the itjerk

my adventures with technology

raid, again, and backup

I bought two 3TB drives to replace my 1TB RAID. Easy enough, because with hardware RAID 1 the disks are identical: you can pull one drive out, plug it into a USB enclosure, and provided your computer is compatible with the drive’s format — ext4 in my case — you will have two functioning backup drives to copy over to the new RAID (and eventually erase/shred).
sudo shred -v -nX -z /dev/sdX

A thing about buying a hard drive. I notice that the marketing has now shifted to “intended use” of the drive – Desktop, NAS, Surveillance, etc. Guess what, I call b.s. — they’re all the same drives, probably just the more expensive ones were tested more (to justify price/warranty). Please, let me know otherwise if you think I am wrong.

Maybe I should have got 4TB discs? I don’t know. Going from 70% used to 70% available is a jump. I do want to rip more of my CD library to my computer, because digital music is here to stay (and when I say “more” of my library, I mean a “curated” more of my library). I rip to FLAC, which is all the quality I require (considering the source is 16bit/44khz), so how much will I need? Figuring FLAC at level 5 is about 300-350 MB per CD, 2TB will hold a LOT of CDs.

2000000 MB / 330 MB = 6060 CDs

I should probably also mention that RAID 1 is not a backup. It’s a safety copy in case one drive fails. You want backup? You gotta have two of everything. One here, and one over there. More later.

The bigger question then is what do we do with all the data we have. If I really think about it, I need to back up my photos, SOME of my music, my data (book, website, etc), and what else? Do I really need all the crap on my computer? All the files on those backup drives and old hard disks? Probably not, because I don’t even know what I have most of the time and … p0rn should never be downloaded! 😉

My next project will be to organize all my “digitalia,” and what a project that will be!

Advertisements

ubuntu 18.04 lts

Desktop upgrade time. The latest version of Ubuntu, 18.04 lts “Bionic Beaver,” was released last week, so I decided to upgrade my desktop computer in situ from 16.04LTS. There’s lots of changes between LTS versions, but the big change here was the switch from Compiz/Unity display manager and desktop to Xorg/Gnome. The reason why I upgrade is that the LTS version is supported until 2023, though I have to admit that having a new UI was enticing, especially with Gnome Shell extensions.
sudo update-manager -cd
After the above command to make the upgrade available to Software Updater, I had errors. Nonetheless, Bionic Beaver installed, and I rebooted. The first error was with ca-certificates during upgrade, which is a known Bug #1767453. The second was a broken intramfs, which I solved by updating it for the current kernel, sudo update-initramfs -c -k 4.15.0-20-generic.

Bigger issue I had was with Xorg/Gnome. When I’d go to log in, I’d get an empty screen, though intermittently between reboots it would work. Ugh. So I reinstalled Xorg/Gnome, by doing this:
sudo tasksel install ubuntu-desktop
then uninstalled Compiz/Unity by this:
sudo apt-get purge compiz compiz-plugins-main-default libcompizconfig0

It ends up the issue boiled down to one of the Display Managers, lightdm or gdm3. I decided to purge lightdm and use gdm3, which after the following thorough reinstallation, seems to be working:
apt-get update
sudo apt-get -d install --reinstall gdm3
sudo apt-get remove --purge gdm3
sudo apt-get install gdm3

I also installed gnome-tweak-tool to move the min/max buttons to the left, and the new theme, Communitheme, because after 8 years of Ambiance we all need a new Ubunutu theme! I also found some useful Gnome Shell extensions, which I installed via the “chrome” plugin in Firefox (go figure!). Oh, and this:
gsettings set org.gnome.shell.extensions.dash-to-dock show-apps-at-top true

After the perfunctory sudo apt-get update/dist-upgrade/autoremove, I went through many things, like local copies of websites, Openvpn, etc. and found they worked. MiniDLNA was also running but Logitech Media Server needed to be reinstalled (with a new version: 7.9.1 – 1522157629 @ Fri Mar 30 12:25:29 CEST 2018).

Mostly good, and a nice change of desktop scenery!

dnscrypt2

Spurred on by some recent articles, I decided to switch to dnscrypt2. It’s an improved version, supports a whole slew of things and more resovers.

This was a bit of work, because, stupidly, I disabled dns! Anyway, long story short, I followed the instructions here, and everything worked out okay. I did need to edit /etc/dnsmasq.conf because dnsmasq was also trying to use to 127.0.0.1.

desktop:~$ nslookup -type=txt debug.opendns.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
debug.opendns.com text = "server m33.chi"
debug.opendns.com text = "flags 20 0 70 7950800000000000000"
debug.opendns.com text = "originid 0"
debug.opendns.com text = "actype 0"
debug.opendns.com text = "source 23.122.56.207:33649"
debug.opendns.com text = "dnscrypt enabled (714E7A696D657555)"

One the web:
DNScrypt

the big upgrade

Production website upgrades (do-release-upgrade from 14.04.5 to 16.04.4) are the most nerve-wracking ever. Being a “one-man show” means it’s all or nothing, no team to lean on, just my wits and google. Sure, I had a back-up if everything went south; yes, I had an idea everything would work; and yes, I ran into problems.

The local copy of my website needed an earlier version of php to work. That fix was easy enough, I just installed ondrej ppa for it. But I ran into a problem with the production site because I have iRedMail installed; so yes, the local copy isn’t completely like the production site. Here the problem was auth_mysql, as evidenced by sudo apache2ctl configtest. Two mods I have – awstats and cluebringer – were calling auth_mysql and preventing apache2 to load. The fix was fairly easy, apt-get install libaprutil1-dbd-mysql, and then clearing out the offending *.conf files. Thanks to iRedMail for information.

Seeing that website, email, etc live again was a good, good feeling.

A few weeks later, there were a few more things I had to tweak to get oh-so-right, but most of that was email related, and mostly non-OS related.

phpbb – new website

I have a web property, progressiverock.com, that’s been dormant ever since I rebranded my prog rock site after my book, strawberrybricks.com, a few years ago. One would think that the former URL is worth some money, but to date I have been unsuccessful in finding a buyer. So rather than just serving as a redirect to the latter URL, I decided to install phpbb and relaunch the site as a bulletin board to discuss all things prog rock and generate some brand recognition.

I use Digital Ocean for virtual hosting because it’s cheap (starting at $5/mo) and easy. The process to create a new virtual host “droplet” is simple enough: pick your choice of options (size, memory), hosting location, operating system (you can even get it pre-loaded with LAMP) and then setup the dns records. Within minutes, it was up and running as progressiverock.com.

Immediately after an apt-get update/dist-upgrade, I added some basics to the core system, like openssh server, ufw, postfix/logwatch and apticron. Most were straight forward installs, but for postfix, be sure to setup your A, MX and TX records before you start, and check your logs/errors for what to tweak; I had to add postconf compatibility and manually create the virtual alias map to clear errors I found in mail.log. I also setup sender_canonical because I just have a “no-reply” email system (for now). Also, don’t forget to set your timezone.

After configuring mysql and apache2, I added my rss feed, which needed the php-xml module installed to work. Let’s Encrypt was next, because why not — everyone should be using SSL. I also added awstats, which needed user www-data added to the adm group to correct the errors I generated by cron. The bulletin board software phpbb was quite simple to install; fortunately I remembered some basic mySQL commands to get the database setup beforehand. I then added American English as a language, and found feedpostbot, an extension that uses rss feeds to create topics — perfect for the “Album of the Day.” Forum hierarchy took a little thought, and I’m sure I’ll change it again before it all goes live. My next task is to get a new style for the site, but that my require some outside help. More later.

None of this was complicated, and most steps took but a few minutes to do. My big take away here is that log files and error messages are your friend: listen to them as they tell you exactly what to correct with your installation.

And if you want the domain progressiverock.com, make me an offer that I can’t refuse!

On the web:
phpBB • Free and Open Source Forum Software

bios, baby

I know that everyone hates updates, especially that ultra-pesky 1709 Creators update for Windows 10. But you gotta do them, just like exercising, dieting, eating healthy, etc. Please remember when an update says “DO NOT POWER OFF YOUR COMPUTER” it really means it.

Currently most every “modern” computer needs to have its BIOS updated for those also-pesky chip Spectre/Meltdown vulnerabilities. Most computer manufacturers and motherboard companies have Windows software that helps you perform a BIOS update. Apple calls these firmware, and handles the updates for you via the App Store. Just remember, these updates should be done attended, so that’s more for the itjerk to do!

google home mini

I went to Microcenter with my family to pick up a couple flash cards (free with coupon) and as soon as we walked in, we were greeted by an end-cap of Google Home Minis. A well-positioned salesperson said “I think they are still on sale for $29.95.” One of my daughters, armed with Xmas money, immediately grabbed one and started pleading with me to allow her to purchase it (she’s only 10 years old).

With out much banter, I acquiesced to both the purchase and her intended location: her bedroom. Second, older daughter also ponied up. Mind you, I sold my Google Home over the holidays because a) I just never got used to the idea that she was always listening to ALL our first floor conversations, and b) I can perform the same commands on my phone – “Okay Google, play Syd Barrett” – and send them to Chromecast Audio.
Google-Home-Mini

Not much larger than a hamburger, the Google Home Mini is quite a bargain at $29.95. According to the web, that’s just about Google’s cost for the thing. Both daughters have Nexus phones (one part of the Fi plan, the younger wifi only), so once home, they quickly downloaded the Google Home app and we began setting them up. The Mini offers my daughters a couple of things that I like: all the music they’d ever want (with a linked Spotify account), an alarm clock, and interaction with voice technology. Let’s face it, in a decade or so, our houses will have voice-controlled access to computer technology in every room. It’s such and amazing and convenient interface: “what’s the weather” or “what’s 56 times 27?” It’s also a single solution for the clock radio and the bluetooth speaker (though I wish it had a time display).

I have to admit, I kinda wanted to buy one myself, but, alas, the sale ended, and so did my desire for it. For now…

google pixel 2

With $250 off — $150 trade-in on my “warranty repaired” Nexus 5X plus $100 discount for being a Google Fi subscriber — I couldn’t resist upgrading to the Pixel 2. It’s the same size as the 5X, and honestly, not much different other than the price tag. Excellent battery life and 64GB of storage popped out instantly, as did the “swipe up” home screen, but what I like the most about it is that it’s the purest Android experience yet. And it’s not repaired. 😉

no phone

I was at a Xmas party the other afternoon, and after taking my just-over-two-year-old phone out of my front breast pocket, noticed that it was not on. I tried to turn it on, but nothing. No battery? When I got home a few hours later, I plugged it into multiple chargers, went into recovery mode, cleared the cache, tried a factory reset, but same result: wouldn’t start. I chatted Google Fi (my carrier), was transferred twice, then eventually talked to LG, the manufacturer of the LGH790, aka Nexus 5X.

Long story short, it stopped working, stuck in some kind of infinite reboot. LG offered to repair the phone for free (cross-fingers). I then went to their specific website for repairs, filled out everything (including IMEI), went back to Google to get a proof-of-purchase, printed out that and the Fedex label, and have been slowly watching it traverse its way to Texas via ground service. Estimated 8-10 business days for the repair. Over the Xmas holiday, too.

No phone and no camera. Only a computer at home and a computer at work. How do I check my Fitbit? How do I get text messages? What about that ongoing thread about the next “sniding” (record listening event)? What about my Facebook friends? How do I show off my kids’ pix?

Oh first world problems. Sure, it’s liberating not getting work email 24/7 or habitually checking my phone for… well, because that’s what we now do.

I feel anxious, though, like something’s missing. How long can this go on? Evidently much longer…

UPDATE: I received the phone back on Friday 12/22 (using Fedex’s Ship Manager to have it delivered to a local Fedex/Kinko’s). No cost to me and a perfectly new-looking phone.

LG

dnscrypt

Domain Name Service (DNS) is the mechanism by where numeric IP addresses become readable domain names; it’s far easier for me to tell you to visit strawberrybricks.com than a bunch of numbers. When you browse the internet, then, the addresses you type or click on go through a DNS search. Typically, your ISP provides this service, or whomever you get your network connection from – however there is an implicit level of trust involved. Who’s to say that yahoo.com for example, is really yahoo.com? What is the DNS server spoofed the reply? Further, any DNS server can collect a wealth of information by recording your DNS requests. Finally, the speed of your browsing is dependent on how quickly these requests are filled.

Both Google (8.8.8.8) and OpenDNS (208.67.222.222) provide free DNS services that are fast and secure, and supposedly do not track your requests. A third service, Quad9 (9.9.9.9) was very recently launched. Your ISP has a lot of information about you. Switching your DNS to one of these providers is simple (just type them in your router, or network connection), and gives some degree of privacy. Every little bit helps?

DNSCrypt goes one further by encrypting all your DNS requests. It’s an easy enough program to install, available for PC, Mac and Linux, and for routers using DD-WRT. On my Ubuntu box, I needed to install libsodium-dev first, and then was most successful installing DNSCrypt-proxy from source by using the old “configure, make, make install” method with version 1.9.5. Then, you can run it with systemd automatically.

On the web:
DNSCrypt