Fixing systemd postfix failures via cron

Being when i write this it is winter i decided to reboot the zoos server and put in standard* more for the cooling fans, having done that (free room heat) i restarted and forget to check if postfix had started (my blog) .

Eventually i hand type the postmulti (my blog) command and it works. As reboots are rare this is not an everyday occurrence i can excuse the behaviour after all systemd wont tell me why it fails since its perfect so i must be to blame for going outside of ‘default’ systemd configuration..

So i decide to create an onboot script with cron and the @reboot command and that now starts postfix for me and does something that systemd cannot do

I imagine the idiots who develop systemd are most upset with me and will development a cron replacement that disables that feature.  If they do then i think my migration to a bsd variant will be guaranteed.

If your software sucks like systemd does then best do not blame us ‘users’ for stuff that other things can do.

*opposed to hurricane/typhoon speed which is good summer setting

upgrading to gigabyte ethernet switches


The zoo nas installed gigabit switches ! after many years of being ‘capped’ to 100 mb on our internal network and perfectly fine since nobody has ever complained about it for stuff but as our existing switches are probably not energy efficient. these new ones I can power them with usb as well.

A fair bit of the zoo’s stuff could do gigabyte already and i cannot remember how old the existing switch equipment is.but it still looks new despite being ancient in it history.

So its probably time to change things.

The switch is smaller than our 100mb existing unit and the ethernet cables all plug in consequentially opposed to 1-x-1 spacing which i had to do with the other and plug in from the back which is nicer imho.

It consumes a third less power than the old switch unit, i could not power by usb as no spare usb slots where nearby and all being used.

It works and seems faster so appears to be a good idea.   I have labelled it with the year on it so whenever next i cannot remember when i bought it i know.

The old units looks as it did when it was new it seems a shame to think of it as junk.

apache2-doc debian weirdness fixed

If like the zoo you upgraded from debian 8 to debian 9 (my blog) then apache2-doc fails to do something on the lines of

ERROR: Conf apache2-doc does not exist!
dpkg: error processing package apache2 (–configure):

But apache still runs.  – An purge and install eg:

apt purge apache2-doc;apt install apache2-doc

Fixes it so shit software like systemd will not complain about it.  Honestly no idea why you have to do this when the version of the package was current but that’s how things go with systemd

The branded pci slot problem

Bananas is not beyond installing things into computers when required but thinks the world of pci slots and things to the right look idiotic. Probably unserviceable too since you probably do more damage removing the case on the card (not the pc).

nvida driver software sucks too in fact the zoo never buys that crap with limits on functions and shit linux support means it is best avoided..

your average inter processor dreams of being

Crap software and marketing people should be shot for what they have done to the pci and its variant slot spec the ones with the flashing lights apparently need software just to flash and quite why your pc looks like a discotheque inside is something of which i never got perhaps your average intel processor secretly loves it? and is a party animal

I get the point of water cooling but pci has a reputation problem in my humble opinion.

But what do i know.

returning back to instant ink at six months

Which i started here (my blog) so some bonus thoughts

The first month was a heavy print month selling assets and needing copies of documents, along with tax return so the quota was well used and as no roll over pages had accumulated would have been chargeable but where not as to being on the trail

Month 2 left some pages that rolled over and as did the third month.

I decided to use all the monthly quota which reflected the status as it used the roll over pages rather than charging us for the extra copies and so have not yet got to a point when roll-over pages expire as there is a limit to them carried over to next month in quantity

In six months i recovered two months quota to be carried over so provided you use some most months and have light and heavy months it kind of works out well

It is spreadsheet-able.- boolean (plan change) and fairly complex if statements (loss of pages over max) are needed

=x+G9-H9 /new month quota + rollover - lost
=IF(C10>F10,SUM(C10-F10,0)) /rollover pages to next month
=IF(C10>100,C10-100,0) /lost pages
=IF(F10-C10<1,0,F10-C10) /over quota pages
=IF(I10/15<=1,SUM(I10/15),SUM(I10/15)) /charge over quota pages

=IF(F10>=C10,1,0) /returns boolean value if you need to upgrade or downgrade printer quota based on over quota. Cumulative lost pages month on month indicate downgrade or justified reason to buy ink cartridges outright.

It works quite well for us although i still have no comparison with non hp ink.  Six months in i have yet to go over quota although this new printer is getting more of use* than our non instant hp ink printers so we can avoid over quota page costs .

Provided we dont go mad excess printing – savings on buying ink in the first year still appear plausible even with  non genuine hp ink.  The elephant in the room is still how much bigger the instant ink cartridges as a comparison which you should be able to see in the image above.  Does that mean larger means more savings on standard size ink quantities – is a value question i cannot answer.

As the printer is still new it is not incurring problems so when those begin i am not sure the printer will be desired as a asset after all being charged per sheet means once errors start it means we are paying hp to not print incomplete images an undesirable outcome..

The privacy issue with instant ink still concerns me but apart from a mysterious 69666 error when the printers software crashed its been a pain free far..  Should the price go up or the terms get worse then i could see the use of non hp ink in this printer

*duplex printing is easier and it is faster.

debian 93

Did not do anything seriously nasty that i was immediately aware of and the systemd fault mentioned here (my blog) means systemd cannot load postfix on start up at all systend is very shit software.

zeitgeist-daemon is another headache with systemd as i baked a disk and could not start the x server on the machine on next login.  So i killed all my users processes [not root] and gave up and found some hardware elsewhere that worked.  I shall look into removing zeitgeist-daemon

I think i also lost x access for root in 9.2 as well not that i use it often [once a year] but having a gui as root is nicer than vi when you have four servers to do stuff to..

I could see a migration to the bsd way if things continue to go a certain way.- I demand very little but when systemd wont start stuff,magic daemons stop x and none of it your fault then perhaps linux as a server is not the thing i thought it was.

On that thought lets leave as accommodating linux quirks is possible but not that desirable perhaps you can justify calling /usr/sbin/postfix instead of using systemd in scripts but i feel perhaps there is something that works rather than is supposed too but does not.

I look forward to exploring bsd and knowing more so i can make an informed choice.

tls renewal time from the last time i did them

It was tls renewal time once again in the past so i decided to switch suppliers (my third) and go for sslmate after all i you find horrible holes in systemd then you need to be rewarded.  I had no idea what i was letting myself in for but in fact it is way better than letsencrypt (my blog) as it uses email contacts instead of some shit http server to validate.

This is paid for rather than ‘free’ and the sslmate does work nicely as a cli although dont ask it to make a postfix tls instance.  If you use microsoft windows then your not intelligent enough imho.

Once you have an account (a website job) and the software you just ask for mail10.zoo1 and it creates the csr and once validated by the carbon based unit it takes the money and deposits four files on your computer.

Being weird i use mail10.zoo1 for email tls and generally know what i am supposed to be doing but it should work as a www thing if your average.

babymemeComodo issue the certificates and most of my changes worked on the first attempt. Comodo’s new owner is an issue.

That’s basic usage for one host.  You can also specify a spending limit per day so if you have issues like that then a low amount means your get an email saying so.

I need multi host ssl for .zoo and they offer it at a most reasonable price so .zoo and mail10.zoo will all be covered with tls.  Doing this with other resellers would mean an expensive wildcard cert that would unused or two standard ssl certs and while it is not that hard i want something better.

Multi host as an experiment did not work the way i expected and the firm did not respond to my email.  However i have enough brains to work around the issue.

Generally i can do dane (my blog) and so website ssl but only on http://www.zoo not .zoo. it was not worth the extra money to add it but config wise with the extra hosts in the certificate it makes hashing of tlsa easy.

Next year i do not see much point in long term certs as things change say sha1 replaced with 256 so at some point your going to replace the cert with a new one but new hash.   Its still work.

I was able to get a cert and the chain files and adjust configs rather than be inflicted with apache configs and unknown postfix something that other things insist on fixing despite me knowing what i am doing.

Would i do it again – individual is cheaper and perhaps worth setting up say www. and *.zoo so this is not a total waste of time one i will put down to experience despite wasting http://www.mail10.zoo as an unused address.

The more complex the cli command the less intuitive it becomes and the documentation on the website is lacking but kind of guessable.

Maybe i go for a wildcard ssl next time.

Both times i got a pdf invoice.


http/2 in debian

tube recycle those 1’s and 0’s

Was surprisingly easy to setup in debian 9.2 in apache -turn on the module and add

# for a https server
Protocols h2 http/1.1
# for a http server
Protocols h2c http/1.1

depending on the host config and a software restart – I doubt anybody will notice.

Much better than that spdy (my blog) crap alphabet was promoting.


Viruses from Iran

Iranian girls show their hands, marked with the words “Down with USA,” at Tehran.

I was amused to see that our virus scanner getting a small workout when i wrote this and apparently being sent by “apple computer” from a education site in Sahebazaman’s Building – Field of Education – Nourabad – Fars – Iran.

I was amused by that probably it was sent by something using microsoft software and they where attempting to spam the zoo.   It certainly was not iran made software after all there is an american in prison in Iran for writting some common software used all over the internet but his crime was that software was used on a porn site which indicates something like the more repressive the religion the kinkier the porn..

I am not quite sure if they should be chanting “death to america” after all or i should be chanting death to iran so instead i blocked them for a month until the next reboot for the server whenever that happens.

Anyhow if you have an answer for that question above leave me a comment. Quite telling about Iran too.

Firefox 57

i went here

Works better and is faster then before, the chrome like visited sites in a concern as you guess what i looked at and the more esoteric plugins like dnssec* are not updated yet to the new extension standard yet.

You should be ok with the usual average extensions.

Layout wise some things change for the better and curved tabs are replaced with rectangles which does not bother me and probably saves processing time.

A lot better than firefox 56 which was a bit odd at times.

*not really necessary but useful.