schestowitz__81.154.168.60Feb 11 10:37
schestowitz__I have regenerated keysFeb 11 10:38
schestowitz__restarted agateFeb 11 10:38
schestowitz__when trying to connect it denies proxy request, it saysFeb 11 10:38
schestowitz__maybe the above record needs changing to cname? maybe dns propagation?Feb 11 10:38
Techrights-secYes, it would need the name there:Feb 11 10:42
Techrights-sec Failed to connect to the   Feb 11 10:42
Techrights-sec server: hostname does not  Feb 11 10:42
Techrights-sec verify: x509: certificate  Feb 11 10:42
Techrights-sec    is valid for gemini.    Feb 11 10:42
Techrights-sec, not host81 Feb 11 10:42
Techrights-sec  154-168-60.range81-154.   Feb 11 10:42
Techrights-sec     Feb 11 10:42
Techrights-secfrom the Gemini client amforaFeb 11 10:42
Techrights-secdid the registrar reply?Feb 11 10:42
schestowitz__Yes, I have a GUI where I can change this, defaults to A record, cannot be changedFeb 11 10:43
Techrights-secnevermindFeb 11 10:43
Techrights-secI see the nameFeb 11 10:43
Techrights-sechowever it is an A name.  The A name needs to be provided by the dynamic DNS serviceFeb 11 10:43
Techrights-secI am not sure but that will probably not work Feb 11 10:45
Techrights-secWhat is the password for my login there at the registrar?Feb 11 10:45
schestowitz__only www. and ftp. show up as CNAMEFeb 11 10:48
Techrights-secThe A name will point to an IP addressFeb 11 10:50
Techrights-secThe CNAME will then point to the established A name.Feb 11 10:50
Techrights-sec;; ANSWER SECTION:Feb 11 10:50     14400   IN      CNAME 11 10:50         3375    IN      A 11 10:50
Techrights-secThe A name has to exist firstFeb 11 10:50
Techrights-sec(AFAIK)Feb 11 10:50
schestowitz__maybe I will just ask them to assist...Feb 11 10:50
schestowitz__upside is, it seems like the pi already has a domain name for ssh, which I can keep updated after reset. does ssh@ name work for you?Feb 11 10:52
schestowitz__I also ping and ssh it, the ports are open for that. not sure why gemini is fussy but I assume its matching between certs and domain fail somewhere, will recheckFeb 11 10:53
Techrights-secyesFeb 11 10:56
Techrights-sec but if the IP changes, then it will point at an old address ,possiblyFeb 11 10:56
Techrights-secsomeone else's machineFeb 11 10:56
schestowitz__that was always an issue when using IPv4 address as well, but now I can quickly access a GUI instead of notifying of changesFeb 11 10:57
schestowitz__for gemini I get "proxy request refused" and I tried from localhost and another machine on our LANFeb 11 11:00
Techrights-secRight but that task is meant to be automated. Feb 11 11:00
schestowitz__eventually the IP might be static anyway, if we deploy this to the HV under some containerFeb 11 11:01
schestowitz__ 11 11:04
-TechrightsBN/ | IDN with Gemini?Feb 11 11:04
schestowitz__"Feb 11 11:04
schestowitz__I'm pretty sure this is because no punycoding is being done in the DNS, andFeb 11 11:04
schestowitz__it's probably getting the UTF-8 encoding instead of "Feb 11 11:04".  When I ask Lagrange to connect to theFeb 11 11:04
schestowitz__punycoded form explicitly, your server does not recognize it as "self" andFeb 11 11:04
schestowitz__replies with "Proxy Request Refused".Feb 11 11:04
schestowitz__"Feb 11 11:04
schestowitz__yes, both ipfs and gemini should eventually be on there, at risk of having less direct control over the physical hosting site. It's all about the load these incur.Feb 11 11:06
schestowitz__Hi, Feb 11 11:11
schestowitz__Thanks very much for the pointer.Feb 11 11:11
schestowitz__I've gotten as far as setting up the subdomain, but I cannot make it a CNAME, which is maybe what I need because Gemini browsers complain "Proxy Request Refused".Feb 11 11:11
schestowitz__I'm told it's likely because that's an A record. I am not given the option to change that in cpanel (screenshot attached).Feb 11 11:11
Techrights-secThe underlying problem with the name would be the dynamic dns.Feb 11 11:26
Techrights-secThat step has to come first afaikFeb 11 11:26
schestowitz__I have just received a reply and it seems they can change it, but not from the GUIFeb 11 11:27
schestowitz__will fwd to you the mailFeb 11 11:27
schestowitz__check mailFeb 11 11:28
Techrights-secIt should not be overriden, the A name must be supplied by the dynamicFeb 11 11:32
Techrights-secdns serivce first.  Can the registrar provide that for the RPi?Feb 11 11:32
Techrights-secIt would be a user-name, password, and URL that would go into ddclientFeb 11 11:32
Techrights-secThen all that can be managed automatically and it won't need interventionFeb 11 11:32
Techrights-secwhen the IP number changesFeb 11 11:32
schestowitz__ddclient installedFeb 11 11:32
schestowitz__  │ Dynamic DNS service provider:                                                                                                     │ Feb 11 11:32
schestowitz__  │                                                                                                                                   │ Feb 11 11:32
schestowitz__  │                                                                                                           │ Feb 11 11:32
schestowitz__  │                                                                                                          │ Feb 11 11:32
schestowitz__  │                                                                                                       │ Feb 11 11:32
schestowitz__  │                                                                                                         │ Feb 11 11:32
schestowitz__  │                                                        other                                                                      │ Feb 11 11:32
schestowitz__  │                                                                   Feb 11 11:33
schestowitz__easydns is 35 bucks a yearFeb 11 11:34
Techrights-secYes,  can catalyst2 provide a dynamic dns subscription?Feb 11 11:35
Techrights-secIf they can, we'll plug that info into ddclient. Feb 11 11:35
Techrights-secIf not, then we can consider one of the other services for that.Feb 11 11:35
Techrights-secWhat about catalyst2 though?  Can they provide dynamic dns?Feb 11 11:35
Techrights-secSome provide it free with their package.Feb 11 11:35
schestowitz__"Feb 11 11:39
schestowitz__I've spoken to a colleague, who says that what we probably want is dynamic dns, where the aforementioned record points to that instead of the IP address. I've just installed ddclient and it seems to be asking what provider to use (mostly US-based ones exist).Feb 11 11:39
schestowitz__Does Catalyst2 provide dynamic dns as a service? I'd prefer to keep all those things with the same provider.Feb 11 11:39
schestowitz__"Feb 11 11:39
schestowitz__thought: if we were to use dynamic dns with hostname/domain, we'd not at all have to go with a subsite address... or have another address as an alias of though I don't think agate can deal with multiple address, as it does not "self-identify" as multiplesFeb 11 11:51
Techrights-secDoes agate neet the A name?  You can set the cert for the CNAME, possiiblyFeb 11 11:53
Techrights-secThe idea behind the Dynamic DNS is that it takes care of the A anemFeb 11 11:56
Techrights-secthen the CNAME points to the A name Feb 11 11:56
Techrights-secso all our services and certs use the CNAMEFeb 11 11:56
Techrights-secIt hides the changing of the IP number nicelyFeb 11 11:56
schestowitz__yesFeb 11 11:56
schestowitz__I have just tinkered a bit with agate, to no avail, and am waiting for the webhost to replyFeb 11 11:57
schestowitz__dyn is 55 bucks a yearFeb 11 12:03
schestowitz__and dskreport no longer seems to provide this kind of serviceFeb 11 12:03
schestowitz__by that sort of price list it would be cheaper to just register a domain for gopher/gemini/other alone, set aside the subdomain (as this whole thing might involve a registration anyway)Feb 11 12:04
schestowitz__turns out there's no public .gopher address or .gemini domainsFeb 11 12:11 14400 IN CNAME Feb 11 12:16
schestowitz__host81-154-168-60.range81-154.btcentralplus.comFeb 11 12:16
schestowitz__All configs updated now in agate, but I still get the same error message, even when it's a cname with domain from BT instead of IPFeb 11 12:17
Techrights-secthat's ok  tld changes are stupidFeb 11 12:21
Techrights-secthe host name can carry the service title if neededFeb 11 12:22
Techrights-secotherwise it gets sorted by port Feb 11 12:22
schestowitz__with gemini.techrights,org now being a cname entry, can you figure out with me what goes wrong and why?Feb 11 12:22
Techrights-sec(oops the editor is not in this window)Feb 11 12:22
schestowitz__This one has a flatpak btw 11 12:30
-TechrightsBN/ | LagrangeFeb 11 12:30
Techrights-sec;; ANSWER SECTION:Feb 11 12:31           60      IN      A 11 12:31  60      IN      CNAME   foo.ddns.netFeb 11 12:31
Techrights-secThat's kindof how it should look later when we have some kind of dynamic dnsFeb 11 12:31
Techrights-secthat would be from No_IP in the above example (faked for demo purposes)Feb 11 12:31
Techrights-seclagrane is a client if I read correctlyFeb 11 12:31
schestowitz__yes, it is, as the others are rust or C# or worseFeb 11 12:31
schestowitz__can we not bypass the ddclient part for testing purposes and if not, do we know for sure it would work ok with ddclient?Feb 11 12:33
Techrights-secyes ddclient can be bypassed, but the A name needs to point at an IP numberFeb 11 12:37
Techrights-secthen the CNAME '' needs to point at that A name.Feb 11 12:37
Techrights-secThen it will be set up to drop in a dynamic dns serivce.Feb 11 12:37
Techrights-secand the certificat should be able to work off of the CNAMEFeb 11 12:37
schestowitz__this is proving to be harder than the setup of the server, I wonder if we can swap "" (in the example above) for the time being?Feb 11 12:38
Techrights-sec'' can be '' or something like that.Feb 11 12:42
schestowitz__I have just done that using and it still fails to connect from amfora :(Feb 11 12:42
Techrights-sechow is the cert set up?  It should then be built around the new CNAMEFeb 11 12:45
schestowitz__I even tried to change the cert to home.techrights.orgFeb 11 12:45
schestowitz__and to access that domain over geminiFeb 11 12:45
schestowitz__the host just came back to me, saying they do not do dynamic dnsFeb 11 12:46
schestowitz__if we ever move the whole thing to the server, which has a static IP, then we won't need dynamic dns services at allFeb 11 12:47
schestowitz__(afaik)Feb 11 12:47
Techrights-sechow is the cert set up?  It should then be built around the new CNAMEFeb 11 12:48
Techrights-secExecStart=/home/gemini/bin/agate.armv7-unknown-linux-gnueabihf -s --content /home/gemini/gemini/ --key /home/gemini/certs/key.peFeb 11 12:48
Techrights-secm --cert /home/gemini/certs/cert.pem --hostname --lang en-GBFeb 11 12:48
schestowitz__oh. I forgot it is hard-coded there too.Feb 11 12:49
schestowitz__side note/ot: re dynamic ip, if I go on holiday and fear losing ssh access for ip hops at router level I have some workaround, like the machine writing its ip to somewhere I can access from anywhereFeb 11 12:50
schestowitz__THIS IS SOLVED NOW!!! \0/Feb 11 12:52
schestowitz__and it gives a layer of indirection at, which is where for now I need to keep my IP up to date (won't take more than a minute, in case the hub resets itself)Feb 11 12:53
Techrights-secnext step would be the index files for Gemini.  I am working on thatFeb 11 12:59
Techrights-secThe article conversion is ok, but I don't see a way to browse empty directoriesFeb 11 12:59
Techrights-secover the net.Feb 11 12:59
Techrights-secYes!Feb 11 12:59
Techrights-secIt works from here too. Feb 11 12:59
schestowitz__I am going to do a raspi video and gemini video later, still recovering mentally from the TM incident this morning and at least we managed to get runningFeb 11 13:00
Techrights-secyes, the CNAM should go there tooFeb 11 13:00
Techrights-secthat's progressFeb 11 13:02
schestowitz__and we now know what happens when TM runs out of space, even in /tmp (I will need to internalise this as it happened years ago and I could not remember the diagnosis)Feb 11 13:03
schestowitz__(sorry for the wrong pastes, they're also redacted/sanitised a bit as it might help other people set up gemini capsules... there's VERY scarce documentation about it onlineFeb 11 13:04
schestowitz__For the time being I have removed ddclient from the pi, seeing that when you set it up it has a wizard for doing all the configs and we might want to use that wizard later. Since new hub was installed no disconnected (yet)Feb 11 13:08
Techrights-secyes, there's scarce documentation because it is in the early stagesFeb 11 13:08
Techrights-secif it takes off TR will be in very early tooFeb 11 13:08
Techrights-secIt'll be interesting to hear if Catalyst2 has a dynamic service availableFeb 11 13:09
schestowitz__As I mentioned earlier, they said no, will fwd you the mailFeb 11 13:09
schestowitz__then, mind me adding some ascii art to main index?Feb 11 13:09
Techrights-secSure, format it as you wish and I will incorporate it into the scriptFeb 11 13:10
schestowitz__just to be sure, do you get a blank page if entering over www the address Because to me it gives HUB SETTINGS and I took remote screen grabs of the address just to be sure it shows nothing dodgy to people outside our LAN.Feb 11 13:11
schestowitz__200 is OK for one page, depending on the gemini client used (amfora is ok with  a dozen links or less)Feb 11 13:12
Techrights-sec Bulletin for Saturday, February 06, 2021Feb 11 13:12
Techrights-secThat's the first lineFeb 11 13:12
Techrights-secThere are around 200 articles last month, probably on pace with otherFeb 11 13:13
Techrights-secmonths perhaps that is too long for all in one page?Feb 11 13:13
schestowitz__"Feb 11 13:15
schestowitz__Hi Roy,Feb 11 13:15
schestowitz__I've checked this with management and i'm afraid we do not support dynamic DNS. Sorry. There's a fair few free ones that might be of use - 11 13:15
-TechrightsBN/ | Free DynDNS | Best free dynamic DNS services - IONOSFeb 11 13:15
schestowitz__Best regardsFeb 11 13:15
schestowitz__"Feb 11 13:15
schestowitz__when you ssh the pi, assuming I keep the records up to date, there's now a domain (updated manually) instead of ipFeb 11 13:18
Techrights-secAh, thanks for the remininer, I'll fix my ssh_config fileFeb 11 13:20
schestowitz__to avoid conflicting edits, how are you generating links list for the main index?Feb 11 13:21
Techrights-secThe main index was done by hand.  I have not an idea about how that one should Feb 11 13:30
Techrights-secbe generated.  Maybe just the last week's worth plus links to the various months in reverse chronological order?Feb 11 13:30
schestowitz__I can do one by piping find into sed and grep, then make it sort of dynamic, with some cron job adding more articles periodically and then another cron job listing the latest?Feb 11 13:30
Techrights-secI'm slowly making one which populates the lower directories.Feb 11 13:31
schestowitz__oh, comms important here, to avoid duplicate effortFeb 11 13:31
Techrights-secIt can be extended to include the main index, too.Feb 11 13:32
schestowitz__flatfak of bloated[rant[Feb 11 13:32
schestowitz__flatpak of bloated[rant]Feb 11 13:32
schestowitz__flatpak install /home/roy/Desktop/Text_Workspace/images/fi.skyjake.Lagrange.flatpakref Feb 11 13:32
schestowitz__almost half a gig to download to install some trashFeb 11 13:33
Techrights-secOne question is how to keep it in sync.  Is a 0-24 hour lag ok?Feb 11 13:33
Techrights-secI would avoid flatpakFeb 11 13:35
Techrights-secsame for snapsFeb 11 13:35
Techrights-secI tried snaps but they accumulate cruft.  Old updates never went awayFeb 11 13:35
Techrights-secand filled up the HDFeb 11 13:35
schestowitz__I had MANY reservations about this, but I DO need a GUI front end to test with... and all the others are potentially worse, like compiling from source, which I hate doing as it means installing devtools, debugging etc.Feb 11 13:36
schestowitz__re update lags, those are modifiable, we can start 24 hrs apaetFeb 11 13:37
schestowitz__*apartFeb 11 13:37
schestowitz__LOL!!!!! IBM!!!!Feb 11 13:39
schestowitz__Lagrange: A Beautiful Gemini ClientFeb 11 13:39
schestowitz__[the_Foundation] version: 1.0.0 cstd:201112Feb 11 13:39
schestowitz__[the_Foundation] locale: en_GB.UTF-8Feb 11 13:39
schestowitz__SDL init failed: Could not connect to PulseAudioFeb 11 13:39
schestowitz__After letting it install half a gig (!) of unspecified crap on my system!!Feb 11 13:40
schestowitz__"sorry man!!! Can't use gemini to suft the web without a lousy audio stack of LP!! Try another media player man!!"Feb 11 13:40
Techrights-secok, sounds goodFeb 11 13:41
Techrights-secewwwFeb 11 13:41
Techrights-secWhile you're in the Rpi, can you please add libpath-iterator-rule-perl to the Feb 11 13:41
Techrights-secsystem?Feb 11 13:41
schestowitz__installedFeb 11 13:41
Techrights-secIt's probably tied to systemd tooFeb 11 13:41
Techrights-sec(the lagrange client, that is)Feb 11 13:41
schestowitz__buster already comes with systemd regardlessFeb 11 13:42
schestowitz__"Feb 11 13:43
schestowitz__are not in the search path set by the XDG_DATA_DIRS environment variable, soFeb 11 13:43
schestowitz__applications installed by Flatpak may not appear on your desktop until theFeb 11 13:43
schestowitz__session is restarted.Feb 11 13:43
schestowitz__"Feb 11 13:43
schestowitz__!!!Feb 11 13:43
schestowitz__IBM(R) Windows(TM)Feb 11 13:43
schestowitz__"Never mind, issue resolved when PC was rebooted." 11 13:47
-TechrightsBN/ | Unable to allocate instance id · Issue #122 · flathub/org.signal.Signal · GitHubFeb 11 13:47
schestowitz__WindowsFeb 11 13:47
schestowitz__Turns out there are some Android clients 11 13:52
-TechrightsBN/ | Gemini (protocol) - WikipediaFeb 11 13:52
schestowitz__This graph says it shot up from almost nothing to a quarter million last year alone 11 13:53
-TechrightsBN/ | Gemini space - WikipediaFeb 11 13:53
Techrights-secGood, Android, despite its problems, is a very large market.Feb 11 13:53
schestowitz__I'm thinking, I can work on linking to the static text objects (bulletins and IRC as text) while you focus on articles as gemini, to avoid conflicting/overlapping workFeb 11 13:56
schestowitz__we now have about 1,000 pages at 100MB of disk space for that part, so given the size of the DB, sans markup, we're probably looking at a few GBs for the whole site, excluding multimedia and old IRC logs (before we has text versions of them)Feb 11 15:58
schestowitzx\Feb 11 17:27
-TechrightsBN/ | CIO News | Enterprise IT, Enterprise Technology, Tech Industry News - ET CIOFeb 11 17:27
schestowitzx 11 17:27
-TechrightsBN/ | India sees improvement in online civility score in 2020: Microsoft study, IT News, ET CIOFeb 11 17:27
schestowitzMicrosoft?!Feb 11 17:28
schestowitzwth?Feb 11 17:28
schestowitz 11 17:29
-TechrightsBN/ | VW, Microsoft Extend Collaboration to Self-Driving Car Software - BloombergFeb 11 17:29
