- page 3

  • WakeOnLan, Archlinux, systemd-networkd, Asus Pro WS X570-ACE

    The board has two integrated ethernet adapters, here’s the lshw data:

    sudo lshw -c network
           description: Ethernet interface
           product: I211 Gigabit Network Connection
           vendor: Intel Corporation
           physical id: 0
           bus info: pci@0000:05:00.0
           logical name: enp5s0
           version: 03
           serial: 24:4b:fe:<redacted>
           size: 1Gbit/s
           capacity: 1Gbit/s
           width: 32 bits
           clock: 33MHz
           capabilities: pm msi msix pciexpress bus\_master cap\_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
           configuration: autonegotiation=on broadcast=yes driver=igb driverversion=5.12.8-zen1-1-zen duplex=full firmware=0. 6-1 ip=<redacted> latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
           resources: irq:61 memory:fc900000-fc91ffff ioport:e000(size=32) memory:fc920000-fc923fff
           description: Ethernet interface
           product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           vendor: Realtek Semiconductor Co., Ltd.
           physical id: 0.1
           bus info: pci@0000:06:00.1
           logical name: enp6s0f1
           version: 1a
           serial: 24:4b:fe:<redacted>
           size: 1Gbit/s
           capacity: 1Gbit/s
           width: 64 bits
           clock: 33MHz
           capabilities: pm msi pciexpress msix bus\_master cap\_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
           configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.12.8-zen1-1-zen duplex=full firmware=rtl8168fp-3\_0.0.1 11/16/19 ip=<redacted> latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
           resources: irq:24 ioport:d800(size=256) memory:fc814000-fc814fff memory:fc808000-fc80bfff

    It seems that the UEFI entry to activate Wake on Lan for PCIe devices only affects the Intel port, i’ve persistently activated WOL for the realtek port by adding a .link file to /etc/systemd/network/foobar.link

    # below lines are cloned from original entry in
    # /usr/lib/systemd/network/99-default.link
    # which is the default link file for all adapters whose section is hereby overwritten
    NamePolicy=keep kernel database onboard slot path
    AlternativeNamesPolicy=database onboard slot path

    The arch wiki shows a couple of alternative ways, but this seems to be the most straight forward for me.

  • I shared a link


    Harju County Court declares Mall of Tallinn's parent company bankrupt

    The Tallinn-based Harju County Court declared the T1 Mall of Tallinn's parent company bankrupt on Wednesday.

    So, the economic endeavor that created this urban abomination has failed, the market has been corrected. Now, please pack up your mall and try your luck elsewhere.

    right, that won’t work; and that is exactly the reason why urban development, city planning, and related topics should never be driven by a market logic, but by the needs and wishes of the people using the city, in conjunction with visionary ideas to enhance the urban living experience.

  • I shared a link


    Grünenchefin Annalena Baerbock plädiert für begrenzte Kanzleramtszeit

    Schluss mit dem ewigen Regieren: Nach den Rufen aus der CDU plädiert im SPIEGEL nun auch Grünen-Kanzlerkandidatin Baerbock für eine zeitliche Begrenzung der Kanzlerschaft – als Teil einer großen Parlamentsreform.

    incl. der im Artikel erwhnten parlamentsreform und dem fakt, dass es so eine konkrete situation wie diesen september noch nicht in D gegeben hat eine starke gute Richtung. aber das alles in einem land von alten fr alte? jngere, ihr msst nun eure alten berzeugen!

  • Upgrade Postgresql from 11 upwards

    On Ubuntu 18.04

    Multiple installations (11, 12, 13) be wary of that, as pg_upgradcluster for example will always go for the highest version.

    copied configuration files for new version

    cp -R  /etc/posgresql/11 /etc/posgresql/12

    initialized new version db

    /usr/lib/postgresql/12/bin/initdb -D /srv/postgres/12/main

    stopped the current server and killed all connections

    /usr/lib/postgresql/11/bin/pg_ctl -D /srv/postgres/11/main/ -mf stop

    ran checked upgrade with linked files

    time /usr/lib/postgresql/12/bin/pg_upgrade --old-bindir /usr/lib/postgresql/11/bin/ --new-bindir /usr/lib/postgresql/12/bin/ --old-datadir /srv/postgres/11/main/ --new-datadir /srv/postgres/12/main/ --link --check

    had to fix diverse configuration file problems that are obvious when running

    "/usr/lib/postgresql/11/bin/pg_ctl" -w -l "pg_upgrade_server.log" -D "/srv/postgres/11/main" -o "-p 50432 -b  -c listen_addresses='' -c unix_socket_permissions=0700 -c unix_socket_directories='/var/lib/postgresql'" start
    cat pg_upgrade_server.log

    mostly faulty references to configuration files, or having to make explicit the non-standard data dir location.

    then the systemd related things

    systemctl disable postgres@11-main
    systemctl enable postgres@12-main

    This place was most helpful: https://blog.crunchydata.com/blog/how-to-perform-a-major-version-upgrade-using-pg_upgrade-in-postgresql

  • Some reminders for http caching

    Found here: https://httptoolkit.tech/blog/http-wtf/

    No-cache means “do cache”

    Caching has never been easy, but HTTP cache headers can be particularly confusing. The worst examples of this are no-cache and private. What does the below response header do?

    Cache-Control: private, no-cache

    This means “please store this response in all browser caches, but revalidate it when using it”. In fact, this makes responses more cacheable, because this applies even to responses that wouldn’t normally be cacheable by default.

    Specifically, no-cache means that your content is explicitly cacheable, but whenever a browser or CDN wants to use it, they should send a request using If-Match or If-Modified-Since to ask the server whether the cache is still up to date first. Meanwhile private means that this content is cacheable, but only in end-client browsers, not CDNs or proxies.

    If you were trying to disable caching because the response contains security or privacy sensitive data that shouldn’t be stored elsewhere, you’re now in big trouble. In reality, you probably wanted no-store.

    If you send a response including a Cache-Control: no-store header, nobody will ever cache the response, and it’ll come fresh from the server every time. The only edge case is if you send that when a client already has a cached response, which this won’t remove. If you want to do that and clear existing caches too, add max-age=0.

    Twitter notably hit this issue. They used Pragma: no-cache (a legacy version of the same header) when they should have used Cache-Control: no-store, and accidentally persisted every user’s private direct messages in their browser caches. That’s not a big problem on your own computer, but if you share a computer or you use Twitter on a public computer somewhere, you’ve now left all your private messages conveniently unencrypted & readable on the hard drive. Oops.

  • I shared a link


    Coronavirus outbreak at care home with unvaccinated staff

    Over half of the residents at a private care home in Viljandi are infected with the coronavirus as well as several members of staff. Care workers turned down the vaccinations.

    only 2 of 6 staffers working (for a group of 24), refusing all external help, “all is well, nothing to see here”, two student helpers left after only 2 days. “we have everything under control”, “We followed all rules, but unfortunately, it [coronavirus] came somehow” - all of the staffers refused vaccination.

    doesn’t that sound creepy af? hope the residents are alright…

  • SpinRite 6 on external Toshiba usb disk

    After 827 days of running time my RaspiBlitz BTC lightning node refused to mount the external hdd (Toshiba HDTB410EK3AA Canvio Basics, USB 3.0, 1TB). Smart errors of the weirdest kind. I remembered Gibson’s spammy advertisements during the Security Now! Podcast, praising SpinRite for recovery. As there was no physical damage / interaction that would have caused that i gave it a try.

    After i bought the license, i downloaded the exe causing first problem, how to run on Linux? I have a Windows 7 laptop for such cases, so i executed the program and tried all the different options to create a bootable USB, finally succeeding by writing out the diskette spinrite.img to harddisk, then dd-ing it onto a usb flash drive:

    dd if=/path/to/SpinRite.img conv=notrunc of=/dev/<your usb device, i.e. sda>

    After rebooting the same laptop with the external USB disk attached, SpinRite started right away, and luckily for me, the drive was instantly recognized; no need for driver voodoo on the included FreeDOS distribution - that was my biggest concern. Probably the fact that the external disk is not a casing with some exotic usb-controller, but a disk with an integrated usb port helped a lot. A small downer was the unavailability of smart data for SpinRite - I don’t have a theory about that.

    The first run failed with a program abort:

    This is ongoing.

  • I shared a link


    Russland: Nawalny zu einer Haftstrafe verurteilt

    In einem Eilverfahren schickt ein russisches Gericht den Kreml-Kritiker wegen Verstoßes gegen Bewährungsauflagen für 30 Tage ins Gefängnis.

    “vor Gericht” impliziert in diesem fall eine Rechststaatlichkeit, die einfach mal nicht vorhanden ist. Ein anderes Wort wre passender, leider hab ich noch keins Gefunden.

    Wie nennt man denn ein Gericht im Unrechtsstaat?

  • run openvpn in client mode automatically after linux boot

    scenario: send out a raspberry pi model b rev1, all setup with raspberryi os / raspbian.

    the hardware specs are nothing much, but the machine is reliable, even when apparently half the ram chips are dead….

    install openvpn, then take the config file from the server you want to connect to - in my case an ovpn file generated by pivpn - and put it into the config folder `/etc/openvpn/`. if your vpn profile is password protected, just add a simple textfile with the cleartext pass and reference it in your vpn profile file like so: askpass /etc/openvpn/passwordfilename

    make sure openvpn.service is started and enabled. systemctl enable openvpn && systemctl restart openvpn

    should be it, ip a should show you the tunnel interface already.

    ps: for the routing, make sure that your that your router has a static entry that sends all the traffic to the vpn subnet to the vpn server, but that is something that depends really on your own net topology.

  • I shared a link


    Health Board comms chief asked to resign after criticizing vaccine plan

    The Health Boards's head of communications Simmo Saar has been asked to leave his position after he anonymously criticized the state's coronavirus vaccination plan but was later identified, daily newspaper Postimees reported on Tuesday.

    with no word does Lanno counter the criticism, and it needs an outcry of the Association of Journalists to point out the blatant disregard for the potential impact on the public trust into the health board and the social affairs ministry.

    at this point i am truly wondering, will i get a vaccination in time in this country? or will this ordeal be stretched even more because of the organizational and political incompetence of a chosen view.

    if this is true #astutagasi is long overdue.

  • I shared a link


    Rainer Kattel: Estonia as an idea and ideology

    The first general elections of the 2020s will very likely produce a coalition of the Conservative People's Party (EKRE) and the Reform Party that will potentially stay in power for a long time. That will be the strongest legacy of 2010, Rainer Kattel writes in a comment originally published in Vikerkaar.

    brilliant https://news.err.ee/1215376/rainer-kattel-estonia-as-an-idea-and-ideology

  • I shared a link


    Survey: Estonia's wealthy third-highest polluters in Europe

    The wealthy in Estonia are among Europe's biggest polluters, according to a recent survey, which highlights a growing rift between rich and poor.

    tl;dr: “It’s time to ban SUVs, tax aviation fuel, and invest in housing renovation and public transport to end fuel poverty, create millions of decent jobs, and cleaner air for all”

    “It is mind-boggling that even though emissions have modestly declined over the last 30 years, the emissions of its richest residents have stubbornly continued to rise. The climate problem can’t be solved if luxury consumption continues to grow and if poverty remains unaddressed.”

    Estonia also displays the phenomenon where the wealthiest 10 percent of the population emits more CO2 than the poorest 50 percent.

    Around a third of Estonia’s residents are estimated to live below the poverty line.

    SUVs on Estonia’s roads, many of them purchased via a leasehold agreement including via a company car set-up, are not an uncommon sight, making up around a quarter of new models purchased.

  • I shared a link


    Page not found - Reclaim Your Face

    Contents of this website are shared under CC-BY 4.0 license (unless stated otherwise). This means you are free to share and adapt them, as long as you remember to give us the appropriate credit.

    “We challenge abuses of power - and abuses of our biometric data - with a solution based on Transparency, Red Lines and Respect for Humans.”

  • Poor Millennials


    Generation Screwed

    Why millennials are facing the scariest financial future of any generation since the Great Depression.

    Some ideas here for social change, however, based on US analysis.

    • raise the minimum wage and tie it to inflation

    • roll back anti-union laws to give workers more leverage against companies that treat them as if they’re disposable

    • tilt the tax code away from the wealthy

    • attach benefits to work instead of jobs: For every hour you work, your boss chips in to a fund that pays out when you get sick, pregnant, old or fired. The fund follows you from job to job, and companies have to contribute to it whether you work there a day, a month or a year.

    • construction workers have an “hour bank” that fills up when they’re working and provides benefits even when they’re between jobs

    • Hollywood actors and technical staff have health and pension plans that follow them from movie to movie

    • in low employment / mid to high human resource areas launch a program that simply reimbursed employers for the wages they paid to eligible new hire

    • improve existing poverty fighting programs and handouts over basic income