Author: davidg

New Debian install; ssh and sudo changes

Similar to what I wrote in New OpenSuSE Tumbleweed cannot ssh in but this time with Debian. This has to be done from a physical console login on the machine (or if it was a VM, from the hosting company’s console login desktop service). I’m logged in as root.

apt-get install vim

Debian is pretty bare-metal, man. This is probably good from a security and stability point-of-view.

cd /etc/ssh/
cd /etc/ssh/

Find PermitRootLogin and uncomment it, and change it to yes

Find #PubkeyAuthentication yes and uncomment it.

Find #AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2 and uncomment it and remove the second file authorized_keys2

Find PasswordAuthentication no and uncomment it and change it to yesnote that this is temporary!

Save and exit the sshd_config file. I’m not sure which service(s) would need to be restarted here, so I issue the reboot now command and watch the machine reboot. Today’s hardware is amazingly fast, compared to what we lived with a decade ago.

Now, from my remote machine, I ssh in as root. I get asked about accepting the private key, and get prompted for the password. Once I get in, I know I’m good to proceed to the next step.

ssh-copy-id root@host.domain

I get asked to put in my password again, and now public key logins are enabled, instead of password-based logins.

I log in as root again, but this time without a password. At this point, I do some customizations per How to make Ubuntu have a nice bash shell like OpenSuSE (although this is Debian). One nice thing is that ~/.bashrc already had aliases ready for ll being an alias for ls -l

Something I don’t understand is why I cannot copy / paste from the Debian ssh session. My guess is that is has something to do with LS_OPTIONS in the bashrc file. Anyway….

I still needed to add alias ..='cd ..' though.

I log out.

I log in as a non-root user, with a password.

ssh-copy-id user@host.domain

I log in as the non-root user, without a password. Same thing: I add the customizations I like, where I can edit with vim, from doing a less on a file, the .. alias for changing directory up one, and using PageUp to search history. I log out.

I log in as root again. Now, I need to give my non-root user sudo rights.

adduser whatever-the-non-root-user-is sudo

Back to editing /etc/ssh/sshd_config

Find PermitRootLogin and uncomment it, and change it to no

Find PasswordAuthentication yes and uncomment it and change it to no

And then I save and exit the file and reboot the box.

Now I can ssh as the non-root user, and I cannot log in via ssh as root. Also, no-one can attempt to log in with just a password. This is good.

I read your email

… is a bumper sticker a friend of mine gave me about two decades ago. I never did put it on my car because it would (rightly) freak people out. I did hang it up in my cubicle because … if you work for my employer, I may indeed read your email. You see, I’m the e-discovery guy.

Now really, I’m not going to read your email unless there is some lawsuit or public records act request that indicates your email should be included in the discovery. Even then, I’m not going to read any more than I have to, to verify that the e-discovery query I’ve created is operating properly.

Actually reading your email is a paralegal’s job, after I hand over the evidence, er, everything that matches the search query. Whether it qualifies as evidence needs to be determined by someone with legal training: not me!

I should probably mention that this is within a large organization’s email system, and all employees get training during the on-boarding process that email in our system is the property of the organization: there is no right to privacy here. We are a public sector organization, so anyone can file a public records act request for anything in our email system. Don’t do personal stuff in the corporate email!

There are two of us on the email discovery team. Lately, we’ve been working on the email retention project. We’re going to purge email older than each department’s retention period. It is crucial that we don’t purge items that need to be kept. So these last few days, I’ve been calling up people’s old email, and checking that the addresses of senders and recipients match the labels on the email. There’s about five million email to check; we will not be able to check every one. We’re spot checking.

But, in spot-checking, I really am making the bumper sticker come true. It’s generally tedious, too. If there’s an email address I don’t recognize, there might be a clue in the email thread as to which departments this email is between. So I may have to actually read the email, instead of simply scanning the addresses and labels.

This was a long-winded way of saying that a co-worker of mine sent himself an email in 2008 with a link to a web page article. What the heck: I’ll click that link.

Kudos to you techtarget.com – your link still works, fifteen years later. Impressive.

Temporary fix for Nextcloud calendar broken sync

Nextcloud has a nice home page called the Dashboard, which has calendar items and to-do list on it. But ever since Calendar App version 4.5, it has been broken for items sourced outside of Nextcloud. In other words, if you create a calendar item on your smartphone and sync it in to Nextcloud, on the Calendar web page you can see the item, but on the Dashboard home page it will be missing. The solution is to downgrade the Calendar app to version 4.4.5

Steps to perform:

  1. In the Nextcloud admin interface, find the Calendar app and disable it
  2. ssh into your Nextcloud instance
  3. cd /var/www/html/nextcloud/apps/
  4. mv calendar calendar-old
  5. wget -q https://github.com/nextcloud-releases/calendar/releases/download/v4.4.5/calendar-v4.4.5.tar.gz
  6. tar xvf calendar-v4.4.5.tar.gz
  7. chown -R user:group calendar
  8. In the Nextcloud admin interface, select the Disabled apps section. Then Enable (but not update) the Calendar 4.4.5 app.

And now, when you go back to your Dashboard home page, your calendar will have all the items on it. πŸ™‚

You do get to apply this fix after every update. πŸ™

Technically, this post title is somewhat misleading: sync is not broken. What is broken is that items that sync in from CalDAV sources apparently have something that, when it is present, causes the Dashboard page to skip those calendar items. It just looks like sync is broken because you knew the items were on your calendar: but when you look at the Dashboard for today, they are missing. I suppose a better title would be Temporary fix for Nextcloud calendar (some) items missing from Dashboard

Papa Murphy’s website no longer works after Google block

I mentioned here how I added a filter to my browsing to block those annoying Google login pop-ups. I had successfully ordered take-and-bake pizza from Papa Murphy’s before implementing this filter. Today, I can no longer order pizza from them.

Even though I had previously placed an order, and can call up that order from my rewards profile, attempting to actually order anything takes me to a Google Maps page to identify where to pick up from. That page never finishes because of the new filter. Every attempt at adding something to my shopping cart fails because the operation cannot get past the check-in-with-google part.

Well, if I have to choose between keeping the filter in place versus ordering take-and-bake pizza, I’m keeping the filter in place. Which is a shame, because the previous pizza order turned out really well, and was reasonably priced.

Home alarm clock: no progress

Today was pretty depressing. I want my morning alarm clock to be some sort of automation that plays three MP3 files I own on the sound equipment in my bedroom. I spent a lot of time today and do not have a solution.

When I bought the soundbar from Costco, I didn’t know to shop for something Home Assistant compatible. Although, even if I did know that, I think I’d still be stuck because I would feel like an absolute fool to pay $1,000 for a Sonos Soundbar. Sonos is the only vendor of soundbars that plays really nice with Home Assistant.

Apparently, way back when, some LG Soundbars had Ethernet ports on them, and they played nice with Home Assistant. Those aren’t available anymore; with everything having switched over to Bluetooth.

My current solution is an iPad using Bluetooth to light up the soundbar I hooked up to my TV. It works, often. But it doesn’t work 100%, which is a problem for the functionality of an alarm clock.

Also, there is no volume control: whatever the TV left the volume at, the music will play at that volume the next morning. This is sometimes a problem if the movie the night before was really loud, and I needed to turn down the volume to not blast out the neighbors or the speakers. I want automation to make my life less manual control, instead of “Oh! I changed the volume on the TV! I need to reset to xx for tomorrow morning!” just before I fall asleep. That’s the opposite of starting a nice night’s sleep.

My brother gave me a Mini PC running Windows 11 for Christmas. I was hoping that today I could set it up to use the soundbar as a Bluetooth speaker. Well, yes, when connected to a monitor and keyboard and mouse, I did get an MP3 file to play via Bluetooth on the soundbar.

So close.

But what about when the Mini PC is running headless? Nope. Could not get that to work. It is Microsoft Windows, after all. I’ve been using Microsoft products for 30 years, and they just are not good at automating anything. I suspect they think that automation is a Bad Thing, and should only be wielded by wizards instead of mere mortals.

So here I am at the end of a wasted day, without a better solution for my home automation alarm clock that mostly works. It is depressing.

How to block those annoying Google pop-ups to log in to the site with a Google account

Writing this down here, because although I have synchronization turned on in Firefox, I have a couple of new machines, and the setting isn’t syncing over:

uBlock Origin > Dashboard (it is the gear wheels icons) > My Filters > add the following:

https://accounts.google.com/gsi/*

With this in the filters list, Firefox won’t pop up that annoying login box.

I don’t know whether this enhances privacy or not.

Without the filter, the website you are visiting has some content on it which tells your browser that the browser should rat you out to Google fetch this login form from Google.

You should feel uncomfortable when that login prompt box shows up on the porn site you are visiting, by the way. Also if you are a Tea Party member or a Black Lives Matter member.

So, without the filter, your browser is definitely reaching out to a Google server and interacting with it, supplying IP address and whatever else Google asks for. Google is also then supplying this login prompt code to run in your browser.

With the filter, I don’t know.

The website page has code (which will be shipped to your browser) that your browser should request from Google this login form.

I don’t know if the filter strips out the request for the login form, or brings down the login form and immediately returns “no information for accounts.google.com is available”.

If the former, it might protect some privacy. I don’t know if uBlock Origin stops the login form from being loaded from Google. If so, probably Google didn’t get notified that you visited that website.

If the latter, then Google shipped the code to your browser. But before it could ship that code to your browser, your browser had to hand over your IP address as the destination to ship to. And as long as they are preparing the login script code to ship to you, then need a little more information…. (user agent, screen size, is JavaScript enabled, whose’s your daddy, and any other fingerprinting data they can get).

If I were DHS (who is paying Google with your tax dollars to rat you out to DHS), I’d have Google supply the login form code from a different host and domain than accounts.google.com. This filter could still remove all code that points the browser to accounts.google.com, but it is the initial download of the login page pop-up form that lets Google record that you visited website foo at a particular date and time and from where.

Make Time For What You Love

I was in a meeting Monday night, and one of the gentlemen mentioned that in his morning routine, he no longer reads a bunch of page-a-day books; he reads just one. He and a friend had been talking about daily routines, and his friend asked him: “So, you read so many; do you remember any of them?” This was a valid check, and no, not really. So he changed his routine to just read the one, but to remember it and reflect on it during the day.

I heard this and thought it was an excellent point. I read five page-a-day books (and two bookmarks with a full paragraph each) every morning. Did I remember Monday’s readings? No, I couldn’t say that I had. Perhaps I should change things up a bit.

After the meeting, I went to get dinner: yes, Panda Express. After eating dinner, I read my fortune cookie: Make Time For What You Love

Well, that’s a heck of an admonition. I don’t even know what I love! How am I supposed to make time for itβ€½

I mean, I know that I’ve been grandiose and too selfish and self-centered. One could argue that this an expression of self-worth, but ultimately, it’s all childish.

Make Time For What You Love – I should figure out what I love.

I love my son. He’s out of the house and becoming his own man – I love him, but I don’t have a ton of interaction with him. I love my mom – but she has her own life, too. I love being helpful to people who struggle with technology I understand, because I’d made it my career and life’s work. But that love of life has mostly faded away since my employer chose to implement newer, crappier technology. I have zero interest in helping make a bad decision less painful.

I love figuring out puzzles / video games / programming: back to that grandiosity, I love the self-congratulatory accomplishment of using my brain well. I’ve always loved learning, and this is an extension of that.

What do I love, that I should make time for?

Tuesday morning, the first (and main) page-a-day book I read had as its topic: Are We Having Fun Yet?

That put a massive grin on my face. I practice gratitude, every morning. Indeed, yes: I am having fun with my life in volunteer service.

Nicely enough, three of the other four page-a-day books I read Tuesday had a similar theme: Are We Having Fun Yet?

Thank you, Lord. Yes, I am having fun with being helpful in volunteer service.

Today’s main page-a-day book had the theme: do things in volunteer service. I’ve been doing that for seven years now, and it’s been good for me.

But back to that important question: what do I love, that I should make time for?

I know that I ought to take better care of my physical body. I should decide that one day a week will be go-to-the-gym day. Okay, that’s a fine goal. Can’t say it thrills me, though. It seems more of an obligation to myself than a desired act with its own gumption because I find it fun.

What I really want to work on is building an interactive programming environment that I had an idea about some forty years ago. The technology for it is almost here. It probably already is, but is still in low resolution with a limited viewport. And really, I aim to flesh this interactive programming environment out in the development of a video game. The video game will have elements from three of my favorite games, and can have the back-story from a particular science fiction book I read some forty years ago.

My plans are to retire from my job, first. At the end of a day at work, I’ve burned a lot of brain sugar. I’m tired, and the last thing I want is to push my brain even harder, when I’m likely to make stupid mistakes because of having exhausted by brain sugar reserves. Once I retire, I want to get into the routine of going to the gym, getting some cardiovascular energy going, and then coming home to work / play on my programming project.

That will be my ideal Make Time For What You Love because yes, I’ll be having fun, finally.

Today, I think I’ll see if I can’t programmatically create a WordPress post from a script. I did take the day off from work today, simply because I wanted to. Are We Having Fun Yet? I hope to, today.

Quarterly Inventory – 2023 Q4

Dear FutureMe,

Today would be a good day to do a quarterly inventory.

How is your personal life going?

How is your work life going?

How is your Volunteer Service life going?

Personal Life

There hasn’t really been much change this quarter in my personal life. For Christmas, my mom and I drove to Oregon where my two brothers live. It was nice being able to spend some time with her. She told me stories of her and dad living in Sacramento before I was born.

My mom had a soft tissue sarcoma surgically removed a month ago. Although nothing about getting a cancer is good, at least soft tissue sarcoma has a five-year survivability rate of better than 80%.

I did give four of the Tilt Five augmented reality kits to my family for Christmas. I am a little sad that we didn’t get to play Settlers Of Catan, though. It didn’t ship yet, although the plans were for Q4 2023.

2024 New Year’s Resolution: go to the gym more often. This should be easy to do: in 2023, I went twice. Here in the first week of January 2024, I’ve already gone once.

Work Life

If $55,000 dropped into my lap today, I would retire tomorrow. I recognize that I’m feeling a little sorry for myself: last year, the bulk of my life’s work was deleted because we moved to Microsoft. This quarter, the last bit – an email archive server – was deleted. So it is nice that we freed up 15 TB of storage. But now I have nothing to do except e-discovery and email retention policy work.

I’m going to take on printers and the print server. No-one else wants it. I can be of service by picking up the work that no-one else wants to do. I did build the replacement server from a template, so that is started.

Volunteer Service Life

I’m now president of the board of the little 501(c)(3) we have. I’m no longer treasurer for my Tuesday night group, nor am I a General Service rep for my Friday night group. Instead, I am now secretary of the Tuesday night group, and Literature person for my Friday night group.

I have a ton of obligations to fulfill regarding two websites I help with. I’m a little resistant because the workload is so large.

Man, openSUSE updates kick my ass

My work machine was on openSUSE Leap 15.4, and I saw (I think it was in Reddit) that they were going to delete the 15.3 sources because they are already working on 15.6 and people should have moved to 15.5. I hadn’t moved to 15.5 yet, but I thought I ought to.

I downloaded the ISO and used SUSE Image Writer to put it on a USB stick. From it, I booted and chose “upgrade”. It turns out that I had two Leap installations on my hard drive: 15.3 on /dev/sda2 and 15.4 on /dev/sda4

Also, the upgrade wizard complained that the USB booted to UEFI, but the boot config on the hard drive is Legacy BIOS.

I found an article that said I could tell the installer to configure the machine to use grub for booting instead of grub-efi, so I selected that.

Yes, of course, on boot I got a single blinking cursor in the upper corner of the first monitor. This happens far too many times when I upgrade openSUSE.

So now, I’m in the middle of my second attempt at upgrading, but this time choosing install instead of upgrade. I did choose to delete every Linux partition on /dev/sda, so at least I won’t have two versions of it sitting on the hard disk.

I’m going to have to go back and fix /home – I learned a long time ago to put my home directory on a second hard drive. This lets me move to a whole PC if I need to. But it also protects my home directory from getting messed with during an upgrade. The upgrade wizard, intentionally, keeps its work to just the one disk with the operating system on it.

I’ll also have to go back and add those pieces I used to have: KVM and Perl.

This is such a pain in the ass.

Upgraded from Safari to Orion and couldn’t be happier

Web browsing on my Apple devices has been awful, although pretty much everything else has been excellent. Now that I’ve replaced Safari with the Orion browser by Kagi, I have an excellent web browsing experience.

Why does Safari suck? Advertising.

Internet content paid for by advertising is a terrible business model.

For my home automation experiments, I bought a refurbished iPad. They are quite inexpensive as schools age out the older ones and replace them with new iPads. But a 2018 iPad is still a fine device in 2023, and I wanted something to work with HomeKit. The problem was, I’ve got this iPad just sitting there on my nightstand, and there would be times when I wanted to look something up on the Internet. I would give in to temptation, which was universally a mistake. Every time I used Safari to search the Internet it was a completely awful experience because Safari does not support uBlock Origin by Raymond Hill.

Over time, I developed an aversion to browsing the web on any Apple device. It was always bad.

A week ago, I learned about a web browser for Apple devices that can invoke Firefox extensions: Orion browser by Kagi.

Of course, the first thing I added to it was uBlock Origin.

And now I find that browsing the web on iPhone or iPad is pretty nice.

THANK YOU Kagi!

They also have a version for Mac OS, if that’s your thing. πŸ™‚