Childrens netflix

Is surprisingly good (my blog) despite some shit copy pasting from broadcast tv to netflix (black screens) which is probably not  netflix’s issue.

Anne with an e (imdb: tt5421602)

Is apparently a childrens book come tv series that appears to be a favourite with Canadian audiences maybe a dreaded ‘c’ book* ?  I would have to ask our ape friends in Canadian zoos

Despite its sugary appearance there is wit to be found and it made me laugh several times in episode one. On a more seroius side you might argue that ptsd is evident. Its brief look at womens liberation movement is observational.

It is recommended for its mix of elements that kept we wanting to watch another one although from a brief glance at wikipeadia the story was altered from bank crash to boat sinking.

5/5 bananas diverting.

I am also a spongebob squarepants (my blog) fan which also transcends ‘age’

*classic ? (my blog) and far too ‘wrong’ for the guardian to mention

 

 

‘genuine’ toner

An older printer here in the zoo needed toner so i obtained one for it at a very reasonable price. It works and a couple of days later i decided to look up what ‘genuine’ toner costs.

I nearly fell out of the tree when i discovered a 545% difference in price for 1500 pages. That would have been expensive per page.  The non genuine one i bought is apparently rated for 2000* pages – honestly speaking as long as it lasts about the same time as usual i think that genuine toner has lost the argument.

Perhaps ‘posh’ ink should have it written on every document to impress people – a somewhat incorrect footer might say we paid 500% more to print this page.

Nice to know. *extra toner in the container

Microsoft home to paid spammers and fraudsters

Kkaran Bahree noted crook

I have in the past lamented the sad state of microsoft clients who it appears to be Nigerians wishing to donate billions of dollars to you and me are at home in the zoo.

One day i noticed that one set a spammers where using the newish microsoft ‘cloud’ which i believe is paid for rather than hotmail ‘free’.

At least they are paying microsoft after all free spam is not on is it 104.40.0.0/13.  Lets hope they got paid rather than indicate a security hole in shit software.

I am happy to associate both scammer and microsoft as both shady and this evidence i once saw made me very happy and it proved it the collusion which i am sure somebody at microsoft sales will regret selling

I was very happy that day.

Debian Postfix v2 to v3 notes – including postmulti setup

Upgrading postfix configurations from Jessie to Stretch was ‘challenging‘  (my blog) it works but required manual startup rather than auto start on boot. Systemd being an annoyance and with the zoos config deemed bad or not as trendy as some newer configs i had to setup postmulti and learn systems syntax to auto start it

postfix upgrade-configuration resulted in these changes to already working postfix configurations (one per directory)

Upgrading Postfix

Editing /etc/postfix/master.cf, adding missing entry for postscreen TCP service
Editing /etc/postfix/master.cf, adding missing entry for smtpd unix-domain service
Editing /etc/postfix/master.cf, adding missing entry for dnsblog unix-domain service
Editing /etc/postfix/master.cf, adding missing entry for tlsproxy unix-domain service

Note: the following files or directories still exist but are no
longer part of Postfix:

/etc/postfix/postfix-script /etc/postfix/post-install
/usr/share/doc/postfix/QMQP_README

COMPATIBILITY: editing /etc/postfix/main.cf, setting
inet_protocols=ipv4. Specify inet_protocols explicitly if you want
to enable IPv6. In a future release

Version 2 issues

chroot issues your be doing a lot of as – does not mean n

submission inet n – – – – smtpd

to

submission inet n – n – – smtpd

I left my unrooted as i did not want to fight battles with sasl sockets and milters.

New features for v3

Quick Mail Queueing Protocol is i think something to do with 628 setting in master.cf that has been commented for years.  Quite what it does is still a mystery.

Postmulti

Meant copying directories and moving them as postmulti likes /etc/postfix-1 /etc/postfix-2  rather than /etc/postfix/1.  As an obliging ape did that inited the settings in /etc/postfix (different to postfix-1 etc) and imported with postmulti -I postfox1 -G mta

postmult works to start postmulti -p start|stop|reload|status

the systemd config changed on debian stretch to do it via group rather than the broken example in postfix@.service

i used a variant of

postmutli -g mta -p start

Rather than postmutli  -i %i -p eatbanana

I got friendly with postmulti first rather than wonder why the fuck systemd was doing what it was doing.

So it kind of works – i really should recreate my postfix config of over ten years but it is a lot of work and is spammer proof and a lot of other features that a new instance of postmutli mostly have.

systemctl status postfix
● postfix.service – Postfix Mail Transport Agent (instance )
Loaded: loaded (/lib/systemd/system/postfix.service; enabled; vendor preset:
Active: active (running) since x BST; x ago
Docs: man:postfix(1)
Process: 15310 ExecStop=/usr/sbin/postmulti -g mta -p stop (code=exited, status=0/SUCCESS)
Process: 15669 ExecStart=/usr/sbin/postmulti -g mta -p start (code=exited, status=0/SUCCESS)
Process: 15609 ExecStartPre=/usr/lib/postfix/configure-instance.sh (code=exited, status=0/SUCCESS)
Main PID: 2255 (code=exited, status=0/SUCCESS)
Tasks: 14 (limit: 4915)
CGroup: /system.slice/postfix.service
├─15753 /usr/lib/postfix/sbin/master -w
├─15755 pickup -l -t fifo -u
├─15756 qmgr -l -t fifo -u
├─15836 /usr/lib/postfix/sbin/master -w
├─15837 pickup -l -t fifo -u
├─15838 qmgr -l -t fifo -u
├─15916 /usr/lib/postfix/sbin/master -w
├─15917 pickup -l -t fifo -u
├─15918 qmgr -l -t fifo -u
├─15996 /usr/lib/postfix/sbin/master -w
├─15997 pickup -l -t fifo -u
├─15998 qmgr -l -t fifo -u
├─16151 tlsmgr -l -t unix -u
└─16307 tlsmgr -l -t unix -u

Jul 11 11:03:01 mail2 postfix-x/smtpd[*]:

I managed to send mail to gmail and the existing config plus upgrades appears to sign and validate n dkim and spf.

Being bananas in the falklands some wit from systemd will probably overwrite my systemd posfix service file in the future just to make my life enjoyable as i am no expert with this limiting software and put it in the wrong place.

On a plus note i have a backup of my older postfix configs – who says systemd has good points*#

*this is called sarcasm

Further Debian Stretch as a server notes

rounding up the fairies

Following on from this (my blog) i continue my bug upgrade hunt.  Its not over.

I have mentioned many of these items before in this blog, it is not my job to tell you what they are.

Apache/Perl

Rkhunter say:

Warning: The command ‘/usr/bin/lwp-request’ has been replaced by a script: /usr/bin/lwp-request:
Perl script text executable

Might explain why perl did not exec via my ‘old’ cgi scripts as Jessie

Opendkim /Postfix

I ‘needed’ an extra line (also in /etc/default/opendkim)

PidFile /var/run/opendkim/opendkim.pid

in opendkim.conf – mail was being sent without dkim

I appear to not have dkim signatures in outbound email., opendkim-testkey thinks its config is good  i think it might be easier to reconfigure postfix from scratch.  It is not milter_protocol= 6 and 2 does not work.  Um no idea.   Opendkim seems up but not connected.

Opendkim was not working. Eventually this clued (not here) me in that the openkim config files where fine but the systemd script was buggered

So if your config files are right but the daemon refuses to follow orders try this

edit /lib/systemd/system/opendkim.service

from this

[Unit]
Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/run/opendkim/opendkim.pid
User=opendkim
UMask=0007
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target

to

[Unit]
Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html
After=network.target nss-lookup.target[Service]
Type=forking
PIDFile=/var/run/opendkim/opendkim.pid
User=opendkim
UMask=0007
ExecStart=/usr/sbin/opendkim -P /var/run/opendkim/opendkim.pid -p local:/var/run/opendkim/opendkim.sock -p inet:8891:localhost
Restart=on-failure
ExecReload=/bin/kill -USR1 $MAINPID

[Install]
WantedBy=multi-user.target

run (as root)

  • systemctl daemon-reload
  • /etc/init.d/opendkim restart

I hate systemd – that caused me six days of bug hunting it is limiting

Postfix needs a blog post on its own.

Opendmarc

I needed to re-enable it to start on boot oh the joys of systemd where init.d is thought as an unreliable forgetful moron and systemd knows best when clearly it is as fucked up (my blog)

It still did connect so it is a journey in systemd to fix (see opendkim magic above)

dmarc reports does not like interval and day together which appeared ok in Jessie

It is still a bit broken so nobody is being sent reports – not that many dmarc enabled domains who ‘specailise’ in just that really care about (my blog).  HistoryFile does not record data – why – no idea

-rw-rw-r– 1 opendmarc opendmarc 0 Jul 10 10:08 opendmarc.log

So a headscratcher. – and not something i can fix.

Postgres 9.4

I chowned a snakeoiil key – tested more cosmetic this than a issue which continues from Jessie..

Logwatch

Is a use full thing in my opinion although a little lacking in places moves from 7am to midnight for timing

Bind

Stops telling you if you do not have a specific spf record even though i have text records containing spf for the benefit of all the mostly retarded who run microsoft windows servers who have issues

mod_defensibile

Jury is out on if this is broken or the dns is bad. Or alternatively no rbl listed ip’s visited.

To fix

opendmarc loging, postfix startup, mod_defensible

Would i recommend the upgrade – at this point no.

The task nobody wants to do

Which also includes me who set it is for our ape with the smart phone (my blog) and the ape with the phone who cannot be bothered to do it either (or i was an hour in the vets excuse).

So the alpha feels a need to intervene and so takes the ape with phone to place with no phone shop [one of those big groups].but goes to a place with no corporate retail shop.

Ironically after weeks pass by the smart phone ape asks me what i should be doing and would i sort it out.  Keeping a straight face was hard. Mind you with the tariff costing £4.50 for failed calls (user error) i am sure one day something will happen

I am past caring but find it most amusing and something that even the app cannot fix how do you login and use a password with a 1997 sim card after all such things as apps or smartphones did not exist.

Another month passes and i relent after being asked again and I get a pac code which has a shelf life of three weeks and an option for not as cheap calls.  Despite being asked nothing else happens.

I quit this phone stuff.

defective babies, the nhs and the childrens hospital charity conflict of interest.

the stuffed monkey might have more sentience

For several months now it seems a baby who cannot live without a breathing machine and with doubts as to everything else too has been going the rounds in the courts.

Lawyers are expensive so i wonder who is paying these fees – everybody via the nhs ? There are charities involved here (my blog) and a rich one associated with the hospital who have screwed up of which there could be a long term conflict of interest..

I also wonder if the charity business is influencing the nhs aspect of this hospital for the bad publicity the case has brought them after all it does send the wrong message. If your thinking then the paradox of childrens hospital charity also funded by the nhs is another issue which is the more important. .

Residents of the uk are constantly being told there are issues with the nhs – however in this case with opposing charities fighting it out for a rare condition only one suffers from i just wonder what it is doing to the nhs who is paying – you indirectly ?.

Somehow it sounds very expensive and not an wise use of limited resources you keep getting told about.

While it would be nice to fix all issues perhaps the fighting between all parties on the outcome means you humans cant have nice things but the lawyers and rich charity bosses can and sod the cabbage needing the help..

Thoughts?

Newer hp officejet printers weird setup on Linux

a printer image

The zoo’s hp officejet printer dating from 2007 died when it decided not to print 75% of the things it was asked to do of recent it made some cool grinding sounds indicating something or other. Unwillingly i opted for a newer model (under a hundred in incremental model versiion number) as a quick replacement of which several hours later i am still setting up.

Oddly though the setup was geared up for windows and mac users – no 123.hp.com dont work, us linux folk had to use cups to setup basic printing. The printer does not come with a brick to power it just a cable from a plug which from a firm that love there power bricks is different hp power bricks can be a horrible quality.

When the printer is off it is ‘sealed’ inside whether that preserves the ink is a interesting question and an interesting view of a possible design defect solution from hp

The rest of the features like instant ink connecting to its wifi and andriod i gave up on as not important to start with after all printing from our linux pc’s is more important than that.I will come back to that

Hplip (the official linux driver from hp) does not support the printer (and does not show) despite cups getting the printer to do stuff. – is hplip err legacy ? no so i had to compile a newer version from source, ignore qt4 or it will never compile. Then hplip shows the printer that cups can see and scan things.

Perhaps as linux users hp.com do not want any more money from us special types ? and I have no idea how you change its default wifi password or join it to our wifi network until i figured out the touch screen with abc as one key and you have to touch the key twice to get a b – not explained in the paper manual but something i eventually figured out wth guessing.

The printer prints in duplex and adds yet another unopened rj11 cable to the zoo’s collection of unused rj11 cables and adaptors for the phone socket since nobody faxes any more.

The paper documentation is thoroughly shit but as long it lasts a long time i guess the zoo will remain happy.

Android printing does work although the eprint app seems very ‘cloudy’* and desiring of optional things not essential if in local range.

Instant ink is another guessing game from hp for us linux folk to figure out and a google link to another link told me that hplip has sod all to do instant ink and is handled by a website that hp.com never decide to mention  (i would love to be a mind reader) however within thirty minutes provided you cloud enabled your printer beforehand i had ink setup.  See how that goes in a future post.

hp printer with shit tls

The ink is not as exotic this time and easier to buy outright too.

I suppose i need to find a real manual.  Ho hum it is not to be found on the cdrom disk for macs and windows users.  Sigh. What are hp thinking ?

Despite not being on the disk it is a pdf very much for windows and mac users.  If your me then most of it is useless.

Something also to guess is setting a password for the printers ip address done via a browser with the user name ‘admin’ this feels ripe for shodan.io to scan and abuse as is there way.

The tls needs an browser exception or no password set.

Five hours later and i think its setup, but not for google print cloud. Oh well.

*not in the sky but internet clouds