Written by: Robert R. Russell on Sunday, August 23, 2020.
Here is a listing of my preferred SSH clients for Windows.
Windows has included a copy of OpenSSH enable by default since the April 2018
Update to Windows 10. The only downside to using it is the very basic default
terminal in Windows. If we use Windows Terminal then it is an acceptable option
though I prefer using one of the WSL distributions.
Bitvise SSH is a free, but not opensource, SSH client that was previously my
default SSH client for Windows.
Putty is the old standard that I abandoned shortly after I found out about
Bitvise.
There are a couple of other SSH options on the Microsoft store that I haven’t
tried.
Written by: Robert R. Russell on Wednesday, August 19, 2020.
TLSv1.3 is now available on
85% of web clients, according to
caniuse.com. Since I don’t have to support either
Internet Explorer or the six microscopic mobile web browsers that don’t support
it at all, I have gone ahead and migrated my servers straight over to TLSv1.3.
Below is a sample configuration that will enable TLSv1.3 and the currently
recommended ciphers in a reasonable order. You must enable TLSv1.3 globally
on the entire server. I made my adjustments in the
/etc/apache2/mods-enabled/ssl.conf file. That is the correct file for Debian
and Ubuntu. Fedora and RHEL will probably be under /etc/httpd/. I gave Chacha
preference above AES due to the number of mobile devices running modern browsers
that don’t have AES hardware acceleration.
# SSL Cipher Suite:# List the ciphers that the client is permitted to negotiate. See the# ciphers(1) man page from the openssl package for list of all available# options.# Enable only secure ciphers:SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
# SSL server cipher order preference:# Use server priorities for cipher algorithm choice.# Clients may prefer lower grade encryption. You should enable this# option if you want to enforce stronger encryption, and can afford# the CPU cost, and did not override SSLCipherSuite in a way that puts# insecure ciphers first.# Default: OffSSLHonorCipherOrderon# The protocols to enable.# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2# SSL v2 is no longer supportedSSLProtocol -all +TLSv1.3
Written by: Robert R. Russell on Monday, August 17, 2020.
TIK, formerly The Imperator Knight,
makes long-form videos about lesser know WW2 battles. The early actions in the
North African Campaign are exciting. I have one of his documentary playlists
embedded below.
Written by: Robert R. Russell on Friday, August 14, 2020.
Now that I can read and write a snapshot, how do I process a list of snapshots
in a useful manner? First, let me define what I mean by a useful manner. I want
the tool to keep a copy of all automatic snapshot on the source ZFS tree on the
destination tree as an automatic snapshot is aged off of the source it needs
to be aged off of the destination as well. It will transfer snapshots one at
a time instead of transferring all of the intermediate snapshots at the same
time; the ZFS send -i option versus the -I option.
The best data structure for this is a tree or graph. The tree starts with a
list of yearly snapshots. Every snapshot has two slices of children—one for the
child frequency snapshots older than it. The younger slice will be populated
only if the current snapshot is the youngest child at its frequency strata.
A picture demonstrating my idea follows this paragraph. I will delve into
implementation details in the next part of the ZFS Backup Tool series.
Written by: Robert R. Russell on Thursday, August 13, 2020.
Now that I can read a list of snapshots, I need to read a snapshot and transfer
it to the destination. The three functions that allow me to do that are
exec.StdinPipe(),
exec.StdoutPipe(),
and io.CopyBuffer().
The process consists of the following steps:
Create an exec.Cmd representing the zfs send command
Use exec.StdoutPipe() to connect a pipe to the output of the command
created in step 1.
Create an exec.Cmd representing the zfs receive command
Use exec.StdinPipe() to connect a pipe to the input of the command created
in step 3.
Start both commands
Use io.CopyBuffer() to read from the snapshot to the receiver.
Written by: Robert R. Russell on Monday, August 10, 2020.
When I rebooted my blog, yet again, I gave myself the personal challenge of
writing at least one article per day. Except for August 3rd, 2020, I have met
that challenge. Let’s see it continues.
Written by: Robert R. Russell on Sunday, August 9, 2020.
Which software to use?
With the ZFS backup tool, I want to host the code for it here on my website
instead of GitHub. What options are available? If I want to host the bare repo,
I can use ssh for write access and add a virtual host for apache so you can
have read access. If I want a nice web interface, though, I need a different
setup.
A bit of online searching shows four major self-hosted Git web frontends. They
are GitLab, Gitea,
GitBucket, and Gogs.
GitLab and GitBucket are out because they require a lot of extra software to
support the service. GitLab could almost qualify as its own Linux distro with
a bit more work. GitBucket is nearly as bad. That leaves the two clones, Gogs
and Gitea. Gitea is a fork of Gogs with more maintainers. The increase in
maintainers gives Gitea a faster issue resolution, so I chose it.
System requirements
Gitea has very moderate system requirements. Golang, about 256MB of RAM,
and optionally MariaDB, MySQL, or PostgreSQL. An external database is a
recommendation for large sites. I will use MariaDB because I am already using
it and have a working scheduled backup of my entire database server.
Written by: Robert R. Russell on Saturday, August 8, 2020.
Mustie1 does small
engine repair videos. Most of his videos start with something simple that
someone overlooked with the “dead” engine. He fixes that and usually cleans the
engine as well.
Here are three videos where he fixed a forklift that someone abandoned because
two previous mechanics wouldn’t follow their troubleshooting workflow to the
end.