Saturday, August 26, 2017

A conservative general user is considering OpenBSD

Hello, I have tried different operating systems in the past ten years, Red Hat, CentOS, Ubuntu, Debian, Fedora, Apple Mac and Microsoft Windows. I would like to try something new. I would like to try OpenBSD.

What "try"? I try something to test if it suits my purpose, e.g. desktop usage including basic text editing in office software (OpenOffice / LibreOffice) as well as server usage including serving files and database connections.

I would say I am a general user because I have not participated in developing any of the operating systems. I developed some software on those operating systems in the sense of exercises or testing. Yeah, you can say that I am a conservative user. What does a conservative user do? He or she does testing most of the time before relying on some systems.

How does a conservative user test an operating system (OS)? He or she needs to know that the OS will boot correctly within a minute on a medium level personal computer, not necessarily using a very powerful central processing unit (CPU). Not everybody has a lot of money and will spend a lot of it on buying new computers and renewing computers every year, yes, I mean every year. Suppose you spent USD520 on buying a computer each year. You would have spent USD5200 on buying computers for ten years. Most computer users do not spend a lot of money all the time.

A conservative user needs to save some money for food, housing, clothes and transportation. The remaining amount could then be spent on computers. Microsoft Windows is expensive. It let me learn basic things out of the box.

Other OSes I mentioned are totally free of charge. I just needed more information or education to set up and they work very similarly. It was a workshop-like activity when I used Red Hat. The tutor gave me some practical set up advice from booting a CD to installing the OS. That means I could start installing an OS using a CD. A CD is an ancient tool where you can store some data. Some computers these days are not equipped with a CD ROM. They allow you to use USB devices to boot.

Apart from the economics a conservative user has to consider, he or she needs to think in the long run. After three years or four, will he or she be using the same computer and OS? He or she does not want to learn all over again. As technology evolves, human beings do not want to change the way they work with familiar things. People think of folders and files. They cannot think of other better ways of organizing the data. Artificial intelligence (AI) may help but not at this moment. AI needs to be trained to understand human beings.

Linux OSs _were_ quite good because they did not change very often, e.g. every 1.5 years. Now Linux OSes change every 1.5 years. The conservative user needs to test all over again to ensure that he or she can save files and can read files in addition to booting correctly. Since systemd was adopted on Linux OSes, e.g. Red Hat, CentOS, Fedora, Ubuntu and Debian, the OSes have become unreliable to the conservative user. The technical evidence includes being unable to boot and shutdown a computer correctly.

Thanks, Linux developers. I have learned to administer Linux servers and to user Linux on desktop computers.

Now technically OpenBSD does not change drastically to the point that a conservative user cannot boot a computer. Remember, "A job is running (seemingly forever)" systemd message.

The user needs to be sure that the system can boot correctly. He or she needs to consider OpenBSD. I have used OpenBSD for a few months and do not see any issues booting. I do not see any issues shutting down the machine either.

OpenBSD is the way to go. It has been a reliable system. I will continue to evaluate it because it has been reliable for a few months.

I know what I want. I want reliability. I do not want fancy features which do not work at all. Besides, OpenBSD is equipped with a better firewall than iptables on Linux OSes. The better one provides easier syntax and can reload firewall rules without halting current network connections. Everybody needs a firewall on the computer because the Internet has become a dangerous attack vector. Malicious software is so common, especially the one with a ransom note.

No one wants to be attacked. As the attack exists, the conservative user needs to do something to protect his or her data, e.g. photos taken many years ago. OpenBSD is a good choice. OpenBSD provides syspatch and pkg_add -Uu for updating software.

OpenBSD gives you good documentation. A conservative user needs to know where to look for help. Real help, I mean. Those commands not useful for fixing a problem are not real help. The documentation of OpenBSD really helped me from installing to using it as a basic computer.

A conservative user always focuses on doing basic things correctly. OpenBSD aims at correctness. I agree to the notion of correctness.


Saturday, August 19, 2017

Old admins think of systemd commands


My view echoes that of Carlos Fenollosa:

I had been riding the Linux wave for years, until I recently realized that my admin skills needed a total recycling. In a few years we've gone from /etc/init.d/sshd restart to service sshd restart to systemctl start sshd. That's a bit fast in my opinion, but I understand it's the price of progress, aimed to make computers boot faster and theoretically easier to administer for newcomers. Old admins, on the other hand, have a harder time adapting.

https://cfenollosa.com/blog/openbsd-from-a-veteran-linux-user-perspective.html


The writers of the systemctl commands and other systemd commands failed to consider the impact on old admins.



When you have hundreds of old scripts without systemctl commands, and you are forced to switch to systemd, what do you think?


Hello, command writers, please think of the impact on old admins before you write. If redirecting from service sshd restart to systemctl start sshd does the trick, please always keep this command redirection.


Sunday, August 6, 2017

Public key of Google Chrome changed leading to NO_PUBKEY error

My terminal output


... Fetched 12.4 kB in 5s (2,191 B/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://dl.google.com stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6494C6D6997C215E

W: Failed to fetch http://dl.google.com/linux/chrome/deb/dists/stable/Release 

W: Some index files failed to download. They have been ignored, or old ones used instead.





How to remove this warning

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -


Reference

Apt update error - “An error occurred during the signature verification” (Chrome) [duplicate]
https://askubuntu.com/questions/943146/apt-update-error-an-error-occurred-during-the-signature-verification-chrome

Wednesday, June 14, 2017

Firefox print freeze solved by iptables rules on Debian Linux

Firefox is a web browser you use to view web pages.

Try these if Firefox hangs when you press Ctrl + P to print:

# allow local connections to port 631

iptables -A INPUT -p tcp --sport 631 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 631 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 631 -j DROP
iptables -A INPUT -p tcp --sport 631 -j DROP
iptables -A INPUT -j DROP

ip6tables -A INPUT -p tcp --dport 631 -s ::1 -d ::1 -j ACCEPT
ip6tables -A INPUT -p tcp --sport 631 -s ::1 -d ::1 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 631 -j DROP
ip6tables -A INPUT -p tcp --sport 631 -j DROP
ip6tables -A INPUT -j DROP

# save across reboot
netfilter-persistent save

iptables -L -n
ip6tables -L -n

Tuesday, January 24, 2017

A start job is running for Raise network interfaces (long time / 5 minutes)

This is January 2017. "systemd" should not be used for critical missions.

When the network was down (without electricity), I noticed:

A start job is running for Raise network interfaces (long time / 5 minutes)

In /etc/systemd/system.conf,

#default
#DefaultTimeoutStartSec=90s

#changed
DefaultTimeoutStartSec=40s

#default
#DefaultTimeoutStopSec=90s

#changed
DefaultTimeoutStopSec=40s


These settings did not work as expected. It was a long waiting time.

Thursday, June 9, 2016

Workaround: A stop / start job is running

A stop / start job is running ...

For this error, I do:


echo '' >> /etc/systemd/system.conf
echo 'DefaultTimeoutStartSec=6s' >> /etc/systemd/system.conf
echo 'DefaultTimeoutStopSec=6s' >> /etc/systemd/system.conf



systemctl reboot



This works for me.

Saturday, June 4, 2016

Print a page as a PDF file on Debian Jessie

For those people wondering how to print a page in a web browser as a PDF file successfully on Debian Jessie:

The command

aptitude install cups-core-drivers 

The following NEW packages will be installed:
avahi-daemon{a} bc{a} bind9-host{a} cups-browsed{a} cups-core-drivers cups-daemon{a} cups-filters-core-drivers{a} geoip-database{a} libavahi-core7{a} libbind9-90{a} libcupsmime1{a} libdaemon0{a} libdns100{a} libgeoip1{a} libisc95{a} libisccc90{a} libisccfg90{a} liblwres90{a} libnss-mdns{a} libqpdf13{a} poppler-utils{a} qpdf{a} ssl-cert{a} 0 packages upgraded, 23 newly installed, 0 to remove and 0 not upgraded. Need to get 4,620 kB of archives. After unpacking 13.4 MB will be used. Do you want to continue? [Y/n/?] y

An example

In Google Chrome, please see the example screenshot below after pressing Ctrl+P:

I click Save. I save the PDF file nearly immediately when the file is not too large. This is a virtual printer. It just prints to a file.

I can do something similar in Firefox.

Avoid cups-pdf in this case

In my experience on Debian Jessie, I should not use cups-pdf together with the setup above. Installation issues occur.


Friday, June 3, 2016

Go back to sysvinit while keeping systemd

Latest workaround:

Another workaround.
If I want systemd, see the workaround above.

If I want to use sysvinit, continue...

---

This is June 2016. systemd is still not for me. My current workaround:

The command

aptitude install sysvinit-core init-select

Choose sysvinit.

What does the command do?

This helps me to use sysvinit instead. I could not boot or shut down properly with systemd. For shutting down and booting correctly, I use this workaround. I will try to test if the problem ceases to exist.

Time constraint

I don't have enough time to look for systemd issues and fixes. 

Not publicized
I don't know why this command above is not publicized here: (when a user wants to go back to sysvinit)

systemd - system and service manager
https://wiki.debian.org/systemd

No obvious choice when installing Debian

There is no option to choose between systemd and sysvinit when installing Debian Jessie.  (I don't know how to do this when installing.) I can hopefully switch after installing.

Remove systemd or not

This command below will cause packages that depend on systemd to stop working:

Some packages depend on systemd. (Sigh) I will not remove systemd by

apt-get remove --purge --auto-remove systemd

as seen here:

How to remove systemd from a Debian jessie/sid installation
http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

Now, I go back to sysvinit while keeping systemd. More testing continues.

Saturday, May 7, 2016

Workaround: A stop job is running for Avahi mDNS/DNS-SD stack

The error message appears when shutting down or rebooting the computer:
A stop job is running for Avahi mDNS/DNS-SD stack (seemingly forever/1 minute 55 seconds)

My temporary workaround:
systemctl stop avahi-daemon.service

# reboot
systemctl reboot


# shutdown
systemctl poweroff



Make this workaround above automatic:

Create a file:
nano /home/user_name/systemd_workaround.sh

The contents of the file:
#!/bin/bash
# systemd_workaround.sh


# explicitly stop this service:

/bin/systemctl --force stop avahi-daemon.service


Save:
Ctrl+x


Create another file:
nano  /lib/systemd/system/workaround.service



[Unit]
Description=cannot shut down or reboot properly
DefaultDependencies=no
Before=shutdown.target reboot.target halt.target kexec.target


[Service]
ExecStart=/home/user_name/systemd_workaround.sh
Type=oneshot


Save:
Ctrl+x


Run this command:

chmod 755 /home/user_name/systemd_workaround.sh

Then, run this command:
systemctl daemon-reload

Now, shut down or reboot.
Instead of shutdown -r now, I entered
/bin/systemctl reboot


Instead of shutdown -h now, I entered
/bin/systemctl poweroff

Wow! Shut down and reboot properly. (I will observe and see if this is the best workaround.)


Update:

Latest workaround:

Another workaround.


---
Previously, I did...

If it was unfortunate, I would go back to sysvinit.



 I used:
/bin/systemctl poweroff

/bin/systemctl reboot

to test if it works. This method appeared to work. More testing continues. "A stop job is running" problem still exists. It occurs once every two or few weeks (already less frequently).


I had used:
/bin/systemctl --force stop avahi-daemon.service
to test if it works. Sorry, this reduced the frequency of the problem. This is still not the best workaround.

/bin/systemctl stop avahi-daemon.service
does not work as I expected.

Monday, May 2, 2016