Debian Jessie install from scratch

tux_and_beasty_costumesI had a bad debian testing install which required a reinstall – considering the am mount of updates involved it is a testament to the usual reliability of stretch that this post is a one off.  Sure things do get changed but are overcome-able usually.

It was a systemd fuckup (my blog) so not really debians fault

Jessie is stable and having a disk of the 64bit distro to hand i mad a backup and reinstallled from the beginning.

Most things just worked icedove and firefox needed there hidden dot directories and one edit to hosts meant i was back up in a day..

Only two things i cannot get working pi-hole and and kde keystate indicator to stop me WHEN I DO THIS.(that was intentional)

I can live without those.

The install was fast considering it was a net install disk but there’s a lot to like about debian.

caa records the hardish way

Sisyphus is still a role model

Sisyphus is still a role model

Caa* records are a bit rare and unless you run a very new dns server version many of these records will be tossed out as too new since it is either not supported either by the name server or dnssec wrapper.

To do caa records in an ‘older’ server i had to use rfc 3597 syntax which does look like voodoo compared to normal dns records its not the kind of thing the bbc think is not worth reporting on (my blog).  It is some kind of machine readable format of which i have not delved in to but looks a bit like atps.

mafia run the british red cross

the ssl mafia

Not all ca’s (not a typo) support caa for since when i write this gandi don’t, but letsencrypt do so if your shopping for tls its another limiter.

So two zoo domains do have caa records from two suppliers. But two do not. As many dns things like tlsa (my blog) are not checked by browsers i doubt they will be doing caa checks anytime soon.

So I will keep the two records i have and see how maintainable they are. Stay tuned for updates!

It will be doubtful the zoo will purchase gandi ssl (tls) again

*nothing to do with aircraft

Flash woes for all

cookiemonsterAdobe flash is really in a shit state of affairs even in a browser with no ad blocker. (my blog) – quite what it was trying to do and failed to do is a point i won’t bore you with that but somehow incompatibilities where either programmed in (latest greatest support) which got left behind by the people who put the object in the browser..

Not that i care or i control those decisions but flash has become an unmaintainable beast and most don’t yet know it after all it did work at some point.

Ignorance is bliss – forget what you read thanks flash is great when it can crash a four core laptop and that is the only software i know that do that..

That makes me smile


Android on a pc

I was in a library one day when i looked at one of those supposedly  ‘computer’ magazines which are essentially microsoft shills* nowadays rather than real journalism.  Last computer literature i bought was byte magazine but some shit competing publisher bought it and closed it down

It is more aimed at the hardware buyer naturally with a copy of microsoft windows naturally included not choose your own os and no apple products to be seen either – eg tactics the mafia would use.



Anyhow in a fit of weirdness they had an article on (not a neil gaiman book) which is a android on pc os but naturally for ‘older’ pc’s just to keep things you know microsoft friendly.

I tried it and it is basic but has good linux support for hardware but it needs a 8gb usb stick.

You still need to sign in so its not a really different version of andriod but interesting if rather google centric.  An alternative to linux on old pc’s too if your unwilling to try something (my blog) like that and know it via your phone.

I was exploring how it implemented flash and it failed those tests, but if your pissed off with Microsoft try neverwhere if you dont want to try linux which is what the biased journalists where hinting.  It runs off a usb stick to try before you install it.

Anyhow i have said what i wanted to say.

*no criticism is allowed of microsoft by journalists.

hotplug weirdness

are-you-serious-wtf-meme-baby-faceRunning debian is fun but when a setting is needed and then not needed makes it infurating.

It seems the r8169 card (my blog) wanted a setting so that network manager would not control it. Ever since the setting was appended to interfaces the card has returned to being a model citizen.

I am either stupid or network manager is doing something it did not used to do since you dont screw with network settings when it works since 2012.

Hey it’s fixed for now – crosses fingers.

ooh err – or testing debian kde

midgetI like kde (my blog) rather than those midgets that come in sevens from Potterang (my blog) and his band of gnome sjw warriors and when the debian testing update for kde came down it was mainly broken even ffmpeg* is is a bit of a state in regard to the back end in kde so i ran lxde in the meantime.

This is not a rant, but when the keyboard does not work, applications work full sized only like the midgets like gnome then thank you and im off to something else.

It comes with the territory.  So one evening i removed all my xwindow and gubbins and reinstalled kde, where in testing \ stretch i found you dont need kdm as it runs non root and my music player changed from once more.

kde works but is radically different to old kde.  Still very compatible once you remove the old.  I like kde and debian.

*another change in progress.

the unscheduled lets encrypt renewal by 21 days

are-you-serious-wtf-meme-baby-faceLets encrypt is a free tls thing and a bit of a game for me to do email in tls i had to make a web site just to get the bloody tls that assumedly lasts three months and then i have to redo my tlsa records for dane.

I wrote down the date but 21 days early it got renewed all on its own, i only know this since i got an email about this fucked up renewal as the tlsa recrds where wrong.  How the fuck did 90 days become 69.  That’s with the zoo doing some pruning of lets encrypt cron jobs and me not knowing precisely what calls the update in debian (not me).

I renewed my tlsa records (my blog) but its process to call for updates and inform you is something i have to figure out and that’s even looking at the logs in /var/log/letsencrypt which is a joy to read due to stack traces.



A picard moment for you (

Oh yes its our friendly scumbags from shodan (my blog) – over to you captain

connect from[]

Its from our beachhut scanning outpost in the Seychelles (my blog) and a small /24 this time if you want to mass block this scammy isp and its lovely client.

So shields up, and i hope you never get this recycled ip addresss once have fucked it up reputation wise.  I never delist ip addresses from who ever the isp is.

Enjoy your day.

an odd reboot

keyboardThe zoo’s server had a weird issue with its keyboard doing [^b [^a etc and so one evening i decided to fix it, fortunately it appears that a simple reboot restored it use without the [^ thing.

The keyboard on the server gets very little use and i am able to shut it down remotely and fix many things that way as well but it is nice to have a functional thing on it just in case.