Join us now at the IRC channel.
schestowitz | This is total nonsense. “It is no secret that the headquarters of UPC in Paris, London and Munich are ready to start their case-law activity.” What? They cannot legally. This ignores reality! | Apr 12 03:10 |
---|---|---|
schestowitz | https://www.jwp-poland.com/europe-decides-the-fate-of-the-unified-patent-court/ | Apr 12 03:10 |
-TechBytesBot/#techbytes-www.jwp-poland.com | Europe decides the fate of the Unified Patent Court | JWP | Apr 12 03:10 | |
schestowitz | https://twitter.com/jovinosumicity/status/1249140323290406912 | Apr 12 03:10 |
-TechBytesBot/#techbytes-@jovinosumicity: @schestowitz based in opencv? | Apr 12 03:10 | |
schestowitz | https://twitter.com/experimancer/status/1249137139436191744 | Apr 12 03:10 |
-TechBytesBot/#techbytes-@experimancer: @schestowitz @LlnuxBot amazing - how? | Apr 12 03:10 | |
schestowitz | https://twitter.com/wendycockcroft/status/1248990729701068801 | Apr 12 03:11 |
-TechBytesBot/#techbytes-@wendycockcroft: @schestowitz @jack Then what do you mean by "disinformation"? He's not exactly creating false content, is he? | Apr 12 03:11 | |
schestowitz | the whole construct encourages bad data | Apr 12 03:11 |
schestowitz | https://twitter.com/jrobertson/status/1248951346276884480 | Apr 12 03:12 |
-TechBytesBot/#techbytes-@jrobertson: Because few young students have been entering the field, the corps of about 100,000 licensed technicians has been—l… https://t.co/W59ePz4LRg | Apr 12 03:12 | |
-TechBytesBot/#techbytes-@jrobertson: Because few young students have been entering the field, the corps of about 100,000 licensed technicians has been—l… https://t.co/W59ePz4LRg | Apr 12 03:12 | |
schestowitz | "Because few young students have been entering the field, the corps of about 100,000 licensed technicians has been—like the reactors themselves—rapidly aging while declining in numbers. Work has stopped at the last two US reactors under construction | Apr 12 03:12 |
schestowitz | https://twitter.com/2Fflandro/status/1248926879240859648 | Apr 12 03:12 |
-TechBytesBot/#techbytes-@2Fflandro: @schestowitz I am a frontline worker. It is all Balderdash & Ballyhoo !!!% | Apr 12 03:12 | |
schestowitz | https://twitter.com/charlespinion/status/1248910736186736641 | Apr 12 03:13 |
-TechBytesBot/#techbytes-@charlespinion: @schestowitz I seem to recall Dick Cheney’s Gulf War administration was all about the no-bid contracts too. | Apr 12 03:13 | |
*TechBytesBot has quit (Ping timeout: 256 seconds) | Apr 12 03:54 | |
*TechBytesBot (~b0t@199.19.78.19) has joined #techbytes | Apr 12 04:09 | |
TechBytesBot | Hello World! I'm TechBytesBot running phIRCe v0.75 | Apr 12 04:09 |
schestowitz | Re: Are you wondering why so few postings lately... | Apr 12 04:20 |
schestowitz | > I guess I didn't tell you xxxx was hospitalized for 10 days.She is home now and getting back to normal, thankfully. At first they thought she had a heart attack but a catheterization showed her arteries were all clear. Turned out be anemia (which can mimic a heart attack on an E.K.G.) caused by a mal function of her auto-immune system. She got transfusions and is receiving a series of 4 infusions by IV Drip of a drug to correct the | Apr 12 04:20 |
schestowitz | immune system malfunction. She is doing better than expected and all is well. Me? I turned into Mr. Mom as a cook and housekeeper, but I don’t mind at all. | Apr 12 04:20 |
schestowitz | > | Apr 12 04:20 |
schestowitz | > xxxx gave me an A+ when she got home from the hospital, but I can’t wait until she gets back to normal. | Apr 12 04:20 |
schestowitz | > | Apr 12 04:20 |
schestowitz | I wondered lately how safe Florida would be from COVID, but this did not cross my mind. | Apr 12 04:21 |
schestowitz | I think a lot of people write a lot less lately, even if they have time off work (if they even are employed any longer). | Apr 12 04:21 |
schestowitz | Send my wishes of full recovery!! | Apr 12 04:21 |
schestowitz | It's a good think you did a cruise before this whole sector goes bust. | Apr 12 04:21 |
schestowitz | https://joindiaspora.com/posts/17749466#ccd798105e180138d42c08002785b8a8 | Apr 12 04:21 |
-TechBytesBot/#techbytes-@linux@joindiaspora.com: EndeavourOS: Our next release is nearing its due date http://www.tuxmachines.org/node/136257 | Apr 12 04:21 | |
-TechBytesBot/#techbytes--> www.tuxmachines.org | EndeavourOS: Our next release is nearing its due date | Tux Machines | Apr 12 04:21 | |
schestowitz | " | Apr 12 04:21 |
schestowitz | Apr 12 04:21 | |
schestowitz | #deletegithub though | Apr 12 04:21 |
schestowitz | " | Apr 12 04:21 |
schestowitz | https://joindiaspora.com/posts/17749466#ccd798105e180138d42c08002785b8a8 | Apr 12 04:22 |
schestowitz | "i like chandran, hes a librarian. im very cynical about debian, so im expecting carter, who i already dislike, or gupta, who is all about the "cloud" and wants to create new foundations (as in orgs) related to debian. and money. nothings more fun than money lately-- nazi business machines just bought outreachy for 50,000. fun times. ive entirely given up on debian, its a completely corporate project now. so i dont even fucking care who | Apr 12 04:22 |
schestowitz | gets in. but usually i could tell you who i like the least, so i can assume it will be them. i didnt like hartman, and he sucked. kudos to hartman, i think he realised it." | Apr 12 04:22 |
schestowitz | "shes." | Apr 12 04:22 |
schestowitz | >>> Bill appears to be running a major PR campaign now. One of the purposes | Apr 12 04:43 |
schestowitz | >>> seem to to be to try to associate criticism with cranks. | Apr 12 04:43 |
schestowitz | >>> | Apr 12 04:43 |
schestowitz | >>> No telling how long his PR campaign is going to run or what his specific | Apr 12 04:43 |
schestowitz | >>> goals are now, but he is in politics not tech. | Apr 12 04:43 |
schestowitz | >> In 2016, according to podesta emails, they wants to run him as VP with | Apr 12 04:43 |
schestowitz | >> Clinton. | Apr 12 04:43 |
schestowitz | >> | Apr 12 04:43 |
schestowitz | >> Don't get me even thinking about it.... | Apr 12 04:43 |
schestowitz | > For 2020 Biden will probably try to run with Klobuchar or Kamala Harris. | Apr 12 04:43 |
schestowitz | > He won't choose Warren because of Wall Street. However, the 2024 | Apr 12 04:43 |
schestowitz | > season has already started. :( | Apr 12 04:43 |
schestowitz | Zuck-Gates 2014: make 1984 Great Again. | Apr 12 04:43 |
*TechBytesBot has quit (Ping timeout: 256 seconds) | Apr 12 04:47 | |
schestowitz | > waiting several days for an article to be published sucks. | Apr 12 04:47 |
schestowitz | > | Apr 12 04:47 |
schestowitz | > its one thing, to be certain, if thats because of other work getting in the way. its another if email is simply ignored for days. | Apr 12 04:47 |
schestowitz | > | Apr 12 04:47 |
schestowitz | > you can do this however you want, but im not a fan of this "several days" policy. surely theres some kind of compromise about this that doesnt require popping into irc. i urge you to consider one. as to other email getting ignored for days, i dont have any strong feelings about that, but irc is far from an ideal substitute-- this is going to make some good people unhappy. or i could be wrong. personally im not thrilled. all the best. | Apr 12 04:47 |
schestowitz | I've just opened e-mail for the first time in almost 2 days. This is an experiment. I am not saying it's a permanent thing, it's partly due to Easter. | Apr 12 04:47 |
schestowitz | Thanks for this feedback. You make some legitimate points, I'll take those into account. | Apr 12 04:47 |
schestowitz | Now I'll check the older messages I missed. | Apr 12 04:47 |
schestowitz | > congrats on your migration. ive sent you an article, considering that you were involved in a large project (which i assume we will hear more about, which i will likely find interesting) i figure you probably did get it, or have it, but i thought id let you know its in your email just to be sure. | Apr 12 04:49 |
schestowitz | > | Apr 12 04:49 |
schestowitz | > i wasnt planning to write more about the subject this soon, but it happened. i hope youll like the article. cheers! | Apr 12 04:49 |
schestowitz | Cheers. | Apr 12 04:49 |
schestowitz | One of the reasons I only experiment with checking mail not every day is that I don't know what sort of time-sensitive message I might get. | Apr 12 04:49 |
schestowitz | Turns out I was wrong; there are messages I DO need to get on the day! | Apr 12 04:49 |
schestowitz | So f* it, I'll go back to reading mail every day. | Apr 12 04:49 |
schestowitz | "for publication in several days" | Apr 12 04:49 |
*TechBytesBot (~b0t@199.19.78.19) has joined #techbytes | Apr 12 04:58 | |
TechBytesBot | Hello World! I'm TechBytesBot running phIRCe v0.75 | Apr 12 04:58 |
*TechBytesBot has quit (Remote host closed the connection) | Apr 12 05:51 | |
*TechBytesBot (~b0t@199.19.78.19) has joined #techbytes | Apr 12 05:52 | |
TechBytesBot | Hello World! I'm TechBytesBot running phIRCe v0.75 | Apr 12 05:52 |
schestowitz | > Only what I sent earlier. | Apr 12 06:07 |
schestowitz | > | Apr 12 06:07 |
schestowitz | > I see that there is not enough space on /home/ for a symlink of the | Apr 12 06:07 |
schestowitz | > ibdata1 file though. | Apr 12 06:07 |
schestowitz | You can delete a bunch of old backups, except the very latest. | Apr 12 06:07 |
schestowitz | They're on ~/ and ~/archives IIRC | Apr 12 06:07 |
schestowitz | We'll have 15GB free on /home is we delete/empty these 5 files on /home | Apr 12 06:12 |
schestowitz | This excludes the latest successful backup, from 11th of April | Apr 12 06:12 |
schestowitz | > | Apr 12 06:14 |
schestowitz | > They're on ~/ and ~/archives IIRC | Apr 12 06:14 |
schestowitz | > | Apr 12 06:14 |
schestowitz | They're all only about 330M each. Deleting them all would not give | Apr 12 06:14 |
schestowitz | enough space. :( | Apr 12 06:14 |
*schestowitz has quit (Read error: Connection reset by peer) | Apr 12 06:34 | |
*schestowitz (~schestowi@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 06:34 | |
-NickServ-schestowitz!~schestowi@host81-154-172-215.range81-154.btcentralplus.com has just authenticated as you (schestowitz) | Apr 12 06:34 | |
*schestowitz has quit (Changing host) | Apr 12 06:34 | |
*schestowitz (~schestowi@unaffiliated/schestowitz) has joined #techbytes | Apr 12 06:34 | |
schestowitz | I've meanwhile noticed that I cannot log in (back end) to WordPress. previously when that happened it meant the wp_users table needed repairing. | Apr 12 06:35 |
schestowitz | My guess is that we need to run a DB repair again when the whole thing is done. | Apr 12 06:35 |
schestowitz | Upside is, all the posts in WP seem to be in tact and up to date. | Apr 12 06:35 |
schestowitz | The same is true for the wiki; I cannot see any issues there. | Apr 12 06:35 |
schestowitz | The response was empty, maybe by accident, and sent to another email address of mine | Apr 12 06:38 |
schestowitz | > Yes, I'm running a diff now just to be sure. Then I will rename ibdata1 | Apr 12 07:37 |
schestowitz | > and make a symlink to the new location and then start the mariadb daemon | Apr 12 07:37 |
schestowitz | > and then try the rebuild. It that works it might buy us a few days... | Apr 12 07:37 |
schestowitz | About 10% of /var was was still available tat night. I typically empty httpd logs on Sundays, which brings that up to around 16% free. | Apr 12 07:37 |
schestowitz | So I think it was not the repair process that was horrific but the double repair (without resume) that drained out /var | Apr 12 07:37 |
schestowitz | But either way, for quite some time we had been scraping the bottom of that partition, pending migration to something more modern. Without help from the person who set up the HV and Apline (he's back in Alpine development BTW!) I'd feel reluctant to set up any new VMs, at the very least for lack of experience. That would likely need another IP address as well (for testing the new OS). | Apr 12 07:37 |
schestowitz | It looks like you have put mysqld back up and might be rebuilding at the moment, based on top. Let's hope it all goes well and I can publish what I have in draft later today. I'm back to work no sooner than tomorrow. | Apr 12 07:37 |
schestowitz | Remember that today's backups were timed around the downtime, so if the rebuilding is done successfully, it's work running today's dumps manually (it's in my TODO), at the very least to compare dump sizes. Also for data safety. I've not done offsite backups for months. I've just put "offsite backups" in my TODO list. | Apr 12 07:37 |
schestowitz | [root@techrights tmp_mariadb]# ls -la | Apr 12 07:39 |
schestowitz | total 15748060 | Apr 12 07:39 |
schestowitz | drwxrwxr-x. 2 boycottn boycottn 21 Apr 12 06:15 . | Apr 12 07:39 |
schestowitz | drwxr-xr-x. 31 boycottn boycottn 8192 Apr 12 05:44 .. | Apr 12 07:39 |
schestowitz | -rw-rw----. 1 mysql mysql 16125001728 Apr 12 06:38 ibdata1 | Apr 12 07:39 |
schestowitz | ibdata1 is expanding on /home | Apr 12 07:39 |
schestowitz | Just to be on the safe side I will purge some more older backups. | Apr 12 07:39 |
schestowitz | > Yes, I'm running a diff now just to be sure. Then I will rename ibdata1 | Apr 12 07:43 |
schestowitz | > and make a symlink to the new location and then start the mariadb daemon | Apr 12 07:43 |
schestowitz | > and then try the rebuild. It that works it might buy us a few days... | Apr 12 07:43 |
schestowitz | I freed up some more space. | Apr 12 07:43 |
schestowitz | /dev/mapper/sysvg-home 54466560 48388872 6077688 89% /home | Apr 12 07:43 |
schestowitz | Let's just remember that to complete the nightly backups we need about 8+ GB free on /home, until the gzip completes. | Apr 12 07:43 |
schestowitz | I am guessing that at the end it might be possible to move the large file into /var and maybe compact that. If not, we'll figure something out.... | Apr 12 07:43 |
schestowitz | Just an observation: over the past few minutes the file has not been growing further. | Apr 12 07:52 |
schestowitz | Without knowing storage engine internals I can only make guesses about the causes, but this expansion by several GBs at the start might explain why we ran into issues on /var | Apr 12 07:52 |
schestowitz | I am guessing it's a sort of log/journal file and the failed first rebuild attempt left some cruft in place, necessitating a growth that /var could not accommodate | Apr 12 07:52 |
schestowitz | I am just guessing | Apr 12 07:53 |
schestowitz | Last year we discussed how we can reduce the size of this file, but I guess moving to another (new) VM made that go down the list of priorities. | Apr 12 07:53 |
schestowitz | PS - as I finish typing this home is still with the same amount of disk space: | Apr 12 07:53 |
schestowitz | /dev/mapper/sysvg-home 54466560 48486216 5980344 90% /home | Apr 12 07:53 |
schestowitz | I flushed out previous months' tuxmachines backups from ~/archives and when we're all done I'll make offsite backups. I also need to backup my laptop -- been 2 weeks! Easter should be backup holiday. | Apr 12 07:53 |
schestowitz | > I think reinstalling mariadb with a new configuration regading ibdata1 | Apr 12 07:55 |
schestowitz | > might be the way to go. | Apr 12 07:55 |
schestowitz | ...alternatively, installing it afresh, a new version of it as well, on a new OS. | Apr 12 07:55 |
schestowitz | I guess I can see why many large sites like Linux Journal and INQUIRER shut down. They become a lot to maintain when people no longer produce any new stuff anyway. | Apr 12 07:55 |
schestowitz | Thankfully, we're not doing this for money. So all the time and effort put it are not billable; we're all volunteers. | Apr 12 07:55 |
schestowitz | >> Let's just remember that to complete the nightly backups we need about | Apr 12 08:00 |
schestowitz | >> 8+ GB free on /home, until the gzip completes. | Apr 12 08:00 |
schestowitz | >> | Apr 12 08:00 |
schestowitz | >> I am guessing that at the end it might be possible to move the large | Apr 12 08:00 |
schestowitz | >> file into /var and maybe compact that. If not, we'll figure something | Apr 12 08:00 |
schestowitz | >> out.... | Apr 12 08:00 |
schestowitz | >> | Apr 12 08:00 |
schestowitz | > I think reinstalling mariadb with a new configuration regading ibdata1 | Apr 12 08:00 |
schestowitz | > might be the way to go. | Apr 12 08:00 |
schestowitz | ps -o stime,time 17358 | Apr 12 08:00 |
schestowitz | STIME TIME | Apr 12 08:00 |
schestowitz | 06:30 00:03:05 | Apr 12 08:00 |
schestowitz | If I am reading this correctly, 20 minutes from now rebuilding can be roughly finished and then we'll see if all tables are in tact and put back the site with the file still lodged under /home | Apr 12 08:00 |
schestowitz | Considering its current size, until it 'self-compacts' at the end, it won't fit under /var again | Apr 12 08:00 |
schestowitz | -rw-rw----. 1 mysql mysql 17064525824 Apr 12 06:55 ibdata1 | Apr 12 08:00 |
schestowitz | /dev/mapper/sysvg-var 17766400 17394476 371924 98% /var | Apr 12 08:00 |
schestowitz | So the partition as a whole is only 700MB larger than the file, assuming it stays this size. Last year we read about how to compact it but never attempted anything in practice. I am guessing a backup, flush, and restore from the backups is one way to keep these leaner, but I am not sure. And not sure we want to try, either... | Apr 12 08:00 |
schestowitz | # M$ appologist | Apr 12 08:42 |
schestowitz | x https://lbry.tv/@Lunduke:e/is-google-the-new-microsoft-and:5 | Apr 12 08:42 |
-TechBytesBot/#techbytes-lbry.tv | Is Google the new Microsoft and Microsoft the new Google? | Apr 12 08:42 | |
schestowitz | Did /var running out of space contribute to complications? Also, do we need the older 14GB in there while attempting to rebuild? Shall I make offsite backups just in case? | Apr 12 08:48 |
schestowitz | >> Did /var running out of space contribute to complications? Also, do we | Apr 12 08:56 |
schestowitz | >> need the older 14GB in there while attempting to rebuild? Shall I make | Apr 12 08:56 |
schestowitz | >> offsite backups just in case? | Apr 12 08:56 |
schestowitz | > | Apr 12 08:56 |
schestowitz | > It would be good to make the off site backups. | Apr 12 08:56 |
schestowitz | > | Apr 12 08:56 |
schestowitz | > The repair still uses /var, which has filled up again. The whole VM | Apr 12 08:57 |
schestowitz | > passed the stage where I would have preferred to do a fresh | Apr 12 08:57 |
schestowitz | > re-installation back last August. | Apr 12 08:57 |
schestowitz | OK, let us not worry about the downtime at the moment. | Apr 12 08:57 |
schestowitz | Do you think that if we put mysqld back up and then make a DB dump it will avoid some of these issues? | Apr 12 08:57 |
schestowitz | I mean, when you accidentally put that up earlier it seemed to be up to date, even if read-only. | Apr 12 08:57 |
schestowitz | Of course we'd need to make space on /var first | Apr 12 08:57 |
schestowitz | I'm thinking, let's try to get a working dump of all the DBs first, bearing in mind /home will need more space to accommodate these. | Apr 12 08:57 |
schestowitz | Do you think it's doable to recover from latest/current version? | Apr 12 08:57 |
schestowitz | Should I prepare for the worst and assume we'll need to restore from a day-old dumb for each DB? Should I make copies from Google Cache? I'd rather not, it would be a lot of work. | Apr 12 08:57 |
schestowitz | Do we know how to set up a new VM? Or should we update the existing one 'in place'? | Apr 12 08:57 |
schestowitz | Let's discuss without panicking about uptime for now. | Apr 12 08:57 |
*liberty_box has quit (Ping timeout: 258 seconds) | Apr 12 09:18 | |
*rianne has quit (Ping timeout: 260 seconds) | Apr 12 09:18 | |
*liberty_box (~liberty@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 10:02 | |
*rianne (~rianne@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 10:02 | |
schestowitz | "z I can probably work on it this week to move it to containers"" | Apr 12 10:03 |
schestowitz | https://pleroma.site/notice/9txjp77h4ag8EEeC3s | Apr 12 10:03 |
schestowitz | sounds great, thanks so much! | Apr 12 10:03 |
-TechBytesBot/#techbytes-pleroma.site | Pleroma | Apr 12 10:03 | |
schestowitz | >> With a new setup we might want to turn off cron jobs initially (not | Apr 12 11:05 |
schestowitz | >> predictable) and deal with the site slowness when doing backups. | Apr 12 11:05 |
schestowitz | >> | Apr 12 11:06 |
schestowitz | > Probably a good idea to turn them off until things settle. | Apr 12 11:06 |
schestowitz | I will do this now as best I can knowing that the daily backups alone would cause /home to run out of space.... | Apr 12 11:06 |
schestowitz | Quick thought, what if we left the current VM in place just for IRC (bots, logging, /home/Links etc.) while keeping a new techrights site container separate from all those things? Would the HV 'know' how to manage the CPU cores and RAM so as to not make it a wasteful instance? Also, we can reduce the amount of RAM/CPU allocated to this VM. | Apr 12 11:06 |
schestowitz | Upsides/downsites? Maybe we can also use it for off-container backups of sorts, knowing it already picks up dumps from tuxmachines. In terms of disk space, this VM does not take up much.... | Apr 12 11:06 |
schestowitz | If it doesn't run httpd then I support it's also less vulnerable and can be accessed-limited, e.g. based on ports. | Apr 12 11:06 |
schestowitz | I never fancied the idea of running so much non-Web site stuff on a VM designed primarily for the site. | Apr 12 11:06 |
schestowitz | >> "Funtoo is based on systemd though it offers OpenRC as an alternative." | Apr 12 11:14 |
schestowitz | > | Apr 12 11:14 |
schestowitz | > so it turns out, funtoo is based on openrc and portage. so that could bring the 62% systemd to 61% (or 61.5, .7 or something) but openrc is still github-based (though i guess theyre working on a true fork) and portage is still based on cpython-- perhaps it could work with pypy. | Apr 12 11:14 |
schestowitz | > | Apr 12 11:14 |
schestowitz | > this doesnt move funtoo out of the problem zone, but the details DO matter. its good to know. i thought it was pretty odd that a gentoo-based distro used systemd in the first place. | Apr 12 11:14 |
schestowitz | Today is crazy wrt the site. We'll be back online with a better OS soon... | Apr 12 11:15 |
*liberty_box has quit (Ping timeout: 240 seconds) | Apr 12 11:23 | |
*rianne has quit (Ping timeout: 264 seconds) | Apr 12 11:23 | |
*rianne (~rianne@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 11:29 | |
*liberty_box (~liberty@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 11:29 | |
schestowitz | GNU nano 2.3.1 File: index.html | Apr 12 11:35 |
schestowitz | <h3>Down for upgrades and OS migration</h3> | Apr 12 11:35 |
schestowitz | <p align="center"> | Apr 12 11:35 |
schestowitz | <img src="https://i.giphy.com/media/wW95fEq09hOI8/giphy.webp" alt="" width="480" /> | Apr 12 11:35 |
schestowitz | </p> | Apr 12 11:35 |
schestowitz | <h5>Back soon,</h5> | Apr 12 11:35 |
schestowitz | Techrights Team | Apr 12 11:35 |
schestowitz | x https://futurism.com/neoscope/bill-gates-pandemic-every-20-years | Apr 12 11:47 |
-TechBytesBot/#techbytes-futurism.com | Bill Gates: There’s Gonna Be a Pandemic “Every 20 Years or So” | Apr 12 11:47 | |
schestowitz | # bill sez; more pr campaign | Apr 12 11:47 |
schestowitz | > Google only has some links cached. The EPO wiki seems not to be one of> them. | Apr 12 12:10 |
schestowitz | That's OK, the changes are very minor anyway -- a few lines! ;-) | Apr 12 12:10 |
schestowitz | >> I will be online and will do my best. Would like to know thoughts on | Apr 12 12:10 |
schestowitz | >> keeping the existing VM for 'utils'... (IRC, Links etc.) | Apr 12 12:10 |
schestowitz | > I'd say keep them for a while after the migration, until the new site | Apr 12 12:10 |
schestowitz | > has been backed up and the backups tested. Thereafter they should be | Apr 12 12:10 |
schestowitz | > deleted to save space and reduce confusion. | Apr 12 12:10 |
schestowitz | Yes, we shall see. That machine would need to be assigned another IP address as well if it stays for a while -- one of several reasons I need kaniini around. | Apr 12 12:10 |
schestowitz | >> <h3>Down for upgrades and OS migration</h3> | Apr 12 12:10 |
schestowitz | > Excellent. | Apr 12 12:10 |
schestowitz | > | Apr 12 12:10 |
schestowitz | >> <p align="center"> | Apr 12 12:10 |
schestowitz | >> <img src="https://i.giphy.com/media/wW95fEq09hOI8/giphy.webp" alt="" | Apr 12 12:10 |
schestowitz | > [snip] | Apr 12 12:11 |
schestowitz | > | Apr 12 12:11 |
schestowitz | > Best to always use a local image. Otherwise the remote site can do bad | Apr 12 12:11 |
schestowitz | > things to visitors. | Apr 12 12:11 |
schestowitz | I know, but the redirect causes a sort of catch-22. That site above is very popular and won't pull a nasty one. Probably won't notice, either... | Apr 12 12:11 |
schestowitz | We can repurpose this in the future, e.g. in case of DB maintenance. | Apr 12 12:11 |
schestowitz | For documentation: | Apr 12 12:11 |
schestowitz | The site now has a file /home/boycottn/public_html/index,html | Apr 12 12:11 |
schestowitz | We don't need to remove index.html, it can stay there as long as the php file is chosen instead | Apr 12 12:11 |
schestowitz | To avoid the php index file being picked I renamed index.php and if it's renamed back it'll be chosen instead | Apr 12 12:11 |
schestowitz | mv index.php index.php-delthis | Apr 12 12:11 |
schestowitz | to get back to normal mode | Apr 12 12:11 |
schestowitz | mv index.php-delthis index.php | Apr 12 12:11 |
schestowitz | Also remove the following lines in /home/boycottn/public_html/.htaccess | Apr 12 12:11 |
schestowitz | Apr 12 12:11 | |
schestowitz | Apr 12 12:11 | |
schestowitz | RewriteEngine on | Apr 12 12:11 |
schestowitz | RewriteCond %{REQUEST_URI} !^/index.html$ | Apr 12 12:11 |
schestowitz | RewriteRule . /index.html [R=302,L] | Apr 12 12:11 |
schestowitz | This is useful in case the DB is down and WordPress is too cumbersome for static anything | Apr 12 12:11 |
*rianne has quit (Ping timeout: 240 seconds) | Apr 12 13:38 | |
*liberty_box has quit (Ping timeout: 260 seconds) | Apr 12 13:39 | |
*rianne (~rianne@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 14:31 | |
*liberty_box (~liberty@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 14:32 | |
*liberty_box has quit (Ping timeout: 265 seconds) | Apr 12 16:24 | |
*rianne has quit (Ping timeout: 264 seconds) | Apr 12 16:24 | |
*libertybox_ (~schestowi@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 16:46 | |
*acer-box__ (~acer-box@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 16:46 | |
*acer-box__ has quit (Changing host) | Apr 12 16:46 | |
*acer-box__ (~acer-box@unaffiliated/schestowitz) has joined #techbytes | Apr 12 16:46 | |
*libertybox has quit (Ping timeout: 250 seconds) | Apr 12 16:49 | |
*acer-box has quit (Ping timeout: 258 seconds) | Apr 12 16:49 | |
*rianne (~rianne@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 16:53 | |
*liberty_box (~liberty@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 16:54 | |
schestowitz | >> [10:06] <> well really I mean whenever I wake up | Apr 12 19:00 |
schestowitz | >> [10:06] <> so like later today really | Apr 12 19:00 |
schestowitz | > [snip] | Apr 12 19:00 |
schestowitz | > I'll probably be online for another hour today, maybe two, just in case | Apr 12 19:00 |
schestowitz | > it can be of help. | Apr 12 19:00 |
schestowitz | Yes, I do wonder when he'll wake up. He said he was awake 24 hours beforehand with naps. | Apr 12 19:00 |
schestowitz | I guess the important thing is that we'll complete a migration and maybe get rid of that VM crash issue in the process, add HTTPS etc. If that works well with TR, we can do TM afterwards. | Apr 12 19:00 |
schestowitz | Rianne and I will pay him for his time. | Apr 12 19:00 |
schestowitz | Thanks for sticking around, I'll keep email open just in case... | Apr 12 19:00 |
schestowitz | My main worry is what we can make with the existing DB and worse case scenario we'll use the older backup. | Apr 12 19:00 |
schestowitz | I cleaned by RSS feeds for now. Just waiting for the wakeup now... | Apr 12 19:00 |
*schestowitz has quit (Quit: Konversation term) | Apr 12 19:07 | |
*schestowitz (~schestowi@unaffiliated/schestowitz) has joined #techbytes | Apr 12 19:08 | |
schestowitz | VPN issues: | Apr 12 19:08 |
schestowitz | =========== | Apr 12 19:08 |
schestowitz | Hi, sorry for the late response. I am swamped in work. You can show me your ipsec.conf, but the meaning of "auto" has never changed, so unless there was some other mechanism in play the fault is entirely with the probably manual copying of the configuration file. | Apr 12 19:08 |
schestowitz | wireguard, strongSwan and OpenVPN have different advantages and disadvantages. For single users and very small businesses, wireguard is probably fine (unless you need to go through a firewall that only permits DNS, HTTP and HTTPS) | Apr 12 19:08 |
schestowitz | strongSwan works very well for very large businesses because it can completely leverage accelerator cards and X.509 certificates. | Apr 12 19:08 |
schestowitz | OpenVPN is somewhere in the middle. | Apr 12 19:08 |
schestowitz | 9:55 AM | Apr 12 19:08 |
schestowitz | Thank you, we reeeeally appreciate this! I am setting up another Debian Buster machine (for me, the first one was the wife's). My old PC's HDD is gradually falling apart, so this is an emergency for me. For 6 years we used ipsec up companyName, maybe that's why "auto" was never there. As company we used to package strongswan and also set it up for some, but our two VPN gurus left the company. I will contact you soon with more details, | Apr 12 19:08 |
schestowitz | the data off the dying machines as I type this | Apr 12 19:08 |
schestowitz | auto defaults to "ignore" so the conn isn't loaded if it's not specified | Apr 12 19:08 |
schestowitz | What's the goal? | Apr 12 19:08 |
schestowitz | Yesterday, 8:33 AM | Apr 12 19:08 |
schestowitz | There's a bunch of networks, maybe 5 of them, which we need remote access to. Right now, if I connect to VPN from Debian, I can access strictly those networks but nothing else, not even the local networking/LAN. The DNS server works OK, but not a packet will go out to anything other than those networks (and my machine). | Apr 12 19:08 |
schestowitz | Yesterday, 8:54 AM | Apr 12 19:08 |
schestowitz | You need to define a passthrough policy for your LAN | Apr 12 19:08 |
schestowitz | If I understand this correctly, that would be something like: | Apr 12 19:08 |
schestowitz | "# VPN passthrough / tunnel bypass rules | Apr 12 19:08 |
schestowitz | conn passthrough_base | Apr 12 19:08 |
schestowitz | left=127.0.0.1 | Apr 12 19:08 |
schestowitz | # right=127.0.0.1 | Apr 12 19:08 |
schestowitz | leftsubnet=0.0.0.0/0 | Apr 12 19:08 |
schestowitz | rightsubnet=dddddddddd/32 | Apr 12 19:08 |
schestowitz | authby=never | Apr 12 19:08 |
schestowitz | type=passthrough | Apr 12 19:08 |
schestowitz | auto=route" | Apr 12 19:08 |
schestowitz | Apr 12 19:09 | |
schestowitz | as per https://wiki.strongswan.org/issues/2788 | Apr 12 19:09 |
-TechBytesBot/#techbytes-wiki.strongswan.org | Issue #2788: Passthrough policy not working - strongSwan | Apr 12 19:09 | |
schestowitz | Is this a good pointer/reference or should I look elsewhere for one? | Apr 12 19:09 |
schestowitz | Apr 12 19:09 | |
schestowitz | No, that's wrong. The subnets have to be the ones you don't want any IPsec processing to happen for. | Apr 12 19:09 |
schestowitz | Apr 12 19:09 | |
schestowitz | Thank you :-) I will give that a go soon. Cheers! | Apr 12 19:09 |
schestowitz | Apr 12 19:09 | |
schestowitz | I have attempted more things, based on examples from | Apr 12 19:09 |
schestowitz | https://wiki.strongswan.org/issues/2472 and https://wiki.strongswan.org/projects/strongswan/wiki/UsableExamples#Passthrough-policy | Apr 12 19:09 |
schestowitz | I regret that I while I know which addresses do need the VPN, I don't know how to do a negation of those for passthrough, i.e. make an exception (no VPN) for all except X Y and Z | Apr 12 19:09 |
-TechBytesBot/#techbytes-wiki.strongswan.org | Issue #2472: ikev2 tunnel narrowing for netflix subnets - strongSwan | Apr 12 19:09 | |
schestowitz | I try all sorts of things, but it never works. For now I've left that as the default usable example | Apr 12 19:09 |
schestowitz | I previously said that I had attempted: | Apr 12 19:09 |
schestowitz | [...] | Apr 12 19:09 |
schestowitz | rightsubnet=0.0.0.0/0 | Apr 12 19:09 |
-TechBytesBot/#techbytes-wiki.strongswan.org | Usable Examples configurations - strongSwan | Apr 12 19:09 | |
schestowitz | rightid=%any | Apr 12 19:09 |
schestowitz | auto=route | Apr 12 19:09 |
schestowitz | conn passthrough_base | Apr 12 19:09 |
schestowitz | left=127.0.0.1 | Apr 12 19:09 |
schestowitz | leftsubnet=10.0.0.0/8 | Apr 12 19:09 |
schestowitz | rightsubnet=10.0.0.0/8 | Apr 12 19:09 |
schestowitz | type=passthrough | Apr 12 19:09 |
schestowitz | auto=route | Apr 12 19:09 |
schestowitz | Apr 12 19:09 | |
schestowitz | I used 10.0.0.0 as I don't know how to say "All except..." (so to speak) | Apr 12 19:09 |
schestowitz | Then I got: | Apr 12 19:09 |
schestowitz | Apr 12 19:09 | |
schestowitz | $ ip address | Apr 12 19:09 |
schestowitz | .... | Apr 12 19:09 |
schestowitz | Now, let's say I try this (with only the tunneled IPs as subnets (please ignore timestamps): | Apr 12 19:09 |
schestowitz | .... | Apr 12 19:09 |
schestowitz | Apr 12 19:09 | |
schestowitz | This is for two laptops running Debian 10. I hope to convince more colleagues to move to it if I have the configs all right. We currently have outdated configs for old versions of Ubuntu only. Two colleagues who knew strongswan well left the company, so I hope I can put in the company's wiki a better conf template that suits newer systems. The above is from the wife's thinkpad. | Apr 12 19:09 |
schestowitz | Apr 12 19:09 | |
schestowitz | Many thanks in advance | Apr 12 19:09 |
schestowitz | Please send me all the things that are listed on the HelpRequests page by email to xxxxxxxxx. It makes it easier to help you if I have all the info. | Apr 12 19:09 |
schestowitz | Apr 12 19:09 | |
schestowitz | Strongswan help | Apr 12 19:09 |
schestowitz | Attached to avoid newlines ;-) | Apr 12 19:09 |
schestowitz | > Hello Roy, | Apr 12 19:09 |
schestowitz | > | Apr 12 19:10 |
schestowitz | > Thank you for coming back to my offer about help. | Apr 12 19:10 |
schestowitz | > | Apr 12 19:10 |
schestowitz | > Don't set leftsubnet=0.0.0.0/0 | Apr 12 19:10 |
schestowitz | > | Apr 12 19:10 |
schestowitz | > Rest looks fine although you still use legacy ipsec.conf. | Apr 12 19:10 |
schestowitz | > You'd do well using swanctl.conf instead. It's more structured and cleaner. It also enables you to use the strongswan-swanctl service, which makes configuration synchronous at start time. | Apr 12 19:10 |
schestowitz | > (Otherwise there are races between its configuration and whatever depends on said configuration). | Apr 12 19:10 |
schestowitz | > | Apr 12 19:10 |
schestowitz | >> I used 10.0.0.0 as I don't know how to say "All except..." (so to speak) | Apr 12 19:10 |
schestowitz | > Well, you use the passthrough policy for that. | Apr 12 19:10 |
schestowitz | > If you only want to tunnel certain subnets, configure that using rightsubnet in the conn that establishes the tunnel. | Apr 12 19:10 |
schestowitz | > Tunnel all: rightsubnet=0.0.0.0/0 in the conn to the remote peer | Apr 12 19:10 |
schestowitz | > except: put said stuff as rightsubnet in a passthrough conn. I don't know if multiple subnets/IPs in rightsubnet for | Apr 12 19:10 |
schestowitz | > passthrough conns work as expected. | Apr 12 19:10 |
schestowitz | > I always use a single pair with leftsubnet and rightsubnet being the network I'm trying to exclude (so it always covers my LAN IP on the left and the whole LAN on the right, for example). | Apr 12 19:10 |
schestowitz | > | Apr 12 19:10 |
schestowitz | > Miscallaneous: | Apr 12 19:10 |
schestowitz | > 1) left=%defaultroute is a no-op. Same for leftfirewall=no | Apr 12 19:10 |
schestowitz | > | Apr 12 19:10 |
schestowitz | > Kind regards | Apr 12 19:10 |
schestowitz | Thanks so much!! | Apr 12 19:10 |
schestowitz | I'll dive in and give that a go! | Apr 12 19:10 |
*liberty_box has quit (Ping timeout: 258 seconds) | Apr 12 20:43 | |
*rianne has quit (Ping timeout: 256 seconds) | Apr 12 20:44 | |
*rianne (~rianne@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 20:53 | |
*liberty_box (~liberty@host81-154-172-215.range81-154.btcentralplus.com) has joined #techbytes | Apr 12 20:54 | |
*TechBytesBot has quit (Remote host closed the connection) | Apr 12 21:02 | |
*TechBytesBot (~b0t@199.19.78.19) has joined #techbytes | Apr 12 21:08 | |
TechBytesBot | Hello World! I'm TechBytesBot running phIRCe v0.75 | Apr 12 21:08 |
*TechBytesBot has quit (Remote host closed the connection) | Apr 12 21:15 | |
*TechBytesBot (~b0t@199.19.78.19) has joined #techbytes | Apr 12 21:21 | |
TechBytesBot | Hello World! I'm TechBytesBot running phIRCe v0.75 | Apr 12 21:21 |
*TechBytesBot has quit (Remote host closed the connection) | Apr 12 21:41 | |
*TechBytesBot (~b0t@199.19.78.19) has joined #techbytes | Apr 12 22:24 | |
TechBytesBot | Hello World! I'm TechBytesBot running phIRCe v0.75 | Apr 12 22:24 |
schestowitz | How to access, repair the DB | Apr 12 23:42 |
schestowitz | The DB is now accessible from the HV as follows | Apr 12 23:42 |
schestowitz | I ran this while the DB was running (live!) and it took about 15 minutes, less then the VM took.... | Apr 12 23:42 |
schestowitz | This will be in today's IRC logs, which I will upload in 20 mins when it's midnight. | Apr 12 23:46 |
schestowitz | I think it's now safe to add yesterday's (and soon also today's) IRC blog posts. | Apr 12 23:46 |
Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!