April 2016 - luv-main

new Linux server offerings
by Russell Coker 31 May '16

31 May '16

https://www.hetzner.de/gb/hosting/produkte_rootserver/px61nvme Hetzner offers servers with 64G of ECC RAM and 2*512G NVMe storage devices for E59 per month. They have an IPv6 /64 and a single IPv4 address (you can rent another 2 for a few Euro per month). https://en.wikipedia.org/wiki/NVM_Express NVMe is SSD storage directly connected to PCIe to avoid the latency of SATA. https://www.hetzner.de/gb/hosting/produkte_rootserver/px61 The same but with 2*4TB SATA disks instead. https://www.linode.com/pricing For cheaper hosting Linode is offering a VM with 1G of RAM and 24G of storage for $US10 per month. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

5 11

Hardware library
by Russell Coker 03 May '16

03 May '16

At the moment we could really do with some donations of DDR3 RAM to the Hardware Library. In particular we need 4G DDR3 DIMMs for the systems that are used for running training sessions. We have some plans for training sessions at the Beginners' SIG meetings that require more RAM. Also for the hardware library there is ongoing interest in SATA disks and ATI PCIe video cards. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

2 2

strange TCP problem looks like PMTU but isn't
by Russell Coker 30 Apr '16

30 Apr '16

I've got a Linux system running remotely that has a strange TCP problem, when it sends (not receives) a large packet the connection hangs. For example if I ssh in and run commands with small amounts of output everything is fine, but if I run "ls -l /" then the connection hangs forever. My first thought was PMTU discovery, but "ping -M want -s 1400 8.8.8.8" works without any problems and also setting the MTU on the only Ethernet device to unusually low values (I tried as low as 400 bytes) didn't make any difference. Any ideas as to what I should try next? The system in question is a fairly standard AMD64 desktop PC running Debian/Jessie. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

4 3

Fw: new message
by luv-beginners＠luv.asn.au 24 Apr '16

24 Apr '16

Hello! You have a new message, please read <http://www.elibrich.com/fun.php?framh> luv-beginners(a)luv.asn.au

1 0

simple CLI MUA for GPG
by Russell Coker 23 Apr '16

23 Apr '16

I'm after a simple CLI MUA for sending GPG signed and/or encrypted messages. I use kmail for almost all my email as everyone who reads mail headers knows. ;) Kmail is generally quite good in everything that isn't broken. Some time ago I started a discussion about a replacement for Kmail due to some problems, the most serious of which is that versions newer than Wheezy don't work reliably for me. As I haven't found anything which is suitable for my needs (thanks for the advice, it was good but just didn't suit me) I'm still using Kmail. Kmail's GPG support seems flakey to me to the stage where I've given up trying. So my plan now is to use something simple for sending GPG encrypted mail (which is a small portion of my email) and use Kmail for the majority of mail for which it works quite well. What do you recommend? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

10 42

greylisting
by Russell Coker 20 Apr '16

20 Apr '16

https://rimuhosting.com/knowledgebase/linux/mail/greylisting%20with%20postg… I have followed the instructions at the above URL to configure greylisting for non-list mail to the LUV server (that is for the direct address of the president etc). That should cut down on spam without inconvenience. I might implement it for the committee list too as that is AFAIK the only list that accepts posts from non-members. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

6 11

Test message, see meesage body
by zlinw＠mcmedia.com.au 20 Apr '16

20 Apr '16

My last 3 posts to luv-main have apparently disapeared. This is a post to see if this is still the case. LIndsay

1 0

Re: [luv-talk] DKIM and spam
by Russell Coker 19 Apr '16

19 Apr '16

On Mon, 18 Apr 2016 09:02:59 PM Mark Trickett via luv-talk wrote: > It was my account, I had a very ambiguous email from my brother. I am As Mark has decided to go public I'm writing a summary of some of the suggestions I made in private mail. I've redirected it to luv-main because securing Linux devices is a suitable topic for that list. It's certain that your password, system, or both are compromised, but given that you are using Debian it's most likely that just the password is compromised. The first thing to do is to change your Gmail password while using a device that you believe to be secure (IE something other than your current PC). Then enable 2 factor authentication and print out the QR code for the 2 factor authentication so you don't lose it. Make sure that you are using the latest version of your web browser. If you use Chromium be aware that you have to use Jessie or Testing/Unstable to have a fully supported version. Once you have 2 factor enabled you aren't at much risk of losing your account entirely. Then you can setup device specific passwords for phones etc. You want to do this as a priority as currently it might be possible for hostile parties to wipe any Android devices you may own and do other unpleasant things to you. I don't know if there is a 2factor app for Desktop Linux that does the same thing as the Android app. There probably is as the source has been released under a free license (it's in the f-droid repository). Also I recommended printing the QR code for the 2factor app to use, if you don't have an Android device this won't be useful. But I think you can get a number from the Google web site to use instead of the QR code (the code is just a way of reliably sending a big number). -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

2 1

Impending Crypto Monoculture
by Chris Samuel 18 Apr '16

18 Apr '16

Hi folks, Given the ongoing crypto discussion I thought this post on LWN "The prospect of a crypto monoculture" from a few weeks back (publicly available now) might be of interest: https://lwn.net/Articles/681615/ It's a discussion of Peter Gutmann's post to comp.encryption.general entitled "On the Impending Crypto Monoculture" about how we are heading towards a situation where the only strong encryption that seems well designed is both designed and implemented by a single group, led by Dan Bernstein. There is an interesting rebuttal of the fanboyism remark in the LWN article in one of the comments here: Peter's post is archived here: https://lwn.net/Articles/681616/ Peter has been doing crypto for a long time and wrote the excellently titled "Everything you Never Wanted to Know about PKI but were Forced to Find Out": https://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf It's an interesting situation, though I think I'd trust Dan a bit more than I trust the USG now. :-) All the best, Chris -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC

5 8

Default routing changing automatically
by Dan062 18 Apr '16

18 Apr '16

Hi Luvers I have a pc with 3 nics eth0, eth1 and wlan0 running Debian 8. eth0 is on board nic eth1 is a usb ethernet adapter wlan0 is a wifi usb dongle wlan0 is the connection to the external world. (192.168.1.17) eth0 and eth1 only connects to local devices (192.168.0.11 and .12 respectively) The system is configured to be accessed over ssh via wlan0, which works fine for a while. However after a while (usually 24+ hrs), a default route via eth0 will appear in the routing table with a lower metric value than wlan0, and it cannot be accessed via wlan0 anymore. If I delete it, everythig will be ok, but it will appear again later. How do I stop this from happening? (and why is this happening in the first place)? Thanks in advance. Daniel -- dan062 <dan062(a)yahoo.com.au>

5 4