From russell at coker.com.au Sun May 1 18:17:14 2022 From: russell at coker.com.au (Russell Coker) Date: Sun, 01 May 2022 18:17:14 +1000 Subject: [Flounder] servers Message-ID: <2112722.Icojqenx9y@xev> https://www.ebay.com.au/itm/334423986947?hash=item4ddd391303:g: 88QAAOSwMg5ibLzN This server looks like a good deal. It's been a couple of days with no bids at $61+$41 postage. The RAM alone is worth over $200. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From russell at coker.com.au Sun May 1 18:42:20 2022 From: russell at coker.com.au (Russell Coker) Date: Sun, 01 May 2022 18:42:20 +1000 Subject: [Flounder] May 7 meeting Terraform Message-ID: <2369558.jE0xQCEvom@xev> https://flounder.linux.org.au/events/flounder-may-2022-terraform/ May event is hands-on training on using Terraform to create, modify & destroy infrastructure in cloud & on-premise and will be at http://b.coker.com.au. Whilst this training will be using Google Cloud Platform, it is equally applicable to AWS, Azure, IBM as well as VMware/Proxmox on premise. Starts 1PM in the +1000 time zone. As usual some people will be in the room an hour before it starts. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From russell at coker.com.au Sat May 7 11:53:47 2022 From: russell at coker.com.au (Russell Coker) Date: Sat, 07 May 2022 11:53:47 +1000 Subject: [Flounder] May 7 meeting Terraform In-Reply-To: <2369558.jE0xQCEvom@xev> References: <2369558.jE0xQCEvom@xev> Message-ID: <4805665.0VBMTVartN@xev> On Sunday, 1 May 2022 18:42:20 AEST Russell Coker via Flounder wrote: > https://flounder.linux.org.au/events/flounder-may-2022-terraform/ > > May event is hands-on training on using Terraform to create, modify & > destroy infrastructure in cloud & on-premise and will be at > http://b.coker.com.au. > > Whilst this training will be using Google Cloud Platform, it is equally > applicable to AWS, Azure, IBM as well as VMware/Proxmox on premise. > > Starts 1PM in the +1000 time zone. As usual some people will be in the room > an hour before it starts. Ian is sick so the Terraform presentation will be rescheduled for next month. This meeting (for which pre-boarding starts in 8 minutes and the meeting starts in 68 minutes) will be about cryptsetup, TPMs, and related things. I haven't prepared notes on this, but it's something I've been doing stuff with so I believe I can make it fun and informative. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From russell at coker.com.au Sat May 7 14:53:54 2022 From: russell at coker.com.au (Russell Coker) Date: Sat, 07 May 2022 14:53:54 +1000 Subject: [Flounder] Secure Logins and a grant application Message-ID: <1749857.3VsfAaAtOV@xev> For today's meeting we discussed various uses of TPMs and hardware authentication devices. As the planned lecture was unable to be presented due to Covid I spoke about some of the Linux security investigation I've been doing for my day job and the discussion turned to secure tokens etc. https://tomu.im/ https://en.wikipedia.org/wiki/FIDO2_Project The Tomu family of devices seem very useful. The original Tomu lists FIDO2 support as "maybe" while the Somu has it as a yes. I belive that it would be good to get FIDO2 used by free software organisations and supported by free software developers and sysadmins. Also it's worth noting that for a single unit almost half the overall cost will be shipping! Therefore buying in bulk makes sense. To further the goal of increasing the support for FIDO2 in free software I believe that we should arrange a suitable group of developers and sysadmins and apply for a Linux Australia grant to buy Somu devices. I think that it would be good to get 2 per developer/sysadmin so they can have 1 for testing and 1 for more serious use. The people in the meeting were myself, Nick, DL Neil, and David Zhan. So that accounts for 8 Somu keys which means we are approaching $600 worth. Input required from others, finding other people who can do useful work with Somu keys and writing a more formal grant application. LA doesn't require a lot of formality but something better than this email. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From russell at coker.com.au Sat May 7 14:57:26 2022 From: russell at coker.com.au (Russell Coker) Date: Sat, 07 May 2022 14:57:26 +1000 Subject: [Flounder] stuff from meeting Message-ID: <3162171.oiGErgHkdL@xev> https://www.tindie.com/products/stephanelec/mooltipass-mini-ble-authenticator/ This is an interesting device, open hardware and looks like a good design. Mot suitable for a grant application, but I think some people could benefit from using it. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From NZOSS at etelligence.info Wed May 25 18:46:50 2022 From: NZOSS at etelligence.info (DL Neil) Date: Wed, 25 May 2022 20:46:50 +1200 Subject: [Flounder] DNS Caching Server Message-ID: <6f705579-2528-1271-13ba-c373b48fe6f9@etelligence.info> Am most used to dnsmasq (local network and VMs). SpamAssassin + DNS-WhiteList/BlackList docs say to use a DNS caching server, but specifically-not dnsmasq. VPS resources are OK, but CPU probably of most concern. Seeking recommendations based on your use/experience, eg unbound, bind, ..., please? -- Regards =dn From russell at coker.com.au Thu May 26 18:53:07 2022 From: russell at coker.com.au (Russell Coker) Date: Thu, 26 May 2022 18:53:07 +1000 Subject: [Flounder] DNS Caching Server In-Reply-To: <6f705579-2528-1271-13ba-c373b48fe6f9@etelligence.info> References: <6f705579-2528-1271-13ba-c373b48fe6f9@etelligence.info> Message-ID: <14636895.JCcGWNJJiE@xev> On Wednesday, 25 May 2022 18:46:50 AEST DL Neil via Flounder wrote: > Am most used to dnsmasq (local network and VMs). > > SpamAssassin + DNS-WhiteList/BlackList docs say to use a DNS caching > server, but specifically-not dnsmasq. Why do they recommend not dnsmasq? > VPS resources are OK, but CPU probably of most concern. > > Seeking recommendations based on your use/experience, eg unbound, bind, > ..., please? BIND has always worked for me. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From NZOSS at etelligence.info Fri May 27 06:02:06 2022 From: NZOSS at etelligence.info (DL Neil) Date: Fri, 27 May 2022 08:02:06 +1200 Subject: [Flounder] DNS Caching Server In-Reply-To: <14636895.JCcGWNJJiE@xev> References: <6f705579-2528-1271-13ba-c373b48fe6f9@etelligence.info> <14636895.JCcGWNJJiE@xev> Message-ID: <788f7554-179c-a0ca-c9bc-04a0815115a4@etelligence.info> On 26/05/2022 20.53, Russell Coker via Flounder wrote: > On Wednesday, 25 May 2022 18:46:50 AEST DL Neil via Flounder wrote: >> Am most used to dnsmasq (local network and VMs). >> >> SpamAssassin + DNS-WhiteList/BlackList docs say to use a DNS caching >> server, but specifically-not dnsmasq. > > Why do they recommend not dnsmasq? ?Dnsmasq should not be used by SpamAssassin since it can only forward to other DNS servers.? https://cwiki.apache.org/confluence/display/spamassassin/CachingNameserver >> VPS resources are OK, but CPU probably of most concern. >> >> Seeking recommendations based on your use/experience, eg unbound, bind, >> ..., please? > > BIND has always worked for me. Yes, but it 'does it all', and is more resource-hungry - or as some say: over-large/bloated. Am currently reading-up about unbound (mentioned on same web-page)... Thanks! -- Regards =dn From NZOSS at etelligence.info Fri May 27 07:52:09 2022 From: NZOSS at etelligence.info (DL Neil) Date: Fri, 27 May 2022 09:52:09 +1200 Subject: [Flounder] Python User Group meeting Message-ID: In case you are interested in Python: You are invited to join the crowd at AuckPUG's/UTCmax's monthly (virtual) "Coding Evening" Wednesday 1 June. Meeting time 1830~2030 (0630~0830 UTC) Water-cooler conversation from c.1800 (0600 UTC), and afterwards Register at https://www.meetup.com/NZPUG-Auckland/ We will follow a 'lean coffee format', ie those attending will set the agenda for the evening. Here are our usual or recent topics, plus some additional thoughts to help you generate ideas: - a particular component of Python you're having difficulty understanding fully - a work/hobby problem you're trying to solve with Python - continuing/wrapping-up previous conversations about Python functions (no, no more of those sneaky quiz-questions) - another topic you think should be included in a Coding Evening - how we should shape Coding Evenings post-COVID (assuming we are post...) and the wider future of AuckPUG - continue previous discussion on 'running' Python training courses (a) for complete beginners, (b) for programmers 'converting' to Python, (c) a second course (or further) in Python (dn has drafted a paper which we could improve) - AOB (Any Other Business) Looking forward to seeing you there! -- Regards =dn From russell at coker.com.au Sun May 29 22:25:15 2022 From: russell at coker.com.au (Russell Coker) Date: Sun, 29 May 2022 22:25:15 +1000 Subject: [Flounder] DNS Caching Server In-Reply-To: <788f7554-179c-a0ca-c9bc-04a0815115a4@etelligence.info> References: <6f705579-2528-1271-13ba-c373b48fe6f9@etelligence.info> <14636895.JCcGWNJJiE@xev> <788f7554-179c-a0ca-c9bc-04a0815115a4@etelligence.info> Message-ID: <2855090.o0KrE1Onz3@xev> On Friday, 27 May 2022 06:02:06 AEST DL Neil via Flounder wrote: > On 26/05/2022 20.53, Russell Coker via Flounder wrote: > > On Wednesday, 25 May 2022 18:46:50 AEST DL Neil via Flounder wrote: > >> Am most used to dnsmasq (local network and VMs). > >> > >> SpamAssassin + DNS-WhiteList/BlackList docs say to use a DNS caching > >> server, but specifically-not dnsmasq. > > > > Why do they recommend not dnsmasq? > > ?Dnsmasq should not be used by SpamAssassin since it can only forward to > other DNS servers.? > https://cwiki.apache.org/confluence/display/spamassassin/CachingNameserver That's not a reason to not use it. Running a caching server that talks to a single other server is a relatively common configuration. > >> VPS resources are OK, but CPU probably of most concern. > >> > >> Seeking recommendations based on your use/experience, eg unbound, bind, > >> ..., please? > > > > BIND has always worked for me. > > Yes, but it 'does it all', and is more resource-hungry - or as some say: > over-large/bloated. https://doc.coker.com.au/papers/benchmarking-mail-relays-and-forwarders/ https://etbe.coker.com.au/2021/05/03/dns-lots-ips-postal/ In 2006 I presented a paper on benchmarking mail relays and forwarders which surprisingly showed that BIND as a name server was a major bottleneck. At the time I didn't investigate any other DNS caches as the mail server software was my main focus. In 2021 I repeated the same tests on bigger hardware and found that DNS wasn't a bottleneck at all. My conclusion is that if you do this sort of thing on hardware that was affordable in 2006 then the performance of the DNS server is an issue. But if you use it on affordable hardware in 2021 then it's no big deal. As for the servers I run at the moment, my email is currently stored on a server with hard disks and that is obviously the bottleneck. In a year or so it will be on a server with NVMe and there won't be any bottlenecks. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From NZOSS at etelligence.info Mon May 30 20:30:06 2022 From: NZOSS at etelligence.info (DL Neil) Date: Mon, 30 May 2022 22:30:06 +1200 Subject: [Flounder] DNS Caching Server In-Reply-To: <2855090.o0KrE1Onz3@xev> References: <6f705579-2528-1271-13ba-c373b48fe6f9@etelligence.info> <14636895.JCcGWNJJiE@xev> <788f7554-179c-a0ca-c9bc-04a0815115a4@etelligence.info> <2855090.o0KrE1Onz3@xev> Message-ID: On 30/05/2022 00.25, Russell Coker via Flounder wrote: > On Friday, 27 May 2022 06:02:06 AEST DL Neil via Flounder wrote: >> On 26/05/2022 20.53, Russell Coker via Flounder wrote: >>> On Wednesday, 25 May 2022 18:46:50 AEST DL Neil via Flounder wrote: >>>> Am most used to dnsmasq (local network and VMs). >>>> >>>> SpamAssassin + DNS-WhiteList/BlackList docs say to use a DNS caching >>>> server, but specifically-not dnsmasq. >>> >>> Why do they recommend not dnsmasq? >> >> ?Dnsmasq should not be used by SpamAssassin since it can only forward to >> other DNS servers.? >> https://cwiki.apache.org/confluence/display/spamassassin/CachingNameserver > > That's not a reason to not use it. Running a caching server that talks to a > single other server is a relatively common configuration. Having used dnsmasq for years/decade+ this caused disgruntlement (and I like my grunts)! Thus, a little digging into the claim... Unfortunately, in this situation (low volume user of the DNSWL, thus $free access, but limited by number of DNS-queries per 24-hrs), the problem of using a DNS Service (or the service-provider's) is that others will also contribute to the query-limit. Sure-enough, reports were returning rejected calls. Accordingly, being the only/single IP-source of all queries has put the WL to work, successfully. >>>> VPS resources are OK, but CPU probably of most concern. >>>> >>>> Seeking recommendations based on your use/experience, eg unbound, bind, >>>> ..., please? >>> >>> BIND has always worked for me. >> >> Yes, but it 'does it all', and is more resource-hungry - or as some say: >> over-large/bloated. > > https://doc.coker.com.au/papers/benchmarking-mail-relays-and-forwarders/ > https://etbe.coker.com.au/2021/05/03/dns-lots-ips-postal/ > > In 2006 I presented a paper on benchmarking mail relays and forwarders which > surprisingly showed that BIND as a name server was a major bottleneck. At the > time I didn't investigate any other DNS caches as the mail server software was > my main focus. In 2021 I repeated the same tests on bigger hardware and found > that DNS wasn't a bottleneck at all. > > My conclusion is that if you do this sort of thing on hardware that was > affordable in 2006 then the performance of the DNS server is an issue. But if > you use it on affordable hardware in 2021 then it's no big deal. > > As for the servers I run at the moment, my email is currently stored on a > server with hard disks and that is obviously the bottleneck. In a year or so > it will be on a server with NVMe and there won't be any bottlenecks. This is surprisingly helpful. Whilst not quite in the 2006 category, the VPS' config is becoming 'old': CentOS 7.9 SpamAssassin x86_64 3.4.0 (CentOS 6.el7 release) Postfix 2.10.1 unbound 1.6.6 inxi reports that it is running well within (<80%) its parameters, but it is small. I'm not going to uninstall unbound and install bind to perform a comparison, but you can see why I was shying-away from something rumored to be resource-hungry. Thanks! -- Regards =dn From russell at coker.com.au Tue May 31 23:06:46 2022 From: russell at coker.com.au (Russell Coker) Date: Tue, 31 May 2022 23:06:46 +1000 Subject: [Flounder] DNS Caching Server In-Reply-To: References: <6f705579-2528-1271-13ba-c373b48fe6f9@etelligence.info> <2855090.o0KrE1Onz3@xev> Message-ID: <5668055.zQ0Gbyo6oJ@xev> On Monday, 30 May 2022 20:30:06 AEST DL Neil via Flounder wrote: > Unfortunately, in this situation (low volume user of the DNSWL, thus > $free access, but limited by number of DNS-queries per 24-hrs), the > problem of using a DNS Service (or the service-provider's) is that > others will also contribute to the query-limit. > > Sure-enough, reports were returning rejected calls. Accordingly, being > the only/single IP-source of all queries has put the WL to work, > successfully. OK, that's a good point. So it's not inherently a SpamAssassin issue, but an issue of a DNSBL service that SA uses. > > https://doc.coker.com.au/papers/benchmarking-mail-relays-and-forwarders/ > > https://etbe.coker.com.au/2021/05/03/dns-lots-ips-postal/ > > > > In 2006 I presented a paper on benchmarking mail relays and forwarders > > which surprisingly showed that BIND as a name server was a major > > bottleneck. At the time I didn't investigate any other DNS caches as the > This is surprisingly helpful. Whilst not quite in the 2006 category, the > VPS' config is becoming 'old': > > CentOS 7.9 > SpamAssassin x86_64 3.4.0 (CentOS 6.el7 release) > Postfix 2.10.1 > unbound 1.6.6 CentOS 7 was released in 2014, so it is quite old. But it shouldn't miss any performance features in modern CPUs that matter for mail delivery. > inxi reports that it is running well within (<80%) its parameters, but > it is small. > > I'm not going to uninstall unbound and install bind to perform a > comparison, but you can see why I was shying-away from something rumored > to be resource-hungry. https://www.linode.com/pricing/ Currently the cheapest VM on Linode (which I have found to be a reliable hosting company) has 4G of RAM and SSD storage. My current mail server is a VM with 10G of RAM mainly because of the PHP stuff and database servers running as well as having slow storage so needing more RAM for cache. The email and web services related to it could fit in the minimal Linode VM easily. Email just isn't a big thing by the standards of today's servers. But when running such an old server changing software to test isn't worth doing. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From russell at coker.com.au Tue May 31 23:10:26 2022 From: russell at coker.com.au (Russell Coker) Date: Tue, 31 May 2022 23:10:26 +1000 Subject: [Flounder] Meeting Saturday on Terraform Message-ID: <2188608.HovnAMPojK@xev> https://flounder.linux.org.au/events/flounder-june-2022/ On Saturday at 1PM Melbourne time we have the June meeting which is about Terraform. The training will be done on GCP but Terraform works on most clouds (I plan to use it on AWS). Free entry and no need to sign up. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/