gemini - kennedy.gemi.dev

💾 Archived View for gmi.noulin.net › glog.diff captured on 2023-04-19 at 22:22:57.
-=-=-=-=-=-=-
commit d8c9589c9895c4e5e0af606993c9308db6530b6a
Author: Remy Noulin <loader2x@gmail.com>
Date:   Thu Apr 6 13:46:00 2023 +0200

    Update

diff --git a/2021-10-02-newsgroups-on-usenet.gmi b/2021-10-02-newsgroups-on-usenet.gmi
index d5a8d56..b561fe9 100644
--- a/2021-10-02-newsgroups-on-usenet.gmi
+++ b/2021-10-02-newsgroups-on-usenet.gmi
@@ -42,6 +42,8 @@ These NSPs are free and text-only:
 => https://www.solani.org/ solani
 * 
 => https://dotsrc.org/usenet/ dotsrc
+* 
+=> https://usenet.blueworldhosting.com/ BlueWorld Usenet Farm
 
 # Newsreader software
 
diff --git a/2023-04-06-installing-freebsd.gmi b/2023-04-06-installing-freebsd.gmi
new file mode 100644
index 0000000..8ca210a
--- /dev/null
+++ b/2023-04-06-installing-freebsd.gmi
@@ -0,0 +1,45 @@
+# Installing FreeBSD
+
+=> feed.gmi Feed
+
+date: 2023-04-06 13:34:23
+
+categories: default
+
+firstPublishDate: 2023-04-06 13:34:23
+
+I recently installed FreeBSD on a Dell Latitude D610 laptop (2005) and it worked directly with the default configuration.
+
+How to install FreeBSD with a USB stick:
+
+```
+# copy the memstick image to the USB stick
+dd if=FreeBSD-13.2-RC3-i386-memstick.img of=/dev/sdb bs=1M conv=sync
+# boot on USB and setup partitions...
+# install GUI
+pkg install xorg
+pw groupmod video -m guestuser || pw groupmod wheel -m guestuser
+pkg install git
+# install and start xfce
+pkg install xfce
+echo "exec /usr/local/bin/startxfce4 --with-ck-launch" > ~/.xinitrc
+startx
+```
+
+After boot, the system takes 200MB and when XFCE is started, it take around 400MB.
+
+I changed the sshd configuration to allow root login with keys.
+
+```
+vi /etc/ssh/sshd_config
+PermitRootLogin prohibit-password
+
+service sshd restart
+```
+
+Libc in FreeBSD is a bit different compare to glibc:
+
+* glibc supports user define type specifiers for printf format strings
+* libgen.h has to be explicitly included for the basename function
+
+=> feed.gmi Feed

commit 3d49cb3c8abaebeadcfd3ece96bd3d6ef666b06f
Author: Remy Noulin <loader2x@gmail.com>
Date:   Tue Mar 21 15:34:54 2023 +0200

    Update

diff --git a/2023-03-21-how-to-create-a-partition-larger-than-2tb-with-fdisk.gmi b/2023-03-21-how-to-create-a-partition-larger-than-2tb-with-fdisk.gmi
new file mode 100644
index 0000000..70860f3
--- /dev/null
+++ b/2023-03-21-how-to-create-a-partition-larger-than-2tb-with-fdisk.gmi
@@ -0,0 +1,106 @@
+# how to create a partition larger than 2TB with fdisk
+
+=> feed.gmi Feed
+
+date: 2023-03-21 15:33:45
+
+categories: tools
+
+firstPublishDate: 2023-03-21 15:33:45
+
+On a new 4TB SSD, I ran these commands and the new partion was 2TB:
+
+```
+fdisk /dev/nvme0n1
+
+Welcome to fdisk (util-linux 2.38.1).
+Changes will remain in memory only, until you decide to write them.
+Be careful before using the write command.
+
+Device does not contain a recognized partition table.
+The size of this disk is 3.6 TiB (4000787030016 bytes). DOS partition table format cannot be used on drives for volumes larger than 2199023255040 bytes for 512-byte sectors. Use GUID partition table format (GPT).
+
+Created a new DOS (MBR) disklabel with disk identifier 0xefe222ab.
+
+Command (m for help): n
+Partition type
+   p   primary (0 primary, 0 extended, 4 free)
+   e   extended (container for logical partitions)
+Select (default p): p
+Partition number (1-4, default 1): 1
+First sector (2048-4294967295, default 2048):
+Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-4294967295, default 4294967295):
+
+Created a new partition 1 of type 'Linux' and of size 2 TiB
+```
+
+By default, fdisk creates a DOS partition table and as written in warning message above, the largest partition in a DOS partition table is 2TB.
+
+A GPT partition table needs to be created, in fdisk it is done with the 'g' command:
+
+```
+fdisk /dev/nvme0n1
+# or
+# fdisk -n /dev/nvme0n1
+# to not create a default partition table
+
+Welcome to fdisk (util-linux 2.38.1).
+Changes will remain in memory only, until you decide to write them.
+Be careful before using the write command.
+
+The size of this disk is 3.6 TiB (4000787030016 bytes). DOS partition table format cannot be used on drives for volumes larger than 2199023255040 bytes for 512-byte sectors. Use GUID partition table format (GPT).
+
+Command (m for help): g
+Created a new GPT disklabel (GUID: 65F870F4-96CD-294A-99D5-E009CB0122D4).
+The device contains 'dos' signature and it will be removed by a write command. See fdisk(8) man page and --wipe option for more details.
+
+Command (m for help): p
+
+Disk /dev/nvme0n1: 3.64 TiB, 4000787030016 bytes, 7814037168 sectors
+Disk model: Seagate FireCuda 530 ZP4000GM30013
+Units: sectors of 1 * 512 = 512 bytes
+Sector size (logical/physical): 512 bytes / 512 bytes
+I/O size (minimum/optimal): 512 bytes / 512 bytes
+Disklabel type: gpt
+Disk identifier: 65F870F4-96CD-294A-99D5-E009CB0122D4
+
+Command (m for help): n
+Partition number (1-128, default 1): 1
+First sector (2048-7814037134, default 2048):
+Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-7814037134, default 7814035455):
+
+Created a new partition 1 of type 'Linux filesystem' and of size 3.6 TiB.
+Partition #1 contains a ext4 signature.
+
+Do you want to remove the signature? [Y]es/[N]o: Y
+
+The signature will be removed by a write command.
+
+Command (m for help): w
+The partition table has been altered.
+Calling ioctl() to re-read partition table.
+Syncing disks.
+```
+
+Then I create an ext4 file system in the 4TB partition:
+
+```
+# mkfs -t ext4 /dev/nvme0n1p1
+mke2fs 1.46.6 (1-Feb-2023)
+Discarding device blocks: done
+Creating filesystem with 976754176 4k blocks and 244195328 inodes
+Filesystem UUID: acf7bbfa-4321-42b5-b785-a6993b742679
+Superblock backups stored on blocks:
+        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
+        4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
+        102400000, 214990848, 512000000, 550731776, 644972544
+
+Allocating group tables: done
+Writing inode tables: done
+Creating journal (262144 blocks): done
+Writing superblocks and filesystem accounting information: done
+
+# mount /dev/nvme0n1p1 /mnt
+```
+
+=> feed.gmi Feed

commit 4992e6427b1f9f5352a6fec649703d81d359ee30
Author: Remy Noulin <loader2x@gmail.com>
Date:   Mon Mar 13 10:17:39 2023 +0200

    Update

diff --git a/2021-06-27-zfs-commands.gmi b/2021-06-27-zfs-commands.gmi
index 2ffbc44..f2c3149 100644
--- a/2021-06-27-zfs-commands.gmi
+++ b/2021-06-27-zfs-commands.gmi
@@ -266,6 +266,7 @@ get state:
 ```
 zfs get snapdir poolName/datasetName
 zfs set snapdir=visible poolName/datasetName
+zfs set snapdir=hidden poolName/datasetName
 ```
 
 * clone snapshot to dataset

commit d44233ddc7c12fe2b3d11e3879617d97ac898795
Author: Remy Noulin <loader2x@gmail.com>
Date:   Tue Feb 28 09:39:52 2023 +0200

    Update

diff --git a/2023-02-28-ssh-configurations.gmi b/2023-02-28-ssh-configurations.gmi
new file mode 100644
index 0000000..7e9f140
--- /dev/null
+++ b/2023-02-28-ssh-configurations.gmi
@@ -0,0 +1,150 @@
+# SSH client configurations
+
+=> feed.gmi Feed
+
+date: 2023-02-28 09:39:25
+
+categories: linux
+
+firstPublishDate: 2023-02-28 09:39:25
+
+Here is a set of SSH client configurations I usually use and find useful.
+
+The SSH client configuration is stored in
+
+```
+~/.ssh/config
+```
+
+When a NAT router is involved between the client and server, it closes the TCP connections after a long time of inactivity (about 10 minutes for my router). To prevent the router from closing the connection, I keep connection alive with these options in the config file:
+
+```
+Host *
+    ServerAliveInterval 290
+    ServerAliveCountMax 2
+```
+
+I generate my Identity keys like this:
+
+```
+ssh-keygen -t rsa -b 4096
+# or
+ssh-keygen -t ed25519
+ssh-keygen -t ed25519 -f filename
+```
+
+A password can be set on the key to protect it. The key password is asked at each new connection unless the key is loaded in SSH-agent (more information about SSH-agent below). The public key has to be copied to `~/.ssh/authorized_keys` in the server and the client has to use the private key to connect with key instead of password:
+
+```
+ssh -i ~/.ssh/id_rsa myuser@example.com
+```
+
+It is possible to replace this command line with something shorter:
+
+```
+ssh server
+```
+
+In order to do that, add a configuration in `~/.ssh/config`:
+
+```
+host server
+        HostName example.com
+        IdentityFile ~/.ssh/id_rsa
+        Port 22
+        User myuser
+```
+
+With SSH, one can do server hop and connect to a machine not reachable from the public internet.
+
+```
+Client -> host1 Server on Internet -> host2 Server in LAN
+```
+
+Without configuration, it is done like this:
+
+```
+ssh -J myuser@server auser@host2
+```
+
+It is configured like this in `~/.ssh/config`:
+
+```
+host insideServer
+        Hostname host2
+        User auser
+        IdentityFile ~/.ssh/id_rsa_InsideServer
+        ProxyCommand ssh server -W %h:%p
+```
+
+Multiple jump host can be in a chain to a destination. All the identity files (the secret keys) have to be in the client machine.
+
+Sometimes I want to connect to a host not reachable from the public internet without a jump host, then I use reverse tunneling like this:
+
+```
+# I connect the server (not reachable from the internet) to the client (example.com)
+ssh -i ~/.ssh/id_rsa -R 19999:localhost:22 -C user@example.com
+# On the client, I connect to port 19999
+ssh userOnServer@localhost -p 19999
+```
+
+I use SSH agent to load the keys with password, the password is asked only when the key is loaded:
+
+```
+eval $(ssh-agent)
+# add keys
+ssh-add ~/.ssh/id_rsa
+```
+
+SHA-1 signature has been disable after version 8.8 (2021-09-26), so older ssh clients can't connect to newer ssh servers and newer clients can't connect to older servers. A solution is to upgrade the client to a newer version, another solution is to accept legacy hostkey using ssh-rsa algorithm for the machine with the old ssh server:
+
+Set the configuration for the old server in `~/.ssh/config` like this:
+
+```
+host oldserver
+        HostName example.com
+        IdentityFile ~/.ssh/id_rsa
+        Port 22
+        User myuser
+        PubkeyAcceptedAlgorithms +ssh-rsa
+        HostkeyAlgorithms +ssh-rsa
+```
+
+When I can't upgrade or change configuration, I setup an ftp server, see: 
+=> 2022-04-22-how-to-transfer-files-between-devices.gmi How to transfer files between devices
+
+or I use a third machine:
+
+* Machine A has an old SSH server
+* Machine B has Debian Bullseye which can connect to the old machine A and the new machine C with Debian Bookworm
+* Machine C has Debian Bookworm, machine C cannot connect to machine A. The error is: "Unable to negotiate with 192.168.1.2 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss"
+
+I copy the files from A to C through B with pipes and `tar` (or `cat` for single file):
+
+```
+# From C
+# Copy a file in A to C:
+ssh B 'ssh A "cat file"' > file
+# Copy multiple files in A to C, the data is compressed with bzip2 on the network:
+ssh B 'ssh A "/bin/tar cj file1 dir2 file3"' | tar xj
+```
+
+It is possible to store ssh keys in tpm 2.0, I haven't tried yet: => 
+=> https://jade.fyi/blog/tpm-ssh/
+=> 
+=> https://blog.ledger.com/ssh-with-tpm/
+
+Related articles: 
+=> 2020-06-20-how-to-tunnel-firefox-through-ssh.gmi How to tunnel firefox through ssh
+
+=> 2021-06-27-zfs-commands.gmi Zfs commands
+
+=> 2021-07-21-ssh-clients-in-ios.gmi SSH clients in ios
+
+=> 2022-04-22-how-to-transfer-files-between-devices.gmi How to transfer files between devices
+
+=> 2022-12-23-using-tor.gmi Using tor
+
+Tag: #ssh
+
+=> feed.gmi Feed

commit b0501d71995ce423d1c08fef7f7cd8a2b5a62f5f
Author: Remy Noulin <loader2x@gmail.com>
Date:   Mon Feb 27 15:35:24 2023 +0200

    Update

diff --git a/2021-07-30-installing-opensnitch.gmi b/2021-07-30-installing-opensnitch.gmi
index d6fc35c..db315e4 100644
--- a/2021-07-30-installing-opensnitch.gmi
+++ b/2021-07-30-installing-opensnitch.gmi
@@ -1,8 +1,8 @@
-# Installing opensnitch in Debian Buster
+# Installing opensnitch in Debian (Buster and newer)
 
 => feed.gmi Feed
 
-date: 2021-07-30 13:20:47
+date: 2023-02-27 10:58:36
 
 categories: privacy
 
@@ -20,6 +20,14 @@ I don't use chrome in general but according to this article
 => https://www.unixsheikh.com/articles/choose-your-browser-carefully.html Choose your browser carefully
 , it also makes unwanted connections.
 
+# The Opensnitch package available in Debian Bookworm
+
+Install it with apt:
+
+```
+apt-get install opensnitch python3-opensnitch-ui
+```
+
 # How to install opensnitch
 
 Download the prebuilt deb packages: daemon and GUI
diff --git a/2022-04-22-how-to-transfer-files-between-devices.gmi b/2022-04-22-how-to-transfer-files-between-devices.gmi
index 8d63a0c..cdcbf4a 100644
--- a/2022-04-22-how-to-transfer-files-between-devices.gmi
+++ b/2022-04-22-how-to-transfer-files-between-devices.gmi
@@ -2,13 +2,13 @@
 
 => feed.gmi Feed
 
-date: 2022-04-22 23:01:45
+date: 2023-02-26 16:21:23
 
 categories: default
 
 firstPublishDate: 2022-04-22 23:01:45
 
-I use multiple devices and I need to copy files between them. I mainly transfer the files with  ssh/scp/sftp, rsync, samba/cifs and web servers.
+I use multiple devices and I need to copy files between them. I mainly transfer the files with  ssh/scp/sftp, rsync, samba/cifs, web and ftp servers.
 
 ## SSH
 
@@ -62,6 +62,20 @@ mc
 # then F9 > Right > SFTP link > example.com
 ```
 
+With SSH, it is possible to use a middle machine to transfer files:
+
+* Machine A has the files
+* Machine B is in the middle
+* Machine C downloads from machine A
+
+For this, I use `tar`:
+
+```
+# From C
+# the data is compressed with bzip2 on the network:
+ssh B 'ssh A "/bin/tar cj file1 dir2 file3"' | tar xj
+```
+
 ## Sharing drives
 
 I share drives through the local network with samba/cifs. I have my media on a server and the server disk is shared with my other machines.
@@ -109,6 +123,32 @@ server.dir-listing = "enable"
 /etc/init.d/lighttpd restart
 ```
 
+## FTP
+
+I install pure-ftpd server, there is no configuration and it works directly after installation:
+
+```
+apt-get install pure-ftpd
+```
+
+The ftp clients I use are `ncftp` and `mc`:
+
+```
+apt-get install ncftp mc
+
+# ncftp usage
+# open connection
+open -u user serverAddress
+# copy directory from client machine to server
+put -R directory
+
+# mc usage
+# To open connection: Choose FTP link...
+ftp://user@serverAddress
+# on older mc, it is:
+user@serverAddress
+```
+
 ## Other alternatives
 
 * Syncthing is a background program that copies or deletes files in specified directories between computer.
@@ -122,4 +162,6 @@ I don't use these systems because they take resources while not using them and I
 
 * Sshfs allows sharing a drive on a remote machine through an ssh connection, it is similar to samba and it needs a mount point on the local machine.
 
+Tags: #ssh #rsync #samba #cifs #ftp
+
 => feed.gmi Feed

commit 8256794b1d60b37b6cc09c240a21e1dabe683e3c
Author: Remy Noulin <loader2x@gmail.com>
Date:   Thu Feb 23 18:12:34 2023 +0200

    Update

diff --git a/2021-07-21-ssh-clients-in-ios.gmi b/2021-07-21-ssh-clients-in-ios.gmi
index c8ec62e..37929e9 100644
--- a/2021-07-21-ssh-clients-in-ios.gmi
+++ b/2021-07-21-ssh-clients-in-ios.gmi
@@ -20,6 +20,8 @@ Blink Shell & Code Editor (free and open source)
 
 => https://blink.sh blink.sh
 
+Well, sometimes blink looks itself and I have to wait 1 minute.
+
 hashtags: #updates #ssh #iphone
 
 => feed.gmi Feed
diff --git a/2021-09-06-coding-in-assembly-in-linux.gmi b/2021-09-06-coding-in-assembly-in-linux.gmi
index 5937dd3..bb95a58 100644
--- a/2021-09-06-coding-in-assembly-in-linux.gmi
+++ b/2021-09-06-coding-in-assembly-in-linux.gmi
@@ -2,7 +2,7 @@
 
 => feed.gmi Feed
 
-date: 2021-09-06 19:38:28
+date: 2023-02-23 18:05:10
 
 categories: assembly
 
@@ -75,6 +75,11 @@ Also when a program crashes, the process stops and there is no need to reboot th
 
 I created a program that prints the number of arguments and the arguments themselves. It finishes by printing 'Hello world' in 3 ways (call, call with struc, macro).
 
+For a more advanced program, check out `spartasm` a spartan server. 
+=> gemini://gmi.noulin.net/gitRepositories/spartserv/files.gmi spartasm (gemini)
+
+=> https://noulin.net/spartserv/files.html spartasm (http)
+
 Here is a library I created to try the nasm features (file: `libInc.asm`):
 
 ```
diff --git a/2022-05-25-encoding-videos-in-av1-with-ffmpeg.gmi b/2022-05-25-encoding-videos-in-av1-with-ffmpeg.gmi
index 0165b1e..0b3be09 100644
--- a/2022-05-25-encoding-videos-in-av1-with-ffmpeg.gmi
+++ b/2022-05-25-encoding-videos-in-av1-with-ffmpeg.gmi
@@ -2,7 +2,7 @@
 
 => feed.gmi Feed
 
-date: 2023-02-08 21:12:36
+date: 2023-02-23 18:11:45
 
 categories: linux
 
@@ -24,6 +24,8 @@ I encode my videos with libaom to get smaller files for a given quality because
 
 I film with my iPhone in 4k 60 fps hevc and I don't have a computer that can play these videos so I also scale down the resolution.
 
+Encoding the iPhone videos in h264 (using the parameters below) make them 20 times smaller, I transfer back to the videos to iPhone to save space and avoid having to use iCloud.
+
 # Install
 
 I installed FFmpeg and libaom from apt but I don't recommend doing this because it is better to use the latest AV1 encoders.

commit d7eecf569f6686d953d3faea23e8bf79e3d6808b
Author: Remy Noulin <loader2x@gmail.com>
Date:   Thu Feb 23 16:47:15 2023 +0200

    Update

diff --git a/2020-08-23-devices.gmi b/2020-08-23-devices.gmi
index 0366ef0..287660b 100644
--- a/2020-08-23-devices.gmi
+++ b/2020-08-23-devices.gmi
@@ -2,7 +2,7 @@
 
 => feed.gmi Feed
 
-date: 2022-01-09 23:16:36
+date: 2023-02-23 16:33:18
 
 categories: hardware
 
@@ -12,7 +12,7 @@ In the 90s, I was keeping my computers for 2 years maximum, in the 2000s I was k
 
 I have a Compaq laptop from 2009 (32bit) that I don't use anymore because the network card fails when the computer is on for a few days. I keep it and plan to use it a temporary replacement machine.
 
-The power supply on my Intel Core I7 980 desktop computer (2010) died in 2021, I bought a new one and it works fine again.
+The power supply on my Intel Core I7 980 desktop computer (2010) died in 2021, I bought a new one. The power supply died again in 2023, I bought a new one and it works fine again.
 
 My backup server died in June 2021:
 
diff --git a/2021-04-10-blocking-ads-with-pihole.gmi b/2021-04-10-blocking-ads-with-pihole.gmi
index ebf3920..c873345 100644
--- a/2021-04-10-blocking-ads-with-pihole.gmi
+++ b/2021-04-10-blocking-ads-with-pihole.gmi
@@ -2,7 +2,7 @@
 
 => feed.gmi Feed
 
-date: 2021-04-10 14:49:31
+date: 2023-02-23 16:46:40
 
 categories: privacy
 
@@ -31,6 +31,11 @@ I watch the french news on
 => https://www.francetvinfo.fr/replay-jt/
 and recently the page changed and I was not able to watch the videos anymore. After debugging, I found that pi-hole blocked `sdk.privacy-center.org` and that this server is required to be able to watch the videos. So I added `sdk.privacy-center.org` to the whitelist in pi-hole using the web interface and now I can watch the french news again.
 
+I recently noticed that some legetimate sites are added to the block lists, causing issues on these sites. I also have wifi issues, my devices get disconnected. When a site doesn't work:
+
+* I check that my device is online and can access other sites
+* I check the logs in pihole, if I see something a domain related to the site I'm trying to access, I add it to the allow list.
+
 hashtags: #privacy
 
 => feed.gmi Feed