●● IRC: #boycottnovell @ FreeNode: Thursday, February 11, 2021 ●● ● Feb 11 [10:37] schestowitz__ gemini.techrights.org. 14400 IN A [10:37] schestowitz__ 81.154.168.60 [10:38] schestowitz__ I have regenerated keys [10:38] schestowitz__ restarted agate [10:38] schestowitz__ when trying to connect it denies proxy request, it says [10:38] schestowitz__ maybe the above record needs changing to cname? maybe dns propagation? [10:42] Techrights-sec Yes, it would need the name there: [10:42] Techrights-sec Failed to connect to the [10:42] Techrights-sec server: hostname does not [10:42] Techrights-sec verify: x509: certificate [10:42] Techrights-sec is valid for gemini. [10:42] Techrights-sec techrights.org, not host81 [10:42] Techrights-sec 154-168-60.range81-154. [10:42] Techrights-sec btcentralplus.com. [10:42] Techrights-sec from the Gemini client amfora [10:42] Techrights-sec did the registrar reply? [10:43] schestowitz__ Yes, I have a GUI where I can change this, defaults to A record, cannot be changed [10:43] Techrights-sec nevermind [10:43] Techrights-sec I see the name [10:43] Techrights-sec however it is an A name. The A name needs to be provided by the dynamic DNS service [10:45] Techrights-sec I am not sure but that will probably not work [10:45] Techrights-sec What is the password for my login there at the registrar? [10:48] schestowitz__ only www. and ftp. show up as CNAME [10:50] Techrights-sec The A name will point to an IP address [10:50] Techrights-sec The CNAME will then point to the established A name. [10:50] Techrights-sec ;; ANSWER SECTION: [10:50] Techrights-sec www.techrights.org. 14400 IN CNAME techrights.org. [10:50] Techrights-sec techrights.org. 3375 IN A 23.161.112.116 [10:50] Techrights-sec The A name has to exist first [10:50] Techrights-sec (AFAIK) [10:50] schestowitz__ maybe I will just ask them to assist... [10:52] schestowitz__ upside is, it seems like the pi already has a domain name for ssh, which I can keep updated after reset. does ssh@ name work for you? [10:53] schestowitz__ I also ping and ssh it, the ports are open for that. not sure why gemini is fussy but I assume its matching between certs and domain fail somewhere, will recheck [10:56] Techrights-sec yes [10:56] Techrights-sec but if the IP changes, then it will point at an old address ,possibly [10:56] Techrights-sec someone else's machine [10:57] schestowitz__ that was always an issue when using IPv4 address as well, but now I can quickly access a GUI instead of notifying of changes ● Feb 11 [11:00] schestowitz__ for gemini I get "proxy request refused" and I tried from localhost and another machine on our LAN [11:00] Techrights-sec Right but that task is meant to be automated. [11:01] schestowitz__ eventually the IP might be static anyway, if we deploy this to the HV under some container [11:04] schestowitz__ https://lists.orbitalfox.eu/archives/gemini/2020/003792.html [11:04] -TechrightsBN/#boycottnovell-lists.orbitalfox.eu | IDN with Gemini? [11:04] schestowitz__ " [11:04] schestowitz__ I'm pretty sure this is because no punycoding is being done in the DNS, and [11:04] schestowitz__ it's probably getting the UTF-8 encoding instead of " [11:04] schestowitz__ xn--gmeaux-bva.bortzmeyer.org". When I ask Lagrange to connect to the [11:04] schestowitz__ punycoded form explicitly, your server does not recognize it as "self" and [11:04] schestowitz__ replies with "Proxy Request Refused". [11:04] schestowitz__ " [11:06] schestowitz__ yes, both ipfs and gemini should eventually be on there, at risk of having less direct control over the physical hosting site. It's all about the load these incur. [11:11] schestowitz__ Hi, [11:11] schestowitz__ Thanks very much for the pointer. [11:11] schestowitz__ I've gotten as far as setting up the subdomain, but I cannot make it a CNAME, which is maybe what I need because Gemini browsers complain "Proxy Request Refused". [11:11] schestowitz__ I'm told it's likely because that's an A record. I am not given the option to change that in cpanel (screenshot attached). [11:26] Techrights-sec The underlying problem with the name would be the dynamic dns. [11:26] Techrights-sec That step has to come first afaik [11:27] schestowitz__ I have just received a reply and it seems they can change it, but not from the GUI [11:27] schestowitz__ will fwd to you the mail [11:28] schestowitz__ check mail [11:32] Techrights-sec It should not be overriden, the A name must be supplied by the dynamic [11:32] Techrights-sec dns serivce first. Can the registrar provide that for the RPi? [11:32] Techrights-sec It would be a user-name, password, and URL that would go into ddclient [11:32] Techrights-sec Then all that can be managed automatically and it won't need intervention [11:32] Techrights-sec when the IP number changes [11:32] schestowitz__ ddclient installed [11:32] schestowitz__ Dynamic DNS service provider: [11:32] schestowitz__ [11:32] schestowitz__ www.dyndns.com [11:32] schestowitz__ www.easydns.com [11:32] schestowitz__ www.dslreports.com [11:32] schestowitz__ www.zoneedit.com [11:32] schestowitz__ other [11:33] schestowitz__ [11:34] schestowitz__ easydns is 35 bucks a year [11:35] Techrights-sec Yes, can catalyst2 provide a dynamic dns subscription? [11:35] Techrights-sec If they can, we'll plug that info into ddclient. [11:35] Techrights-sec If not, then we can consider one of the other services for that. [11:35] Techrights-sec What about catalyst2 though? Can they provide dynamic dns? [11:35] Techrights-sec Some provide it free with their package. [11:39] schestowitz__ " [11:39] schestowitz__ I've spoken to a colleague, who says that what we probably want is dynamic dns, where the aforementioned record points to that instead of the IP address. I've just installed ddclient and it seems to be asking what provider to use (mostly US-based ones exist). [11:39] schestowitz__ Does Catalyst2 provide dynamic dns as a service? I'd prefer to keep all those things with the same provider. [11:39] schestowitz__ " [11:51] schestowitz__ thought: if we were to use dynamic dns with hostname/domain, we'd not at all have to go with a subsite address... or have another address as an alias of gemini.techrights.org though I don't think agate can deal with multiple address, as it does not "self-identify" as multiples [11:53] Techrights-sec Does agate neet the A name? You can set the cert for the CNAME, possiibly [11:56] Techrights-sec The idea behind the Dynamic DNS is that it takes care of the A anem [11:56] Techrights-sec then the CNAME points to the A name [11:56] Techrights-sec so all our services and certs use the CNAME [11:56] Techrights-sec It hides the changing of the IP number nicely [11:56] schestowitz__ yes [11:57] schestowitz__ I have just tinkered a bit with agate, to no avail, and am waiting for the webhost to reply ● Feb 11 [12:03] schestowitz__ dyn is 55 bucks a year [12:03] schestowitz__ and dskreport no longer seems to provide this kind of service [12:04] schestowitz__ by that sort of price list it would be cheaper to just register a domain for gopher/gemini/other alone, set aside the subdomain (as this whole thing might involve a registration anyway) [12:11] schestowitz__ turns out there's no public .gopher address or .gemini domains [12:16] schestowitz__ gemini.techrights.org. 14400 IN CNAME [12:16] schestowitz__ host81-154-168-60.range81-154.btcentralplus.com [12:17] schestowitz__ All configs updated now in agate, but I still get the same error message, even when it's a cname with domain from BT instead of IP [12:21] Techrights-sec that's ok tld changes are stupid [12:22] Techrights-sec the host name can carry the service title if needed [12:22] Techrights-sec otherwise it gets sorted by port [12:22] schestowitz__ with gemini.techrights,org now being a cname entry, can you figure out with me what goes wrong and why? [12:22] Techrights-sec (oops the editor is not in this window) [12:30] schestowitz__ This one has a flatpak btw https://gmi.skyjake.fi/lagrange/ [12:30] -TechrightsBN/#boycottnovell-gmi.skyjake.fi | Lagrange [12:31] Techrights-sec ;; ANSWER SECTION: [12:31] Techrights-sec foo.ddns.net. 60 IN A 80.220.103.250 [12:31] Techrights-sec gemini.techrights.org. 60 IN CNAME foo.ddns.net [12:31] Techrights-sec That's kindof how it should look later when we have some kind of dynamic dns [12:31] Techrights-sec that would be from No_IP in the above example (faked for demo purposes) [12:31] Techrights-sec lagrane is a client if I read correctly [12:31] schestowitz__ yes, it is, as the others are rust or C# or worse [12:33] schestowitz__ can we not bypass the ddclient part for testing purposes and if not, do we know for sure it would work ok with ddclient? [12:37] Techrights-sec yes ddclient can be bypassed, but the A name needs to point at an IP number [12:37] Techrights-sec then the CNAME 'gemini.techrights.org' needs to point at that A name. [12:37] Techrights-sec Then it will be set up to drop in a dynamic dns serivce. [12:37] Techrights-sec and the certificat should be able to work off of the CNAME [12:38] schestowitz__ this is proving to be harder than the setup of the server, I wonder if we can swap " foo.ddns.net" (in the example above) for the time being? [12:42] Techrights-sec 'foo.ddns.net' can be 'temporary.techrights.org' or something like that. [12:42] schestowitz__ I have just done that using home.techrights.org and it still fails to connect from amfora :( [12:45] Techrights-sec how is the cert set up? It should then be built around the new CNAME [12:45] schestowitz__ I even tried to change the cert to home.techrights.org [12:45] schestowitz__ and to access that domain over gemini [12:46] schestowitz__ the host just came back to me, saying they do not do dynamic dns [12:47] schestowitz__ if we ever move the whole thing to the server, which has a static IP, then we won't need dynamic dns services at all [12:47] schestowitz__ (afaik) [12:48] Techrights-sec how is the cert set up? It should then be built around the new CNAME [12:48] Techrights-sec ExecStart=/home/gemini/bin/agate.armv7-unknown-linux-gnueabihf -s --content /home/gemini/gemini/ --key /home/gemini/certs/key.pe [12:48] Techrights-sec m --cert /home/gemini/certs/cert.pem --hostname host81-154-168-60.range81-154.btcentralplus.com --lang en-GB [12:49] schestowitz__ oh. I forgot it is hard-coded there too. [12:50] schestowitz__ side note/ot: re dynamic ip, if I go on holiday and fear losing ssh access for ip hops at router level I have some workaround, like the machine writing its ip to somewhere I can access from anywhere [12:52] schestowitz__ THIS IS SOLVED NOW!!! \0/ [12:53] schestowitz__ and it gives a layer of indirection at home.techrights.org, which is where for now I need to keep my IP up to date (won't take more than a minute, in case the hub resets itself) [12:59] Techrights-sec next step would be the index files for Gemini. I am working on that [12:59] Techrights-sec The article conversion is ok, but I don't see a way to browse empty directories [12:59] Techrights-sec over the net. [12:59] Techrights-sec Yes! [12:59] Techrights-sec It works from here too. ● Feb 11 [13:00] schestowitz__ I am going to do a raspi video and gemini video later, still recovering mentally from the TM incident this morning and at least we managed to get gemini.techrights.org running [13:00] Techrights-sec yes, the CNAM should go there too [13:02] Techrights-sec that's progress [13:03] schestowitz__ and we now know what happens when TM runs out of space, even in /tmp (I will need to internalise this as it happened years ago and I could not remember the diagnosis) [13:04] schestowitz__ (sorry for the wrong pastes, they're also redacted/sanitised a bit as it might help other people set up gemini capsules... there's VERY scarce documentation about it online [13:08] schestowitz__ For the time being I have removed ddclient from the pi, seeing that when you set it up it has a wizard for doing all the configs and we might want to use that wizard later. Since new hub was installed no disconnected (yet) [13:08] Techrights-sec yes, there's scarce documentation because it is in the early stages [13:08] Techrights-sec if it takes off TR will be in very early too [13:09] Techrights-sec It'll be interesting to hear if Catalyst2 has a dynamic service available [13:09] schestowitz__ As I mentioned earlier, they said no, will fwd you the mail [13:09] schestowitz__ then, mind me adding some ascii art to main index? [13:10] Techrights-sec Sure, format it as you wish and I will incorporate it into the script [13:11] schestowitz__ just to be sure, do you get a blank page if entering over www the address gemini.techrights.org? Because to me it gives HUB SETTINGS and I took remote screen grabs of the address just to be sure it shows nothing dodgy to people outside our LAN. [13:12] schestowitz__ 200 is OK for one page, depending on the gemini client used (amfora is ok with a dozen links or less) [13:12] Techrights-sec Bulletin for Saturday, February 06, 2021 [13:12] Techrights-sec That's the first line [13:13] Techrights-sec There are around 200 articles last month, probably on pace with other [13:13] Techrights-sec months perhaps that is too long for all in one page? [13:15] schestowitz__ " [13:15] schestowitz__ Hi Roy, [13:15] schestowitz__ I've checked this with management and i'm afraid we do not support dynamic DNS. Sorry. There's a fair few free ones that might be of use - https://www.ionos.co.uk/digitalguide/server/tools/free-dynamic-dns-providers-an-overview/ [13:15] -TechrightsBN/#boycottnovell-www.ionos.co.uk | Free DynDNS | Best free dynamic DNS services - IONOS [13:15] schestowitz__ Best regards [13:15] schestowitz__ " [13:18] schestowitz__ when you ssh the pi, assuming I keep the records up to date, there's now a domain (updated manually) instead of ip [13:20] Techrights-sec Ah, thanks for the remininer, I'll fix my ssh_config file [13:21] schestowitz__ to avoid conflicting edits, how are you generating links list for the main index? [13:30] Techrights-sec The main index was done by hand. I have not an idea about how that one should [13:30] Techrights-sec be generated. Maybe just the last week's worth plus links to the various months in reverse chronological order? [13:30] schestowitz__ I can do one by piping find into sed and grep, then make it sort of dynamic, with some cron job adding more articles periodically and then another cron job listing the latest? [13:31] Techrights-sec I'm slowly making one which populates the lower directories. [13:31] schestowitz__ oh, comms important here, to avoid duplicate effort [13:32] Techrights-sec It can be extended to include the main index, too. [13:32] schestowitz__ flatfak of bloated[rant[ [13:32] schestowitz__ flatpak of bloated[rant] [13:32] schestowitz__ flatpak install /home/roy/Desktop/Text_Workspace/images/fi.skyjake.Lagrange.flatpakref [13:33] schestowitz__ almost half a gig to download to install some trash [13:33] Techrights-sec One question is how to keep it in sync. Is a 0-24 hour lag ok? [13:35] Techrights-sec I would avoid flatpak [13:35] Techrights-sec same for snaps [13:35] Techrights-sec I tried snaps but they accumulate cruft. Old updates never went away [13:35] Techrights-sec and filled up the HD [13:36] schestowitz__ I had MANY reservations about this, but I DO need a GUI front end to test with... and all the others are potentially worse, like compiling from source, which I hate doing as it means installing devtools, debugging etc. [13:37] schestowitz__ re update lags, those are modifiable, we can start 24 hrs apaet [13:37] schestowitz__ *apart [13:39] schestowitz__ LOL!!!!! IBM!!!! [13:39] schestowitz__ Lagrange: A Beautiful Gemini Client [13:39] schestowitz__ [the_Foundation] version: 1.0.0 cstd:201112 [13:39] schestowitz__ [the_Foundation] locale: en_GB.UTF-8 [13:39] schestowitz__ SDL init failed: Could not connect to PulseAudio [13:40] schestowitz__ After letting it install half a gig (!) of unspecified crap on my system!! [13:40] schestowitz__ "sorry man!!! Can't use gemini to suft the web without a lousy audio stack of LP!! Try another media player man!!" [13:41] Techrights-sec ok, sounds good [13:41] Techrights-sec ewww [13:41] Techrights-sec While you're in the Rpi, can you please add libpath-iterator-rule-perl to the [13:41] Techrights-sec system? [13:41] schestowitz__ installed [13:41] Techrights-sec It's probably tied to systemd too [13:41] Techrights-sec (the lagrange client, that is) [13:42] schestowitz__ buster already comes with systemd regardless [13:43] schestowitz__ " [13:43] schestowitz__ are not in the search path set by the XDG_DATA_DIRS environment variable, so [13:43] schestowitz__ applications installed by Flatpak may not appear on your desktop until the [13:43] schestowitz__ session is restarted. [13:43] schestowitz__ " [13:43] schestowitz__ !!! [13:43] schestowitz__ IBM(R) Windows(TM) [13:47] schestowitz__ "Never mind, issue resolved when PC was rebooted." https://github.com/flathub/org.signal.Signal/issues/122 [13:47] -TechrightsBN/#boycottnovell-github.com | Unable to allocate instance id Issue #122 flathub/org.signal.Signal GitHub [13:47] schestowitz__ Windows [13:52] schestowitz__ Turns out there are some Android clients https://en.wikipedia.org/wiki/Gemini_(protocol)#Software [13:52] -TechrightsBN/#boycottnovell-en.wikipedia.org | Gemini (protocol) - Wikipedia [13:53] schestowitz__ This graph says it shot up from almost nothing to a quarter million last year alone https://en.wikipedia.org/wiki/Gemini_space [13:53] -TechrightsBN/#boycottnovell-en.wikipedia.org | Gemini space - Wikipedia [13:53] Techrights-sec Good, Android, despite its problems, is a very large market. [13:56] schestowitz__ I'm thinking, I can work on linking to the static text objects (bulletins and IRC as text) while you focus on articles as gemini, to avoid conflicting/overlapping work ● Feb 11 [15:58] schestowitz__ we now have about 1,000 pages at 100MB of disk space for that part, so given the size of the DB, sans markup, we're probably looking at a few GBs for the whole site, excluding multimedia and old IRC logs (before we has text versions of them) ● Feb 11 [16:16] *asusbox2 (~rianne@2a00:23c4:c3aa:7d01:f203:8cff:fe93:1f55) has joined #boycottnovell [16:16] *asusbox has quit (Ping timeout: 240 seconds) [16:16] *schestowitz (~schestowi@unaffiliated/schestowitz) has joined #boycottnovell [16:16] *ChanServ gives channel operator status to schestowitz [16:16] *schestowitz__ has quit (Ping timeout: 264 seconds) [16:16] *Techrights-sec has quit (Ping timeout: 272 seconds) [16:16] *Techrights-sec (~quassel@2a00:23c4:c3aa:7d01:c5ee:dc42:6b82:466) has joined #boycottnovell ● Feb 11 [17:27] schestowitz x https://cio.economictimes.indiatimes.com/news/corporate-news/india-sees-improvement-in-online-civility-score-in-2020-microsoft-study/80787768\ [17:27] -TechrightsBN/#boycottnovell-cio.economictimes.indiatimes.com | CIO News | Enterprise IT, Enterprise Technology, Tech Industry News - ET CIO [17:27] schestowitz x https://cio.economictimes.indiatimes.com/news/corporate-news/india-sees-improvement-in-online-civility-score-in-2020-microsoft-study/80787768 [17:27] -TechrightsBN/#boycottnovell-cio.economictimes.indiatimes.com | India sees improvement in online civility score in 2020: Microsoft study, IT News, ET CIO [17:28] schestowitz Microsoft?! [17:28] schestowitz wth? [17:29] schestowitz https://www.bloomberg.com/news/articles/2021-02-11/vw-microsoft-extend-collaboration-to-self-driving-car-software?srnd=technology-vp [17:29] -TechrightsBN/#boycottnovell-www.bloomberg.com | VW, Microsoft Extend Collaboration to Self-Driving Car Software - Bloomberg ● Feb 11 [23:46] *acer-box__ has quit (Remote host closed the connection) [23:46] *acer-box (~acer-box@2a00:23c4:c3aa:7d01:7983:1d09:cdd2:6fb2) has joined #boycottnovell [23:46] *acer-box has quit (Changing host) [23:46] *acer-box (~acer-box@unaffiliated/schestowitz) has joined #boycottnovell [23:46] *ChanServ gives channel operator status to acer-box