 2020-05-13

1.1 Running kvm (kernel virtual machine) on Raspberry Pi

  • Yes, it is possible
  • Raspberry PI 3 and above have HW support in the chip and bootloader
  • Possible to run it with docker
  • KVM can run x86 code or ARM code on any machine
  • The problem with ARM – No standard BIOS, an implementations with UEFI and device tree. Not trivial.
  • A version of kubernetes k3s (a simplified version) Runs on Raspberry Pi (containerization not kvm)
  • not a lot of documentation on how to run KVM for raspberry pi
  • Raspberry PI is typically 32-bit vs all of the ‘serious’ containerization projects prefer 64-bit ARM platforms
  • k3s (a sorta cheap Kubernetes) on RPi

1.2 Has anyone tried POP!OS?

  • POP!OS?
  • An Ubuntu derivative
  • Reviews say this is the most beautiful thing since Elementary OS
  • Produced by system76
  • Really nice UI from the experiences
  • GPU drivers seem to be supported on more stable distributions (RHEL & CentOS) and not Fedora (specifically GPU computing from AMD or Nvidia)
  • Fedora 31 hung on used Dell XPS with NVIDIA graphics
    • ubuntu just works (proprietary drivers)
    • fedora 32 has nouveau
  • POP!OS seems to have sensible defaults
  • /r/popos
  • this is where System76 announced POP!OS, in 2017, when Ubuntu stopped working on Unity

1.3 Video conferencing for teaching a-la software carpentry

  • (group breakouts & shared screens in small group only)
  • What is software-carpentry.org
  • Teamviewer available for linux but proprietary as hell (one-on-one)
    • this is the software that the scam artists that cold call you about your “Windows computer being filled with viruses and malware” use to take over your computer
    • that doesn’t imply that it’s evil, just that it’s useful
  • Chris wants to propose using tmux or GNU Screen to share terminals 🙂
  • K12 software (educational group software)
  • Not quite a shared / groupable screen, but we just presented to a conference with OBS, and it worked really well: https://obsproject.com/ [SR]
  • Google meet is pretty analogous to zoom and doesn’t offer extra answers
  • VR rooms that have ‘virtual’ breakout rooms
    • Mozilla hubs doesn’t require VR, allows you to log in with browser (hubs.mozilla.org)
    • https://hubs.mozilla.com/ZSJKAWd/loathsome-wooden-gathering
    • Al SpaceVR (no browser version, goggles required) App that comes with oculus
    • AltSpaceVR accessible with steam client
    • each space has concept of virtual board that can be a board, video or screen

1.4 Let’s set up an etherpad

location is May GTALUG EtherPad

1.5 How do people back up their personal stuff

  • Chris has a horde of little Git repos, anything important gets added to a git repo and pushed places (what does “important” mean???)
  • should automate as much as possible so that we don’t forget to back it up
  • I don’t. I should, but everything is too much hassle or expense. I need something as simple as TimeMachine, but I don’t have bandwidth (or cash) to do a cloud backup [SR]
  • Cronopete claims to be a Time Machine clone for Linux:
  • I have a secondary server, and I have a rsync script that backs up my home directory (and a few others) every night.
  • rclone for encrypted backups with 1 local backup and b2 as remote
  • etckeeper stows /etc in your choice of repos automatically. When you run “apt upgrade”, it automatically checks things in. That doesn’t automatically back up the repo; that also needs to be handled

1.6 Splitting audio and video streams that are still in sync

ffmpeg -re -i $(youtube-dl -g -f 96 https://www.youtube.com/watch?v=9Auq9mYxFEE) -f v4l2 /dev/video2 -f alsa default 
  • Don’t split the streams
  • Video is fed through puredata
  • this has gotta be within OBS’ remit [SR]
  • use OBS to recombine audio and video stream but this is still a problem
  • a/v delay is not always the same

1.7 People’s experiences with PiHole

1.8 GPT harddrives vs Motherboards that do not support GPT

  • The issue might be advanced formatting 512 blocks (legacy) vs 4K blocks (now)
  • Seems to work fine except when it works as a boot device
  • Notes on buying new harddriver for an old system (i.e. Motherboard of 2012 vintage)
  • Try to upgrade BIOS there might be a workaround
  • On a GPT driver you can put fake MBR (older BIOS will see MBR drive, newer MBR will see GPT) This is a horrible hack
    • Refine (website)
      • https://www.rodsbooks.com/
      • lots of information on EFI firmware. Lots of discussion on GPT and Hybrid GPT
      • A lot of details on the website not explained in a beginner-friendly way but it is a great resource
  • Howard’s notes – http://home.eol.ca/~hgibson/Linux.html

1.9 thoughts about the STL trying to merge in the high perfomance C++ folly library from facebook

  • Link to Folly library: https://github.com/facebook/folly
  • I don’t have a mic but the question is about the issues of using out of stream perfomance libraries to fix the gap caused by the STL
  • There is no RCU or high perfomance spinlocks for example.
  • RCU (read-copy-update)
  • Yes it has that but its not a standard so its a problem as your using a third library and having to merge both.
  • You basically have to right a lot of it by hand.

1.10 Kubernetes (K8S)

  • Does anyone know what a “service mesh” is? There are systems: Istio, Consul, Linkerd. Service Mesh gets treated as “otta be obvious what this is”
  • In HA, a service mesh is a “meshing” of components so that if one component fails, others will take over immediately

1.11 Thoughts on these database clients?

  • I’m using the MSSQL one. https://github.com/dbcli (seneca)
    • I’ve been finding typing laggy and it crashes on some commands on certain tables, but at least I don’t end up dealing with FreeTDS [SC}
    • Cannot connect to the MSSQL 2000 server that I still deal with [SC]
  • +1 for DBCLI! (I’m Not Giving My Name To A Machine)

1.12 Cleaning my Laser printer – HP2605DL (Postscript)

  • It’s a colour printer
  • the colour toner seems to have gone cruddy
  • I wiped yellow and green toner off the plastic paper feed; a new supply emerges from somewhere every time I print a sheet
  • Can’t tell where the reservoir of “crud” is 🙁
  • Have you tried the built-in cleaning tool from the manual (page 131)?
    • Not yet, will do…

1.13 Curious Calculators