DevHeads.net

Postings by Colin Law

Should ufw block access to localhost?

I am setting up ufw on a server and have a symptom I don't understand.
I am running mosquitto with TLS on port 8883 on the server so in ufw I
have opened that port
sudo ufw allow 8883
and can then access port 8883 from another machine, as expected. I
cannot access it if I do not open that port, again as expected.

However I also access mosquitto locally on the server using
localhost:8883 and the feature I do not understand is that if ufw is
enabled then I cannot access it via localhost whether the port is
opened or not.

TLS failure

I have a very strange problem, which may well not actually be a Ubuntu
problem, but I would be grateful for any help in diagnosing it.
When I go to <a href="https://vehicletax.service.gov.uk/" title="https://vehicletax.service.gov.uk/">https://vehicletax.service.gov.uk/</a> in Firefox it shows
'Performing a TLS Handshake to vehicletax.service.gov.uk' for a little
while then fails saying 'Secure Connection Failed, The connection to
the server was reset while the page was loading'. A similar thing
happens in Google Chrome.

Relationship between Release and Proposed repos for Cosmic

If I understand correctly, [1] suggests that the Cosmic (18.10) repos
have gnucash version 2.6.19 in 'Release' but 3.2 in 'Proposed'. Does
this mean that the intention is that 3.2 will be the version when
Cosmic is released?

Colin

[1] <a href="https://launchpad.net/ubuntu/cosmic/+package/gnucash-common" title="https://launchpad.net/ubuntu/cosmic/+package/gnucash-common">https://launchpad.net/ubuntu/cosmic/+package/gnucash-common</a>

Upgrading over ssh and connection failure

I have several systems that I access via ssh. When I upgrade using apt
upgrade is there a danger of the upgrade seriously messing up if the
connection goes down in the middle of the operation, while upgrading the
kernel for example? When I say say seriously messing up I mean something
like ending up with a non-bootable system.

Colin

Disable ask for password on Resume - 18.04

I am sure there used to be a setting to prevent the password request on
Resume after Suspend but I can't find this on a clean install of Ubuntu
Desktop 18.04.

Has this setting been removed or am I going blind?

Colin

Problem installing mysql server on 18.04

I have installed mysql-server and then run
sudo mysql_secure_installation
which prompts me to enter a root password.

I then run
mysql -u root -p
and get prompted for the pasword but then I get
Access denied for user 'root'@'localhost'

I have gone round a couple of times being ultra careful with the pwd entry
to no avail. The log below shows a server restart and login attempt and I
can't see anything wrong.

Any suggestions gratefully received.

Colin

2018-07-01T11:05:15.498133Z 0 [Warning] TIMESTAMP with implicit DEFAULT
value is deprecated.

IPV6 addresses

When I run ifconfig on an 18.04 machine which has been upgraded over
several versions I see an IPV6 address generated from the MAC address
of the form
fe80::xxxx:xxff:fexx:xxxx
which has been generated using the technique in
<a href="http://www.sput.nl/internet/ipv6/ll-mac.html" title="http://www.sput.nl/internet/ipv6/ll-mac.html">http://www.sput.nl/internet/ipv6/ll-mac.html</a>.

On another machine with a fresh install, however, the fe80:: address
does not have any obvious relationship to the MAC address and has not
got ff:fe at the appropriate place. I deduce from this that there
other allowed techniques for generating the address but I can't find
any reference to them anywhere.

System search in 18.04

In Ubuntu 18.04 (Gnome) the system search (accessed via the Windows
button) allows the search for files. I believe that by default it
indexes the user's home folder. I want to prevent it indexing certain
folders but cannot find how to do that. I searched dconf for likely
looking data but did not find anything.

Does anyone know how to do this?

Colin

Run tracker reset without display - dbus error

I am using tracker [1] and trying to run

tracker reset -f ~/

However, I am running it in a situation where there is no display
(from a node-red exec node). I get the error

Tracker-WARNING **: Failed to load SPARQL backend: Cannot autolaunch
D-Bus without X11 $DISPLAY

Is there some magic I can perform to allow this to work?

Colin

[1] <a href="https://wiki.gnome.org/Projects/Tracker/Documentation" title="https://wiki.gnome.org/Projects/Tracker/Documentation">https://wiki.gnome.org/Projects/Tracker/Documentation</a>

Sometimes can't access device on local network

I have an odd situation that occurs occasionally. I have a conventional
wired local network (192.168.1.nnn) with in addition some devices connected
via wifi. The main router (192.168.1.1) is also the wifi hub.

Consider three of these machines. A, B and C.

Can't change software sources via GUI following upgrade to 17.10 (using Gnome)

Having upgraded to 17.10 (from 17.04), when I open Software and
Updates I am unable to select or deselect s/w sources. I do not get
the popup asking me to enter my password. I do not see the problem on
another machine with a fresh install of 17.10.

Any suggestions where I might look to sort it? No success searching
Google and Launchpad.

Colin

Advice for user with impaired vision

I am looking for suggestions to help a friend who has poor vision to
use his computer. Obviously I can make the text and icons larger but
I wonder whether anyone can offer any other advice or any tools that
might help further. His vision is not so poor that he needs a text to
speech screen reader.

Colin

systemd journal using too much disc space

I note that the files in /var/log/journal are consuming 2.9GB and
journalctl --disk-usage
also shows 2.9GB. Since this is on Ubuntu 17.04 installed in an 80GB
partition on an SSD this is a significant chunk of my free disc space.
As far as I can see journalctl is using its default values as there
are no commented out settings in /etc/systemd/journald.conf and I
cannot see any overriding conf files.

I see how to adjust the settings for this but am surprised the default
is so large.

Gnome setup in Ubuntu

Hi

I have previously added the Gnome desktop to a standard Ubuntu install by
sudo apt install ubuntu-gnome-desktop^
I find I can then install shell extensions by opening Gnome Software
and clicking on the Add-ons button.

On a new system, however, I installed Ubuntu Gnome (17.04) directly
and when I open Gnome Software the Add-ons button is missing. Google
has failed to help me. Does anyone know how to get the Add-ons
button?

Colin

What exactly should the search in gnome-shell do?

I am trying out the gnome desktop in Ubuntu and am confused about
exactly what the search feature in Activities is supposed to do with
regard to files searching. The feature is accessed by bringing up
Activities and typing in the search field.

It appears to find files both by name and content, but does not seem
consistent in exactly what is found. I have not managed to find a
complete description of what it is supposed to do. Does anyone here
know?

Colin

Desktop files and Gnome

Since I am going to have to wean myself of Unity I decided to give Gnome a go.

I have a number of home spun .desktop files which I have added to the
Unity launcher which allow alternative actions on right click. For
example I have one that by default gives me a terminal, but by right
clicking I can ssh into a long list of servers. I have tried adding
the opening the application using the desktop file and then adding it
to Favourites in the panel, but the right click does not give me the
options. Is there a way to achieve something similar in Gnome?

Colin

Accessing mounted drive from snap package

On Ubuntu 17.04 I have installed the keepassxc snap package using
sudo snap install keepassxc

I have a remote (samba) drive permanently mounted via fstab as /media/drivename

In order to access a keepass database on the mounted drive I have to run
sudo snap connect keepassxc:removable-media :removable-media
which seems odd since the drive is not removable.

Even then I am not able to browse to /media, but have to enter the
full path in the filename dialog in Database > Open in keepassxc.

Is this a limitation of snap packages? In which case it is not a very
user friendly feature.

Colin

Github ToS and Open Source

Can anyone explain the significance of this in words that the
relatively uninitiated can understand?
<a href="https://www.mirbsd.org/permalinks/wlog-10_e20170301-tg.htm" title="https://www.mirbsd.org/permalinks/wlog-10_e20170301-tg.htm">https://www.mirbsd.org/permalinks/wlog-10_e20170301-tg.htm</a>

Colin

Gnome-terminal window borders

I have a problem using gnome-terminal in Ubuntu 16.10 (Unity), in that
the windows do not have a obvious border and when one gets overlapped
terminal windows it becomes very confusing as to which text is in
which window. On previous versions of ubuntu this could be changed by
adding the line below to
/usr/share/themes/Ambiance/gtk-3.0/apps/gnome-terminal.css

UnityDecoration { -UnityDecoration-extents: 28px 1px 1px 1px; }

Unfortunately this no longer seems to have the desired effect (or any
noticeable effect at all as far as I can see).

openvpn dns issue

I wonder whether anyone can help with this rather odd problem.

I am using Ubuntu 16.10 with Unity Desktop. I have vpn access to two
servers running openvpn, one a Pi running raspbian Jessie and the
other another Ubuntu Desktop running 14.04. I can connect to either of
the remote systems via the vpn and everything seems to be working
fine. The problem arises when I disconnect from the vpn and later
reconnect, I then find that I have no DNS available. Internet access
via IP is ok, it is just DNS that is not working.

Tab title text almost invisible in LibreOffice in 16.10

Is anyone else seeing this problem in 16.10 [1] where the tab title text in
libreoffice is almost invisible? There is a screenshot in the bug.
Alternatively are others *not* seeing the problem, in which case I need to
work out what is different with my system. I see one other has now marked
the bug as affecting them.

Colin

[1] <a href="https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1627839" title="https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1627839">https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1627839</a>

apt not upgrading package

I have added a ppa for mosquitto, when I run
sudo apt-get update && sudo apt-get dist-upgrade
it says:
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
but apt-cache policy for mosquitto shows:
$ apt-cache policy mosquitto
mosquitto:
Installed: 1.4.8-1build1
Candidate: 1.4.9-0mosquitto1
Version table:
1.4.9-0mosquitto1 500
500 <a href="http://ppa.launchpad.net/mosquitto-dev/mosquitto-ppa/ubuntu" title="http://ppa.launchpad.net/mosquitto-dev/mosquitto-ppa/ubuntu">http://ppa.launchpad.net/mosquitto-dev/mosquitto-ppa/ubuntu</a>
xenial/main amd64 Packages
*** 1.4.8-1build1 500
500 <a href="http://gb.archive.ubuntu.com/ubuntu" title="http://gb.archive.ubuntu.com/ubuntu">http://gb.archive.ubuntu.com/ubuntu</a> xenial/universe amd64 Packages
100 /var/lib/dpkg/status

Which says

Systemd service life cycle

I am trying to define the startup order of a couple of systemd
services. I see in the docs how I can use After, Before etc to
control the order. What is not clear to me is at exactly what point
in the startup of a service it becomes "Started", thereby allowing the
next service to be started. I have tried looking in the docs and
googling but have not found the answer. I am sure it is there in the
docs, but there is quite a lot of it, so if anyone can save me some
time I will be very grateful.

Cheers

Colin

rsync and network failure

I have a script that I run to keep a remote backup of a folder
heirarchy. The script uses rsync with a command of the form

rsync -H -azipc /path/to/backup ... at my dot remote.domain:destination_folder

This works fine. My question is, if the network fails part way
through, or the PC is shut down then should I just be able repeat the
command and rsync will transfer any remaining files that were not
successfully transferred the first time?

Colin

lsof: WARNING: can't stat() tracefs file system

Often when I run lsof I see the message

lsof: WARNING: can't stat() tracefs file system /sys/kernel/debug/tracing
Output information may be incomplete.

Is this normal operation? I am using Xenial.

Google shows others asking similar questions but I have not been able
to find an answer.

Colin

Where are security and privacy settings in Xenial?

Running Xenial I can't find the security and privacy settings. I had
expected them to be in System Settings but they don't seem to be
there. Is anyone else running Xenial?

Colin

Pulseaudio sound across network

I am trying to get pulseaudio to allow playing sound from one PC
(Ubuntu 5.10) to another (Ubuntu 14.04). Following instructions found
in various places I have installed paprefs and pavucontrol and on the
server (the one with the speakers), in paprefs I have enabled network
access to local sound devices, allow other machines to discover local
devices, don't require authentication. On the client I have enable
Make discoverable network devices available locally.

Nautilus

Is there no way any more, in Nautilus, of having the window at the top
showing the path, instead of the buttons?

Nautilus 3.14.2 (the standard repo version) on Ubuntu 15.10

Colin

Postfix alias problem

Having said previously that I had postfix all working for sending
email from my server I find I cannot get aliases to work.

In /etc/aliases I have
# See man 5 aliases for format
postmaster: root
root: <a href="mailto: ... at gmail dot com"> ... at gmail dot com</a>
testing: <a href="mailto: ... at gmail dot com"> ... at gmail dot com</a>

I have run
sudo newaliases
sudo service postfix restart

But when I run
$ echo "Testing email, should go to gmail" | mail -s "testing" testing

it goes to testing@<mydomain>.org.uk and in the log is
Nov 24 09:38:58 10955 postfix/pickup[10740]: D28815D85708: uid=1000 from=<me>
Nov 24 09:38:58 10955 postfix/cleanup[11249]: D28815D8570

A Postfix configuration question

I have set up Postfix for the first time, on a server, setting
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination

and every couple of hours I am seeing, in syslog
Nov 23 20:38:06 10955 postfix/smtpd[21510]: warning: inet_protocols:
disabling IPv6 name/address support: Address family not supported by
protocol
Nov 23 20:38:06 10955 postfix/proxymap[21511]: warning:
inet_protocols: disabling IPv6 name/address support: Address family
not supported by protocol
Nov 23 20:38:06 10955 postfix/smtpd[