Chattanooga
Unix
Gnu
Android
Linux
Users
Group

 

Hot Topics:

Sponsoring:

OT - Geeky coworking space

From: David White 
------------------------------------------------------
Mike and I have corresponded a little bit over the past day, and we
actually randomly ran into each other this evening at a networking event
(not literally). He knows what I'm about to say.

I'm (possibly) looking for 2 desks. Not a private office, that's too
expensive right now. A coworking space, where I would have my own desks - 1
for me, 1 for an employee - would be just the ticket.

Downtown isn't really a good option for me, due to the nature of my
business (going in and out a lot, travelling to client offices, carrying
computers / networking / server equipment in and out all the time, etc...).
Also, Society of Work seems expensive. So that's not one I'm willing to
consider.

I've posted a part-time (to turn into a full time) job position at
https://developcents.com/jobs/, which will give you an idea of what the 2nd
person would be doing.

Besides Mike's place near Signal Mountain, anyone have an office space, or
know of someone who does, that would be an idea fit for what I'm looking
for?

Must haves are phone, internet, and desk.

Access to a private meeting room is a bonus!
-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

If you use Symantec, update it now.

From: David White 
------------------------------------------------------
PSA.

This was just made public less than an hour ago. I read through the notes.

This is very bad:
https://bugs.chromium.org/p/project-zero/issues/detail?id=820

If you run Symantec antivirus scanners on any servers (Linux or Windows -
both are affected), this is especially important, but end-user workstations
are also affected.

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

WD's Pi Drive

From: David White 
------------------------------------------------------
This is kind of clever: WD has a special promo going on right now for a
314GB drive that is specifically designed to be more efficient with
raspberry pi's for $31.42.

http://wdlabs.wd.com/products/wd-pidrive-314gb/

Kind of makes me want to get a raspberry pi, since I've never actually
played with one before...

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Ubuntu Xenial

From: David White 
------------------------------------------------------
Have any of you guys played with the Betas or RCs for Xenial? Looking at
https://wiki.ubuntu.com/XenialXerus and
https://wiki.ubuntu.com/XenialXerus/ReleaseSchedule, it looks like the
final release is coming out tomorrow.

I've been recently thinking that it would be a good idea to do a backup of
all my data and go through a clean install of Ubuntu just to get things
fresh again.

Tomorrow might be the day to do it! :)

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Way off topic: Places to Fish

From: David White 
------------------------------------------------------
Sorry for the noise, but I'm guessing a good number of you folks like to
fish and get outdoors.

I used to be a extremely avid fisherman growing up, but haven't been in
several years.

My wife and I are making some dietary changes for her health, and she will
be following a very strict nutritional plan for the next 3+ years (I don't
like the word "diet" especially since the goal isn't to lose weight).

I think I can save money if I fish...

What are some good places to go fishing near Chattanooga that is also a
non-polluted source (where I can eat the fish)?

If any of you guys want to make a day or weekend of it sometime, hit me up.
My dad has quite a bit of fishing gear, and is no longer able to fish due
to his own medical issues, so I'm going to be getting that from him in the
next few weeks...

We can talk Linux to keep it on topic.

- David

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Justin Trudeau explains quantum computing

From: David White 
------------------------------------------------------
This is a great story...
http://www.dailymail.co.uk/news/article-3543380/Not-just-pretty-face-Justin-Trudeau-stuns-room-reporters-scientists-perfect-answer-quantum-computing-question.html

Full video:
https://www.youtube.com/watch?v=Eak

Dual Wan (Failover) on Ubiquiti USG-Pro

From: David White 
------------------------------------------------------
Does the USG-Pro support automatic failover (and recovery)?

Better yet, does anyone know if the USG-Pro can support a true HA
environment where I have not 1 but 2 USG-Pros as gateways?

WAN1 -> USG-Pro1 -> Managed Switch1
WAN2 -> USG-Pro2 -> Managed Switch2

(And, of course, switch 1 & 2 are connected to each other)

... Or would I need to go with pfSense (or Cisco, Juniper, etc...)?

I'm reading conflicting reports online on whether Ubiquiti devices can
handle this type of setup...

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Part time Linux Opportunity

From: David White 
------------------------------------------------------
I was recently contacted by a local guy who isn't on Chugalug who needs
someone on a part-time basis (maybe around 15-20 hours/week) to unmount NFS
shares on several Linux boxes and then mount new NFS shares in the old
shares' place.

There's a huge retailer that is apparently migrating old NAS devices to new
NAS devices.

They have 900 hours budgeted for this, and the plan is to work 3-4
days/week with the goal of being done by September 1.

Why they're only outsourcing the NFS umount / mount task is beyond me
(maybe there's a bit more complexity to the project then I'm aware of), but
it sounds like a really simple, straight forward task.

I was *really *tempted to take it, but I can't commit that much time, as it
would prevent me from being able to schedule work with my existing clients,
and the schedule would change on a week-by-week basis. My own schedule
changes pretty constantly, and I need more than a week's notice sometimes
for my own clients....

Work is to be done during business hours, and it sounds like the process
would be to unmount the share, wait around while the NAS administrators
move the data, and then do the mount.

Contact me off list if you want an introduction. Pay isn't great - they
said they can do around $45/hour.

- David

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Critical Samba patch coming April 12

From: David White 
------------------------------------------------------
This looks ominous. FYI.

http://badlock.org/

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Public IP Address Weirdness (I'm on EPB)

From: David White 
------------------------------------------------------
I'm troubleshooting why I can't seem to connect to my OpenVPN server (on
pfSense) here in my home office, and have stumbled upon something really
weird.

Numerous websites including http://mxtoolbox.com/WhatIsMyIP/, Google (when
I search for what is my IP), etc... indicate that I have 1 IP address.

The WAN interface on my pfSense Dashboard indicates a different IP address.

When I look at the pfSense console, I have a /20 DHCP address, and the IP
address reported by Google, What Is My IP, etc... isn't an IP that falls
into that /20.

Is this some sort of EPB misconfiguration or weirdness going on?

I'm starting to think that my OpenVPN server is *not* the reason I'm unable
to actually connect to it... Because I moved a few weeks ago, and it was
working fine before I moved!

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Apple no longer immune to ransomware

From: David White 
------------------------------------------------------
It was only a matter of time....

http://www.reuters.com/article/us-apple-ransomware-idUSKCN0W80VX

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Linode Deploys Servers with the Same SSH Key

From: David White 
------------------------------------------------------
I know some of you guys use Linode (including me - for some of my stuff).
Fortunately, I don't use Ubuntu.

But this is serious stuff:
http://news.softpedia.com/news/linode-vps-host-accidentally-deploys-servers-with-the-same-ssh-key-500192.shtml

I'm quickly losing faith with these guys and may decide to migrate more of
my stuff off of them in the future...

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Possible to use switch behind EPB hand-off?

From: David White 
------------------------------------------------------
I have a client who has 2 static IP addresses that are assigned to 2
separate firewalls.

The client has 2 retail stores right next to each other. Same parent
company owns the retail stores, but different IP address for each store,
and the powers that be for each retail store requires separate hardware,
and doesn't want their own firewall touching the other retail store's
firewall.

They even have refused to configure one of the firewalls to act as a
passthrough to the 2nd firewall.

I talked to someone from EPB earlier today, as I wanted to get a 2nd
hand-off from the white Alcatel-Lucent Fiber-to-Copper boxes that EPB has
on-site. That box has 4 LAN ports, but only 2 are in use (1 is for phones).

I was told that to get a 3rd port activated for the 2nd IP address, that we
would have to pay for a completely separate EPB connection.

So the guy I talked to suggested getting a router instead. But each of the
corporate firewalls are configured on the public IP addresses. So if I put
in a router, I would need to get a 3rd IP address, and then have the
firewalls reconfigured to use the router's public IP address as the
gateway, right?

I asked about putting in a switch in instead, and the guy said that
wouldn't work.

But I don't see why it wouldn't work, since the firewalls are already
configured on the public IP address.

Am I missing something?

-- 
David White
Founder & CEO

423-693-4234
@developCENTS 
https://developcents.com

*Develop CENTS*
Computing, Equipping, Networking, Training & Supporting for small
businesses and nonprofits
Providing: Web Hosting, Technical Support & IT Consulting

*Signup to our Newsletter at
https://developcents.com/contact/
*

Chatt State Matrix Longest Running Torrent

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.techworm.net/2016/01/even-after-4419-days-the-worlds-oldest-t
orrent-is-still-going-strong.html

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWppm1AAoJEMP+wtEOVbcdWKoIAKwV9vtb303Koh5m4RTCk46f
89RvzmANVw2W+EMTG4n6Dx8CyKTyLLpz3fEsAIssTdKvPd3vO+/nZrKvtWDEETzW
PhbtZECe8NRafgCNjWlDBAVgvVMN/YTpOc6nvbO+f1tNEOeRTE096Z08XhfJwhgK
0FFBMh+hQMUvPYQtUl2aVHnAd3vfgoDKEjqRr2yx8aAZQiPopvTrAetD7cvJ3syY
kDYGVR85o3KcGBDdwJJmudotARUFokicvKbZL8huDwroj2tWsyqiqxej6dr4lCpp
jdUlqjVHW3D7Xtzah0c5qjgLnY2r2hc28ECbwF61FcPQ+xe/+2T8GbE2lZIywiI=
=DZ89
-----END PGP SIGNATURE-----

Linode Password Reset

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://blog.linode.com/2016/01/05/security-notification-and-linode-mana
ger-password-reset/

I know a couple of you on list have Linodes, I haven't received my email
notification as of yet, but this came across my screen...

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWjBQQAAoJEMP+wtEOVbcd9M0IAK43kUzqOvt7fzio5d+lggo2
us1MjazY8xvEEs3O4l8Xf0YE8bbgnJzhkwavyyNkD84oboNflJPTYIe2ktTIhCaK
ud5cmrYZnRS8xKxPpxmcoULNuvBms9rYyVu9WwLKw0ykdv+xDCpJ6hZKfgJtVbGY
3YlOvPzJ5QVmELPa/DgXpRsCE8Z5YuqAyUxPxW1GiV3YytyM0oCe2nfXzmq0skcR
L2PL5ZhDOBI1w5Y2TRjAQpyUGTcxBm3spBS8ZqnvbjPWcI/JpKrSSt+nAKAq1siv
ZI8ErydOvIMPQ7GEiU/IoO55+eXjT4jSRlA+kpC/n6oHk2ET7JswoEZ2lPMsBrc=
=1rAr
-----END PGP SIGNATURE-----

2.4 Kernel + Network Bridging

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does anyone have a concise reference as to what network bridging is
supposed to look like under 4.2 kernels?  I want a VLAN Trunk interface
incoming to my eth0.  I am OK with a separate bridge per VLAN, although
the single vlan-aware bridge seems like the real choice.  I want the
native (untagged) and tagged VLANs to participate and pass traffic.

This works:

iface eth0 inet manual
auto vmbr0
iface vmbr0 inet static
	address x.x.x.x
	netmask y.y.y.0
	gateway x.x.x.1
	bridge

Public Key Server

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is anyone on list running a public keyserver?  Even if it's a private
keyserver, you probably have knowledge I seek... anyone?

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWIFWhAAoJEMP+wtEOVbcdR8QH/2FG2STJFH+EVoICNIVXpnc/
RDh8irnxSvAWko4OL8f89b2a4ezfjJSHRgVn9yAcfHGuf1MecKNub5wjdVVVfzaz
V/ssUY2OLFJeWo8Fz1DmDqvr6CtOtCOUdw/T/U4JEaH2tErcCIBUTcqFBfya5c5y
Lfcar43xB2nS+ZETxQaY4NXLL6ao/eNN4+36Fjg4WM4cYZBUvvQwv9t2wUZV7VDC
IFpJVltBPlOVguLN/Wt8G1D5simqN2/7/g+gzcvCZK0UxqJnnU9ww9tp9kZK0lD8
3yissqpZLojrhZMqqZS7N7WQB8HyqEx6vDuEvTwJD8vcIt8+kyD9IIy5wRXpFwM=
=RjCo
-----END PGP SIGNATURE-----

EPB introduces CGNAT on Residential Circuits

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just curious if anyone else received the CGNAT upgrade from EPB last
night?  If your "WAN" IP is between 100.64.0.0 - 100.127.255.255, you
are now behind CGNAT.  Checking your outside IP from ipchicken.com or
similar should give you a different IP address, the range mentioned
above is not globally routed (think RFC1918, like 192.168.X.X).
  I suspect the NAT portion wasn't working correctly first thing this
morning, but even after they restored "Internet" connectivity to my
circuit, I could not complete IPSEC tunnels across the CGNAT.  Debug
logs show the initial ISAKMP packets are correct (the Tunnel-Group Name
and Secret are successfully exchanged), but subsequent ISAKMP packets
appeared to be manged by the state/NAT machine (ISAKMP proposals were
stripped from ISAKMP packets beyond the initial exchange, although the
modified packets did reach both ends).  Very strange behavior indeed.
  To be fair, EPB did put me back on a real IP address upon request.
But I really wish they had applied the effort and expense spent upon
CGNAT deployment on IPv6 deployment.  I hope this current round of
short-sightedness from whoever dictates what they will sell to whom for
how many donuts has not spread to the people who design the network and
plan its future expansion.  100Mb/s or 1000Mb/s just makes CGNAT suck
harder and faster, not any less.

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWHur1AAoJEMP+wtEOVbcdiC4IAKsrvVg+0TmRzUMZPOMzZp3j
3LJvZx0R0i3gw2xt33aLlDkjL6pJP4roabHBaZfCvqP7wRWBq4+Vvg/wL99a78P4
Q/mZU+A0t7rEsQWd7ssQ0VArJ5oUVyf5LAAcEMyaAlkFBVElCj+JT7/DAHuZygbN
ft6hcIM7XWiNZhxSbGXi/S1MQZRS+RZ6RxNTZjq6OauCZCReiq/3/WAHYidTejKa
Xo8Hulzem0JLH+twCfGwtZxviGLlQqrTiFKsV40qJPvrRpm4zLLTy/nl+t92hHLq
0kDhComwnBXYeWFkCbepdq3o4yXeZMHerAnVt6yFCIjCRzJP3KYZxp5vU85vIoM=
=xMZ1
-----END PGP SIGNATURE-----

IPv6 EPB from EPB

From: Mike Harrison 
------------------------------------------------------
=46rom a good technical source inside EPB when asked about IPv6:

"Yes but it's on specific nodes. We are still installing equipment in =
the network. Users have to request a conversion as well.=E2=80=9D

So in some places, it=E2=80=99s possible, it will be probably eventually =
be everywhere.

=E2=80=94Mike--




> On Sep 11, 2015, at 10:12 AM, David White  =
wrote:
>=20
> I just spoke with someone at EPB Support (who happens to be someone =
I've
> worked with in person in the past and I can confirm he knows his stuff
> fairly well), and he told me that this is still just a rumor. They =
haven't
> been told anything yet, and he said they must still be working on
> deployment.
>=20
> As for the tunnel, yes, I'm aware of that. But per Ben's comment, it =
would
> be really nice to have something natively.
>=20
> On Fri, Sep 11, 2015 at 9:33 AM, Benjamin Stewart =
> wrote:
>=20
>> As I recall, the fun thing about tunnels was that, by design, =
everything
>> prefers IPv6 over IPv4, if both are available. My tunnel provider did =
not
>> provide a tunnel that was anywhere close to as fast as EPB, meaning =
it was
>> good for testing, and then I turned it off.
>>=20
>> On Thu, Sep 10, 2015 at 10:10 PM, Dave Brockman 
>> wrote:
>>=20
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>=20
>>> On 9/10/2015 9:13 PM, David White wrote:
>>>> Would it work if I only have a dynamic connection? I don't have a =
stat
>>> ic
>>>> but would love to have IPv6 for testing purposes...
>>>=20
>>> You can turn up a tunnel and test several years ago (free).  Pretty =
sure
>>> you can configure it with a dynamic connection, just you'll =
obviously
>>> have to edit things on the far end when your IP changes.
>>>=20
>>> Regards,
>>>=20
>>> dtb
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2
>>>=20
>>> iQEcBAEBAgAGBQJV8jgfAAoJEMP+wtEOVbcd/zMH/1fvbWKc3i7GMJzs6ToiAy2s
>>> liM2g9PHxji+IDE6XWnCY+6WM4X3sx40nYXYwLSyjzmoD/SZbMH0XgHfxnzh5nmW
>>> hrcyQcTeOxrhju9+jQ0BKDzNXeYgZThdjtDp4b63IErV5e9sZnalCoL3wZhiNJqv
>>> gF9tpLeHV+9OeF4VDF95v/fUcXGdxqhnGjCvKpmczo79aK2FAnTNak9ISa9xb+sd
>>> uvLfoY91CDHUImiu5xKfoVZBYevpGjnj3ZZ8JC61Lw0f/tGJr/Jd6rLXFwXIQcEn
>>> XSjKxI7hHPMdpooZqwaMQ/p1HHm2EJtndGMj/pH4AcKk4TyFXVgGOnUwvjpcbvA=3D
>>> =3DsnYA
>>> -----END PGP SIGNATURE-----
>>> 

[OT] Filter Test, Pardon Noise

From: Dave Brockman 
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You know that time I didn't take my own advice, and ended up wasting
days of my life because of it?  This is one of those, my apologies for
the noise.

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJV6fmGAAoJEMP+wtEOVbcdsvEIAJy36VS984BPH1OYb+uSwdoP
dR90MYfWQNEKsxEZZAVEgHeQ2UkGy465+JKqfLZ3WOX3ENCzMRE7wAc1bCsh92kQ
JlnG7km/AFVLDPtTwaiGW0+rpSLfSaT7ZNpubLryQkA3/5nSSGWv+z7DdntAp5Oz
O1Xs+iy0F3B5pJ350RSSHwri0a5DoGBdP2M7w4DQU7VbKkfkJASkhtPL6GTNCOsv
rtf6mxHaAXOCasWE5MtVfZV49oOeCghhUC1MzJMIgXznELeoNfdT3aCZfzdzB3Ae
xqToI+Pq/519u0uvtN2y+aUKR1AEzOZELCkRdH5joxVCSL76O3PpFfV57QbczH0=
=0kND
-----END PGP SIGNATURE-----