ranted on the Great Mortgage Minority Meltdown as reasons
for abandoning financial mechanisms based on trust in elites documented my travails in configuring linux systems
This commit is contained in:
parent
a92a3b60b7
commit
8f07c8dcf1
@ -53,6 +53,17 @@ the message type field, deserializes the message,
|
|||||||
and despatches it to the appropriate fully typed event handler
|
and despatches it to the appropriate fully typed event handler
|
||||||
of that state machine.
|
of that state machine.
|
||||||
|
|
||||||
|
# It is remarkable how much stuff can be done without
|
||||||
|
concurrent communicating processes. Nostr is entirely
|
||||||
|
implemented over request reply, except that a whole lot
|
||||||
|
of requests and replies have an integer representing state,
|
||||||
|
where the state likely winds up being a database rowid.
|
||||||
|
|
||||||
|
The following discussion also applies if the reply-to field
|
||||||
|
or in-regards-to field is associated with a database index
|
||||||
|
rather than an instance of a class living in memory, and might
|
||||||
|
well be handled by an instance of a class containing only a database index.
|
||||||
|
|
||||||
|
|
||||||
# Representing concurrent communicating processes
|
# Representing concurrent communicating processes
|
||||||
|
|
||||||
|
@ -534,7 +534,7 @@ lambdas and functors, but are slow because of dynamic allocation
|
|||||||
|
|
||||||
C++ does not play well with functional programming. Most of the time you
|
C++ does not play well with functional programming. Most of the time you
|
||||||
can do what you want with lambdas and functors, using a pod class that
|
can do what you want with lambdas and functors, using a pod class that
|
||||||
defines operator(\...)
|
defines `operator(...)`
|
||||||
|
|
||||||
# auto and decltype(variable)
|
# auto and decltype(variable)
|
||||||
|
|
||||||
|
@ -144,6 +144,7 @@ Which is very effective in preventing people from moving debts off the books.
|
|||||||
In the Great Minority Mortgage Meltdown, the SoX books were misleading to the tune
|
In the Great Minority Mortgage Meltdown, the SoX books were misleading to the tune
|
||||||
of about seven *trillion* dollars, about one hundred times as much money as the Enron scandal,
|
of about seven *trillion* dollars, about one hundred times as much money as the Enron scandal,
|
||||||
largely due to the fact that the people responsible for paying the mortgages could not be found or identified,
|
largely due to the fact that the people responsible for paying the mortgages could not be found or identified,
|
||||||
|
frequently had about as much id and evidence of actual existence as a democratic party voter,
|
||||||
and many of them probably did not exist, and many of the properties were not only grossly overvalued,
|
and many of them probably did not exist, and many of the properties were not only grossly overvalued,
|
||||||
but pledged to multiple mortgages, or were impossible to identify,
|
but pledged to multiple mortgages, or were impossible to identify,
|
||||||
and some of them may not have existed either. It usually said that the losses in the
|
and some of them may not have existed either. It usually said that the losses in the
|
||||||
@ -155,8 +156,10 @@ mansions they could not possibly afford at market prices, but market prices were
|
|||||||
because of this artificial demand. From 2005 to 2007, it looks more like people who did not actually exist
|
because of this artificial demand. From 2005 to 2007, it looks more like people who did not actually exist
|
||||||
were buying houses at prices far above market price and market prices were irrelevant.
|
were buying houses at prices far above market price and market prices were irrelevant.
|
||||||
|
|
||||||
And that the price of the property underlying the mortgage had been inflated
|
And that the alleged sale price of the property underlying
|
||||||
far above realizable value was not the only problem. The creditors frequently
|
the mortgage had been inflated far above realizable value,
|
||||||
|
and often far above even what the prices had been at the peak
|
||||||
|
of the bubble in 2005 was not the only problem. The creditors frequently
|
||||||
had strange difficulty actually finding the houses.
|
had strange difficulty actually finding the houses.
|
||||||
|
|
||||||
A person who actually exists and actually wants the house is going to sign the papers at a location
|
A person who actually exists and actually wants the house is going to sign the papers at a location
|
||||||
|
@ -79,6 +79,14 @@ the OS in ways the developers did not anticipate.
|
|||||||
|
|
||||||
## Setting up Debian in VirtualBox
|
## Setting up Debian in VirtualBox
|
||||||
|
|
||||||
|
### virtual box Debian install bug
|
||||||
|
|
||||||
|
Debian 12 (bookworm) install fails on a UEFI virtual disk.
|
||||||
|
The workaround is to install a base Debian 11 system as UEFI
|
||||||
|
in Virtual Box. Update /etc/apt/sources.list from Bullseye
|
||||||
|
to Bookworm. Run apt update and apt upgrade.
|
||||||
|
After that you have a functioning Debian 12 UEFI Virtual machine.
|
||||||
|
|
||||||
### Guest Additions
|
### Guest Additions
|
||||||
|
|
||||||
To install guest additions on Debian:
|
To install guest additions on Debian:
|
||||||
@ -133,7 +141,7 @@ autologin-user-timeout=0
|
|||||||
nano /etc/default/grub
|
nano /etc/default/grub
|
||||||
```
|
```
|
||||||
|
|
||||||
The full configuration built by `grub2-mkconfig` is built from the file `/etc/default/grub`, the file `/etc/fstab`, and the files in `/etc/grub.d/`.
|
The full configuration built by `update-grub` is built from the file `/etc/default/grub`, the file `/etc/fstab`, and the files in `/etc/grub.d/`.
|
||||||
|
|
||||||
Among the generated files, the key file is `menu.cfg`, which will contain a boot entry for any additional disk containing a linux kernel that you have attached to the system. You might then be able to boot into that other linux, and recreate its configuration files within it.
|
Among the generated files, the key file is `menu.cfg`, which will contain a boot entry for any additional disk containing a linux kernel that you have attached to the system. You might then be able to boot into that other linux, and recreate its configuration files within it.
|
||||||
|
|
||||||
@ -154,10 +162,26 @@ Go to go to system / control center/ Hardware/ Power Management and turn off the
|
|||||||
|
|
||||||
In the shared directory, I have a copy of /etc and ~.ssh ready to roll, so I just go into the shared directory copy them over, `chmod` .ssh and reboot.
|
In the shared directory, I have a copy of /etc and ~.ssh ready to roll, so I just go into the shared directory copy them over, `chmod` .ssh and reboot.
|
||||||
|
|
||||||
|
Alternatively [manually set them](#setting-up-ssh) then
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
|
chmod 700 ~/.ssh && chmod 600 ~/.ssh/*
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### make the name available
|
||||||
|
|
||||||
|
You can manually edit the hosts file, or the `.ssh/config` file, which is a pain if you have a lot of machines, or fix your router to hand out
|
||||||
|
names, which cheap routers do not do and every router is different.
|
||||||
|
|
||||||
|
Or, if it is networked in virtual box bridged mode,
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt-get update && sudo apt-get upgrade
|
||||||
|
sudo apt-get install avahi-daemon
|
||||||
|
```
|
||||||
|
|
||||||
|
Which daemon will multicast the name and IP address to every machine on the network so that you can access it as «name».local
|
||||||
|
|
||||||
### Set the hostname
|
### Set the hostname
|
||||||
|
|
||||||
check the hostname and dns domain name with
|
check the hostname and dns domain name with
|
||||||
@ -220,7 +244,7 @@ Change the lower case `h` in `PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$
|
|||||||
I also like the bash aliases:
|
I also like the bash aliases:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
alias ll="ls -hal"
|
alias ll="ls --color=auto -hal --time-style=iso"
|
||||||
mkcd() { mkdir -p "$1" && cd "$1"; }
|
mkcd() { mkdir -p "$1" && cd "$1"; }
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -277,15 +301,11 @@ This does not necessarily correspond to order in which virtual drives have
|
|||||||
been attached to the virtual machine
|
been attached to the virtual machine
|
||||||
|
|
||||||
Be warned that the debian setup, when it encounters multiple partitions
|
Be warned that the debian setup, when it encounters multiple partitions
|
||||||
that have the same UUID is apt to make seemingly random decisions as to which partitions to mount to what.
|
that have the same UUID (because one system was cloned from the other)
|
||||||
|
is apt to make seemingly random decisions as to which partitions to mount to what. So, you should boot from a live
|
||||||
|
cd-rom, and attach the system to be manipulated to that.
|
||||||
|
|
||||||
The problem is that virtual box clone does not change the partition UUIDs. To address this, attach to another linux system without mounting, change the UUIDs with `gparted`. Which will frequently refuse to change a UUID because it knows
|
This also protects you from accidentally manipulating the wrong system.
|
||||||
better than you do. Will not do anything that would screw up grub.
|
|
||||||
|
|
||||||
`boot-repair` can fix a `grub` on the boot drive of a linux system different
|
|
||||||
from the one it itself booted from, but to boot a cdrom on an oracle virtual
|
|
||||||
box efi system, cannot have anything attached to SATA. Attach the disk
|
|
||||||
immediately after the boot-repair grub menu comes up.
|
|
||||||
|
|
||||||
The resulting repaired system may nonetheless take a strangely long time
|
The resulting repaired system may nonetheless take a strangely long time
|
||||||
to boot, because it is trying to resume a suspended linux, which may not
|
to boot, because it is trying to resume a suspended linux, which may not
|
||||||
@ -877,64 +897,6 @@ the ssh terminal window.
|
|||||||
|
|
||||||
Once your you can ssh into your cloud server without a password, you now need to update it and secure it with ufw. You also need rsync, to move files around
|
Once your you can ssh into your cloud server without a password, you now need to update it and secure it with ufw. You also need rsync, to move files around
|
||||||
|
|
||||||
### Remote graphical access over ssh
|
|
||||||
|
|
||||||
```bash
|
|
||||||
ssh -cX root@reaction.la
|
|
||||||
```
|
|
||||||
|
|
||||||
`c` stands for compression, and `X` for X11.
|
|
||||||
|
|
||||||
-X overrides the per host setting in `~/.ssh/config`:
|
|
||||||
|
|
||||||
```default
|
|
||||||
ForwardX11 yes
|
|
||||||
ForwardX11Trusted yes
|
|
||||||
```
|
|
||||||
|
|
||||||
Which overrides the `host *` setting in `~/.ssh/config`, which overrides the settings for all users in `/etc/ssh/ssh_config`
|
|
||||||
|
|
||||||
If ForwardX11 is set to yes, as it should be, you do not need the X. Running a gui app over ssh just works. There is a collection of useless toy
|
|
||||||
apps, `x11-apps` for test and demonstration purposes.
|
|
||||||
|
|
||||||
I never got this working in windows, because no end of mystery
|
|
||||||
configuration issues, but it works fine on Linux.
|
|
||||||
|
|
||||||
Then, as root on the remote machine, you issue a command to start up the
|
|
||||||
graphical program, which runs as an X11 client on the remote
|
|
||||||
machine, as a client of the X11 server on your local machine. This is a whole lot easier than setting up VNC.
|
|
||||||
|
|
||||||
If your machine is running inside an OracleVM, and you issue the
|
|
||||||
command `startx` as root on the remote machine to start the remote
|
|
||||||
machines desktop in the X11 server on your local OracleVM, it instead
|
|
||||||
seems to start up the desktop in the OracleVM X11 server on your
|
|
||||||
OracleVM host machine. Whatever, I am confused, but the OracleVM
|
|
||||||
X11 server on Windows just works for me, and the Windows X11 server
|
|
||||||
just does not. On Linux, just works.
|
|
||||||
|
|
||||||
Everyone uses VNC rather than SSH, but configuring login and security
|
|
||||||
on VNC is a nightmare. The only usable way to do it is to use turn off all
|
|
||||||
security on VNC, use `ufw` to shut off outside access to the VNC host's port
|
|
||||||
and access the VNC host through SSH port forwarding.
|
|
||||||
|
|
||||||
X11 results in a vast amount of unnecessary round tripping, with the result
|
|
||||||
that things get unusable when you are separated from the other compute
|
|
||||||
by a significant ping time. VNC has less of a ping problem.
|
|
||||||
|
|
||||||
X11 is a superior solution if your ping time is a few milliseconds or less.
|
|
||||||
|
|
||||||
VNC is a superior solution if your ping time is humanly perceptible, fifty
|
|
||||||
milliseconds or more. In between, it depends.
|
|
||||||
|
|
||||||
I find no solution satisfactory. Graphic software really is not designed to be used remotely. Javascript apps are. If you have a program or
|
|
||||||
functionality intended for remote use, the gui for that capability has to be
|
|
||||||
javascript/css/html. Or you design a local client or master that accesses
|
|
||||||
and displays global host or slave information.
|
|
||||||
|
|
||||||
The best solution if you must use graphic software remotely and have a
|
|
||||||
significant ping time is to use VNC over SSH. Albeit VNC always exports
|
|
||||||
an entire desktop, while X11 exports a window. Though really, the best solution is to not use graphic software remotely, except for apps.
|
|
||||||
|
|
||||||
## Install minimum standard software on the cloud server
|
## Install minimum standard software on the cloud server
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -950,6 +912,79 @@ echo "Y
|
|||||||
" |ufw enable && ufw status verbose
|
" |ufw enable && ufw status verbose
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Remote graphical access
|
||||||
|
|
||||||
|
This is done by xrdp and a windowing system. I use Mate
|
||||||
|
|
||||||
|
The server should not boot up with the windowing system running
|
||||||
|
because it mightily slows down boot, sucks up lots of memory,
|
||||||
|
and because you cannot get at the desktop created at boot through xrdp
|
||||||
|
-- it runs a different instance of the windowing system.
|
||||||
|
|
||||||
|
The server should not be created as a windowing system,
|
||||||
|
because the default install creates no end of mysterious defaults
|
||||||
|
differently on a multi user command line system to what it does
|
||||||
|
in desktop system, which is configured to provide various things
|
||||||
|
convenient and desirable in a system like a laptop,
|
||||||
|
but undesirable and inconvenient in a server.
|
||||||
|
You should create it as a server,
|
||||||
|
and install the desktop system later through the command line,
|
||||||
|
over ssh, not through the install system's gui, because the
|
||||||
|
gui install is going to do mystery stuff behind your back.
|
||||||
|
|
||||||
|
Set up the desktop after you have remote access over ssh working
|
||||||
|
At this point, you should no longer be using the keyboard and screen
|
||||||
|
you used to install linux, but a remote keyboard and screen.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
apt update && apt upgrade -y
|
||||||
|
apt install mate-desktop-environment
|
||||||
|
# on ubuntu apt install ubuntu-mate-desktop
|
||||||
|
systemctl get-default
|
||||||
|
systemctl set-default multi-user.target
|
||||||
|
# on a system that was created as a server,
|
||||||
|
# set-default graphical-target
|
||||||
|
# may not work anyway
|
||||||
|
apt install xrdp -y
|
||||||
|
systemctl start xrdp
|
||||||
|
systemctl status xrdp
|
||||||
|
systemctl stop xrdp
|
||||||
|
usermod -a -G ssl-cert xrdp
|
||||||
|
systemctl start xrdp
|
||||||
|
systemctl status xrdp
|
||||||
|
systemctl enable xrdp
|
||||||
|
ufw allow 3389
|
||||||
|
ufw reload
|
||||||
|
```
|
||||||
|
|
||||||
|
```terminal_image
|
||||||
|
$ systemctl status xrdp
|
||||||
|
● xrdp.service - xrdp daemon
|
||||||
|
Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled)
|
||||||
|
Active: active (running) since Sat 2024-01-06 20:38:07 UTC; 1min 19s ago
|
||||||
|
Docs: man:xrdp(8)
|
||||||
|
man:xrdp.ini(5)
|
||||||
|
Process: 724 ExecStartPre=/bin/sh /usr/share/xrdp/socksetup (code=exited, status=0/S>
|
||||||
|
Process: 733 ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS (code=exited, status=0/SUCCESS)
|
||||||
|
Main PID: 735 (xrdp)
|
||||||
|
Tasks: 1 (limit: 2174)
|
||||||
|
Memory: 1.4M
|
||||||
|
CPU: 19ms
|
||||||
|
CGroup: /system.slice/xrdp.service
|
||||||
|
└─735 /usr/sbin/xrdp
|
||||||
|
|
||||||
|
systemd[1]: Starting xrdp daemon...
|
||||||
|
xrdp[733]: [INFO ] address [0.0.0.0] port [3389] mode 1
|
||||||
|
xrdp[733]: [INFO ] listening to port 3389 on 0.0.0.0
|
||||||
|
xrdp[733]: [INFO ] xrdp_listen_pp done
|
||||||
|
systemd[1]: xrdp.service: Can't open PID file /run/xrdp/xrdp.pid >
|
||||||
|
systemd[1]: Started xrdp daemon.
|
||||||
|
xrdp[735]: [INFO ] starting xrdp with pid 735
|
||||||
|
xrdp[735]: [INFO ] address [0.0.0.0] port [3389] mode 1
|
||||||
|
xrdp[735]: [INFO ] listening to port 3389 on 0.0.0.0
|
||||||
|
xrdp[735]: [INFO ] xrdp_listen_pp done
|
||||||
|
```
|
||||||
|
|
||||||
## Backing up a cloud server
|
## Backing up a cloud server
|
||||||
|
|
||||||
`rsync` is the openssh utility to synchronize directories locally and
|
`rsync` is the openssh utility to synchronize directories locally and
|
||||||
|
Loading…
Reference in New Issue
Block a user