[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [686] add tickets pages
|
From: |
iank |
|
Subject: |
[Savannah-cvs] [686] add tickets pages |
|
Date: |
Wed, 6 Dec 2023 16:04:19 -0500 (EST) |
Revision: 686
http://svn.savannah.gnu.org/viewvc/?view=rev&root=administration&revision=686
Author: iank
Date: 2023-12-06 16:04:15 -0500 (Wed, 06 Dec 2023)
Log Message:
-----------
add tickets pages
Modified Paths:
--------------
trunk/sviki/fsf.mdwn
Added Paths:
-----------
trunk/sviki/fsf/tickets/
trunk/sviki/fsf/tickets/awstats/
trunk/sviki/fsf/tickets/awstats/long-lines-break-awstats.mdwn
trunk/sviki/fsf/tickets/conferences/
trunk/sviki/fsf/tickets/conferences/low-res-scaling-and-audio.mdwn
trunk/sviki/fsf/tickets/cryptocurrencies/
trunk/sviki/fsf/tickets/cryptocurrencies/bitcoin-litecoin-get-full-history.mdwn
trunk/sviki/fsf/tickets/cups/
trunk/sviki/fsf/tickets/cups/delete-jobs.mdwn
trunk/sviki/fsf/tickets/dns/
trunk/sviki/fsf/tickets/dns/savannah.mdwn
trunk/sviki/fsf/tickets/dns/sysadmins-to-notify-before-moving-ns1.gnu.org.mdwn
trunk/sviki/fsf/tickets/dns/volunteer-admins.mdwn
trunk/sviki/fsf/tickets/email/
trunk/sviki/fsf/tickets/email/exim-ban.mdwn
trunk/sviki/fsf/tickets/email/exim-deliver-all-queued-messages.mdwn
trunk/sviki/fsf/tickets/email/exim-paniclog.mdwn
trunk/sviki/fsf/tickets/email/exim-string_sprintf-expansion-was-longer-than-32768.mdwn
trunk/sviki/fsf/tickets/email/mail.fsf.org-aliases.mdwn
trunk/sviki/fsf/tickets/email/new-sending-ip.mdwn
trunk/sviki/fsf/tickets/email/not-delivered.mdwn
trunk/sviki/fsf/tickets/email/set-up-vacation-responder.mdwn
trunk/sviki/fsf/tickets/esd/
trunk/sviki/fsf/tickets/esd/fix-links-from-missing-translations.mdwn
trunk/sviki/fsf/tickets/esd/fix-links-from-tor-to-clearnet.mdwn
trunk/sviki/fsf/tickets/firewall/
trunk/sviki/fsf/tickets/firewall/xtables-lock.mdwn
trunk/sviki/fsf/tickets/git/
trunk/sviki/fsf/tickets/git/corrupted-files.mdwn
trunk/sviki/fsf/tickets/gmg/
trunk/sviki/fsf/tickets/gmg/delete-entry.mdwn
trunk/sviki/fsf/tickets/gnu/
trunk/sviki/fsf/tickets/gnu/new-gnu-package-request.mdwn
trunk/sviki/fsf/tickets/hardware/
trunk/sviki/fsf/tickets/hardware/buying-ssds.mdwn
trunk/sviki/fsf/tickets/irc/
trunk/sviki/fsf/tickets/irc/block-unregistered-users.mdwn
trunk/sviki/fsf/tickets/irc/require-registered-account-for-voice.mdwn
trunk/sviki/fsf/tickets/irc/secure-channel.mdwn
trunk/sviki/fsf/tickets/jitsi-meet/
trunk/sviki/fsf/tickets/jitsi-meet/count-room-use.mdwn
trunk/sviki/fsf/tickets/lists/
trunk/sviki/fsf/tickets/lists/change-domain-of-list.mdwn
trunk/sviki/fsf/tickets/lists/create-list.mdwn
trunk/sviki/fsf/tickets/lists/decommission-list.mdwn
trunk/sviki/fsf/tickets/lists/import-list.mdwn
trunk/sviki/fsf/tickets/lists/recover-spam.mdwn
trunk/sviki/fsf/tickets/lists/remove-me-from-all-lists.mdwn
trunk/sviki/fsf/tickets/lists/rename-list.mdwn
trunk/sviki/fsf/tickets/low-filesystem-space.mdwn
trunk/sviki/fsf/tickets/mediawiki/
trunk/sviki/fsf/tickets/mediawiki/form-dropdown-missing-entry.mdwn
trunk/sviki/fsf/tickets/mediawiki/manual-autoconfirm-user.mdwn
trunk/sviki/fsf/tickets/mirror/
trunk/sviki/fsf/tickets/mirror/mirror-out-of-date.mdwn
trunk/sviki/fsf/tickets/networking/
trunk/sviki/fsf/tickets/networking/reverse-ipv6.mdwn
trunk/sviki/fsf/tickets/raid/
trunk/sviki/fsf/tickets/raid/add-internal-bitmap.mdwn
trunk/sviki/fsf/tickets/raid/create-new-raid-array.mdwn
trunk/sviki/fsf/tickets/raid/disable-and-check-raid-badblocks.mdwn
trunk/sviki/fsf/tickets/raid/force-sync-array.mdwn
trunk/sviki/fsf/tickets/raid/remove-detached-drive.mdwn
trunk/sviki/fsf/tickets/raid/replace-drive-in-raid1-or-raid10.mdwn
trunk/sviki/fsf/tickets/raid/soft-reset-drive.mdwn
trunk/sviki/fsf/tickets/savannah/
trunk/sviki/fsf/tickets/savannah/delete-old-project-page.mdwn
trunk/sviki/fsf/tickets/sql/
trunk/sviki/fsf/tickets/sql/restore-flat-db-dump-file.mdwn
trunk/sviki/fsf/tickets/ssh/
trunk/sviki/fsf/tickets/ssh/filezilla-sftp.mdwn
trunk/sviki/fsf/tickets/ssh/no-matching-key-exchange-method-found.mdwn
trunk/sviki/fsf/tickets/ssl/
trunk/sviki/fsf/tickets/ssl/restart-service-after-cert-renewal.mdwn
trunk/sviki/fsf/tickets/trisquel/
trunk/sviki/fsf/tickets/trisquel/missing-packages-from-mirror.mdwn
trunk/sviki/fsf/tickets/trisquel/upgrade-to-nabia-wont-boot.mdwn
trunk/sviki/fsf/tickets/vcs/
trunk/sviki/fsf/tickets/vcs/delete-branch.mdwn
trunk/sviki/fsf/tickets/vcs/https_repo_out_of_date.mdwn
trunk/sviki/fsf/tickets/video/
trunk/sviki/fsf/tickets/video/transcode-videos.mdwn
trunk/sviki/fsf/tickets/web/
trunk/sviki/fsf/tickets/web/partial-login.mdwn
trunk/sviki/fsf/tickets/xmpp/
trunk/sviki/fsf/tickets/xmpp/cant-join-rooms.mdwn
trunk/sviki/fsf/tickets/xmpp/invalid-cert.mdwn
trunk/sviki/fsf/tickets/xmpp/please-enable-muc.mdwn
trunk/sviki/fsf/tickets/xmpp/room-management.mdwn
Added: trunk/sviki/fsf/tickets/awstats/long-lines-break-awstats.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/awstats/long-lines-break-awstats.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/awstats/long-lines-break-awstats.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,37 @@
+# long lines break awstats
+
+Description:
+
+ Cron <www-data@termite2p> /usr/local/bin/awstats-update |& grep -v
"awstats lock is busy"
+
+The fast solution is run the following command on log files, to remove overly
+long lines:
+
+ sed -i -e '/^.\{1024\}./d' /var/log/vhosts/209.51.188.FOO/apache-access.log
+
+This error may be caused by long log lines that get split by syslog-ng before
+sending them over UDP to termite.fsf.org. syslog-ng should support setting
+longer lines as an option, but because we're sending them over UDP, we don't
+want them larger than a UDP packet. Otherwise they could get mixed up on the
+receiving host.
+
+This issue did not obviously impact stats on the last two occurrences. If we
+see irregularities in the stats when this is a problem until logs are rotated,
+then we should update this page and make it a process to deal with this and to
+set up a workaround or solution.
+
+The right thing to do here in the long term is to find a way to tell Awstats to
+ignore invalid log lines. "SkipFiles" might be the right directive, but the
+second record in a broken line can always start with arbitrary text, so a regex
+would have to match an absence of an ip address.
+
+Check the awstats history for the affected host. if stats are missing or far
+less than usual over one or more days, then you'll have to re-play old logs
+with a backup of the awstats data file before it broke:
+
+To do this, turn off the awstats cron job until you're done fixing the issue.
+Then fetch the awstats file and log files if they're too old to be still on
+termite. Then put the data file in the usual place, then change the path to the
+log files that you want to play. Cat the old logs into one log file. Edit the
+log files so they don't contain the corrupted data, then run the command to
+update the data file. Check the web page for the stat history.
Added: trunk/sviki/fsf/tickets/conferences/low-res-scaling-and-audio.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/conferences/low-res-scaling-and-audio.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/conferences/low-res-scaling-and-audio.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,66 @@
+# LibrePlanet Low Resolution video streaming
+
+Create the following script:
+
+```
+#!/bin/bash
+
+if [ $# -lt 1 ] || [ $# -gt 2 ] ; then
+ echo "usage $0 stream-room-neptune [--audio]"
+ exit 1
+fi
+
+audio_only=false
+if [ ! -z $2 ] ; then
+ if [ $2 == "--audio" ] ; then
+ audio_only=true
+ else
+ echo "usage $0 stream-room-neptune [--audio]"
+ exit 1
+ fi
+fi
+
+password=cheeW1Oh
+encoder_speed="ultrafast"
+
+mount="$1"
+src_url="http://live-master.fsf.org:8000/${mount}.webm";
+dest_url="icecast://source:${password}@live-master.fsf.org:8000/${mount}-lowres.webm"
+dest_ogg_url="icecast://source:${password}@live-master.fsf.org:8000/${mount}.ogg"
+
+while true; do
+ sleep 1
+ if wget $src_url -O - -q | grep . -q ; then
+
+ if [ "$audio_only" == "true" ] ; then
+ ffmpeg -f webm -re -i "${src_url}" \
+ -f ogv -reconnect_at_eof 1 -reconnect_streamed 1
-content_type audio/ogg \
+ -c:a copy -preset "${encoder_speed}" -deadline realtime
-threads 2 -error-resilient 1 \
+ -bufsize 100K -content_type audio/ogg -vn \
+ "${dest_ogg_url}"
+ else
+ ffmpeg -f webm -re -i "${src_url}" -vf scale=854:480 \
+ -f webm -reconnect_at_eof 1 -reconnect_streamed 1
-content_type video/webm -cluster_time_limit 5100 -cluster_size_limit 1M \
+ -c:a copy -b:v 500k -preset "${encoder_speed}" -deadline
realtime -threads 2 -error-resilient 1 \
+ -maxrate 500k -bufsize 1M -content_type video/webm -c:v
libvpx \
+ "${dest_url}"
+ fi
+
+ else
+ echo $(date): ${src_url} is not live on live-master.fsf.org
+ fi
+done
+```
+
+Set the password for the source user from the live-master icecast server.
+
+Execute like so:
+
+ ./low-res-scaling-480p.sh stream-room-neptune
+
+ # for audio:
+
+ ./low-res-scaling-480p.sh stream-room-neptune --audio
+
+This script should run on a server such as lowres0p.fsf.org during the
+conference. This lowers our bandwidth, and reduces load on streamers.
Added:
trunk/sviki/fsf/tickets/cryptocurrencies/bitcoin-litecoin-get-full-history.mdwn
===================================================================
---
trunk/sviki/fsf/tickets/cryptocurrencies/bitcoin-litecoin-get-full-history.mdwn
(rev 0)
+++
trunk/sviki/fsf/tickets/cryptocurrencies/bitcoin-litecoin-get-full-history.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,21 @@
+# get full bitcoin / litecoin transaction history
+
+Litecoin:
+
+```
+su -c "litecoin-cli listtransactions '*' 1000000" litecoin | jq ".[] |
select(.confirmations >= 1) | [ .amount, .time, .address, .label, .txid ] |
@csv " | sed -e 's/\\"//g; s/"//g' | while read line ; do seconds="$(echo
"$line" | awk -F, '{ print $2 }')"; timestamp="$(date -Iseconds -d @$seconds)";
echo "$line" | sed -e "s/$seconds/$timestamp/"; done | tee
/tmp/litecoin-history ; echo "amount,time,address,label,trxnid" | cat -
/tmp/litecoin-history | sponge /tmp/litecoin-history
+```
+
+```
+su -c "bitcoin-cli listtransactions '*' 1000000" bitcoin | jq ".[] |
select(.confirmations >= 1) | [ .amount, .time, .address, .label, .txid ] |
@csv " | sed -e 's/\\"//g; s/"//g' | while read line ; do seconds="$(echo
"$line" | awk -F, '{ print $2 }')"; timestamp="$(date -Iseconds -d @$seconds)";
echo "$line" | sed -e "s/$seconds/$timestamp/"; done | tee /tmp/bitcoin-history
; echo "amount,time,address,label,trxnid" | cat - /tmp/bitcoin-history | sponge
/tmp/bitcoin-history
+```
+
+For bitcoin, change the two mentions of `litecoin` to `bitcoin` above.
+
+
+Get just the last $days of donation amounts:
+
+```
+days=60; min=$(( $(date -d "$(date +%F) 0" +%s) - 60*60*24*days))
+su -c "bitcoin-cli listtransactions '*' 1000" bitcoin | jq ".[] |
select(.confirmations >= 1) | select(.time >= $min) | select(.category ==
\"receive\")" | tee /tmp/bitcoin-history-range
+```
Added: trunk/sviki/fsf/tickets/cups/delete-jobs.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/cups/delete-jobs.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/cups/delete-jobs.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,14 @@
+# CUPS: delete jobs
+
+If there are jobs on a vm other than printserver1, then ssh in and delete them
+with these commands:
+
+ lpstat
+ # output: HPLaserJet0-21379 ...
+ lprm 21379
+
+For jobs held by printers:
+
+ lpstat -o
+ # output: HPLaserJet1-36975 ...
+ cancel HPLaserJet1-36975
Added: trunk/sviki/fsf/tickets/dns/savannah.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/dns/savannah.mdwn (rev 0)
+++ trunk/sviki/fsf/tickets/dns/savannah.mdwn 2023-12-06 21:04:15 UTC (rev
686)
@@ -0,0 +1,10 @@
+# Savannah DNS
+
+Savannah admins perfer to be the ones who make changes to their own DNS
+records. If we are provisioning a new server for them, create the reverse / PTR
+records in our bind repo, and then share them with the volunteer requesting the
+server. Then Savannah volunteers create the forward records so we can create
+the vm for them, add to ansible, etc.
+
+The way for us (or anyone) to make changes to Savannah A / AAAA / forward
+records is documented here: <https://savannah.gnu.org/maintenance/DNS/>
Added:
trunk/sviki/fsf/tickets/dns/sysadmins-to-notify-before-moving-ns1.gnu.org.mdwn
===================================================================
---
trunk/sviki/fsf/tickets/dns/sysadmins-to-notify-before-moving-ns1.gnu.org.mdwn
(rev 0)
+++
trunk/sviki/fsf/tickets/dns/sysadmins-to-notify-before-moving-ns1.gnu.org.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,19 @@
+# sysadmins to notify before changing ns1.gnu.org's IP address
+
+ns1.gnu.org is a zone master for most fsf, gnu domains, etc, but there are a
+couple exceptions. we delegate that role to savanah and guix admins for their
+own subdomains, of which we are slaves. however, they still point to our dns
+servers as being the authoritative name servers. so that means that they can
+change their dns records, and we then serve them.
+
+the upshot of this is that if we ever change the ip address of ns1.gnu.org, or
+if it goes offline, we need to notify the admins responsible for configuring
+their servers to transfer their zones to the new ip address of our ns1.gnu.org
+server. this must be coordinated well in advance, to avoid any downtime. see
+the email addresses in `bind.git/named.conf.slaves-ns1`.
+
+it may be possible for them to configure their dns server to send to the new
+and old address before the changeover occurs. also, we may need to convert the
+new ns1.gnu.org, or whatever replaces it, into a primary rather than secondary
+name server, because we give those machines different configs regarding zone
+transfers, etc. see the script in `bind.git/oob-push-slaves.sh`.
Added: trunk/sviki/fsf/tickets/dns/volunteer-admins.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/dns/volunteer-admins.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/dns/volunteer-admins.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,31 @@
+
+
+To allow volunteers in the dnsadmin group to alter the bind config:
+
+```
+cd /etc/bind
+shopt -s extglob
+chown -Rh dnsadmin !(rndc.key)
+mv /etc/sudoers.d/dnsadmin.disabled /etc/sudoers.d/dnsadmin
+```
+
+And to remove access:
+
+```
+cd /etc/bind
+shopt -s extglob
+chown -Rh root !(rndc.key)
+mv /etc/sudoers.d/dnsadmin /etc/sudoers.d/dnsadmin.disabled
+```
+
+
+Note in the post-receive hook, there are some commands that do initial
+bind setup. Those will fail when volunteers do a git push, but it is
+safe to ignore them, since bind is already setup. Currently, they are
+
+```
+cd /var/lib/bind/
+mkdir -p masters
+ln -sf /etc/bind/masters/db.fsf.org-sshfp masters/
+ln -sf /etc/bind/masters/db.gnu.org-sshfp masters/
+``
Added: trunk/sviki/fsf/tickets/email/exim-ban.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/email/exim-ban.mdwn (rev 0)
+++ trunk/sviki/fsf/tickets/email/exim-ban.mdwn 2023-12-06 21:04:15 UTC (rev
686)
@@ -0,0 +1,84 @@
+# Blocking email in exim
+
+## Deploying
+
+If the exim config has a syntax error, systemctl reload exim4 will fail
+with no harm because it will fail on generating the config. Fencepost is
+the only old exim that uses /etc/exim4/exim4.conf.
+
+However, acls can have errors within them that prevent exim from
+processing messages. Tail the mainlog and look for errors. Check the
+paniclog. Ian knows how to test acls, he can help.
+
+
+## Block list files
+
+Mailman blocklist is at
+`roles/exim/files/mx/simple/etc/exim4/mailman-blocklist` see the comments.
+
+Sender domain blocks are documented at
+<https://brains.fsf.org/wiki/sysadmin/kb/blocked_email_domains_instructions/>
+
+Sender full address blocks are in ansible at
+`roles/exim/files/mx/simple/etc/exim4/bad-senders`.
+
+The full address and domain blocks are matched against the "rcpt from"
+address, and the From: header. No globbing or pattern matching will work
+except the "*." prefix for domain blocks, as described in the
+instructions for that file. To do pattern matching, you need to add a
+custom acl statement.
+
+
+## Custom acl statements
+
+### Based on sender address
+
+Blocking on sender envelope should be done in
+`roles/exim/files/mx/econf/rcpt_local_acl`. Blocking on headers must be done
+in `roles/exim/files/mx/econf/data_local_acl`. See those files for
+examples.
+
+A thorough block will block on "rcpt from" aka "envelope from" and the
+From: header. If both would work and its just a spammer, its not
+important to block both. Lean toward an rcpt block if you are just doing
+one. Note, our exim puts the the envelope/rcpt from address into the
+Return-path: header.
+
+
+### deny vs discard
+
+Use reject unless
+
+* Reject is causing the sender to retry and ddos us. Otherwise, reject
+ takes less resources, especially in the rcpt acl.
+* You suspect the sender to be crafty or targeting us, and there is
+ no chance of a false positive. Reject lets the sender know their
+ message didn't go through
+
+
+### logging
+
+```
+reject
+ message = fsfrule 28
+ ...
+```
+
+Only works with reject. Aim to use this first. This message will be part
+of the smtp error code the sender can see and logged in the exim
+log. It shouldn't tell the sender exactly whats wrong, but can include
+asking them to email sysadmin@fsf.org for more details, and perhaps
+telling them its their address or domain, so they can figure out how to
+get a mail through to that.
+
+
+```
+discard
+ log_message = fsfrule 29
+ ...
+```
+
+Use `log_mesage` whenever `message =` is not appropriate.
+
+
+some tags for searchability: spam blacklist deny discard
Added: trunk/sviki/fsf/tickets/email/exim-deliver-all-queued-messages.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/email/exim-deliver-all-queued-messages.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/email/exim-deliver-all-queued-messages.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,9 @@
+# exim deliver all queued messages
+
+ mailq
+
+ exiqgrep -i | xargs -I {} exim -M {}
+
+Don't leave out the `q` in `exiqgrep` ^.
+
+(Inspired by <https://bradthemad.org/tech/notes/exim_cheatsheet.php>)
Added: trunk/sviki/fsf/tickets/email/exim-paniclog.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/email/exim-paniclog.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/email/exim-paniclog.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,81 @@
+[[!meta description="Subject: exim paniclog on SOME\_HOST has non-zero size"]]
+
+# exim paniclog on SOME\_HOST has non-zero size
+
+Investigate immediately! This ticket recurs often. This usually
+happens during a log rotate. Usually either exim will fail to write a log or
+clamav will fail to communicate with exim. If this only happens for a
+brief few seconds, this is acceptable and can be resolved without a
+message.
+
+## Always clear the paniclog so a ticket isn't created again the next day
+
+ tee -a /var/log/exim4/paniclog-archive </var/log/exim4/paniclog; echo -n
>/var/log/exim4/paniclog
+
+## eggs.gnu.org clamd unable to connect to UNIX socket
+
+The panic log reads several lines that look like this:
+
+```
+2019-05-23 09:36:41 [25461] 1xXxxx-0001xx-X1 malware acl condition: clamd:
unable to connect to UNIX socket /var/run/clamav/clamd.ctl (Connection refused)
+```
+
+Log into eggs.
+
+ ssh root@eggs.gnu.org
+
+See if `clamd` is running.
+
+ ps -ef | grep -i clamd
+
+Restart clamd, if `clamd` is not running.
+
+ /etc/init.d/clamav-daemon restart
+
+If clamd is running, everything is ok. clamd probably got stuck on scanning a
message or attachment. Resolve the ticket.
+
+## Cannot open log file error
+
+This is an ignorable error. This happens from time to time when the
+mainlog is being rotated. There will be a random message or few, then
+the error about the log file and that will be the only messages in the
+paniclog. You can verify by looking at the timestamp of the rotated log
+and the timestamp of the error message. If this only happens for a
+brief few seconds, this is acceptable and can be resolved without a
+message.
+
+## pipeheader smtp error
+
+At least one message should be retried.
+
+This could be caused by an overloaded system that requires adding memory or
cpu or rebooting.
+
+```
+2020-07-28 17:41:19.892 [30256] 1k0XKc-0007nv-GI Delivery status for
redacted@redacted.info: got 0 of 7 bytes (pipeheader) from transport process
30349 for transport smtp
+2020-07-28 17:43:45.521 [31666] 1k0XMv-0008DR-PP Delivery status for
redacted@redacted.info: got 0 of 7 bytes (pipeheader) from transport process
31675 for transport smtp
+```
+
+If there are just a few all with the same recipient, its probably a
+problem with the recipient's mail server. But, this always results in
+the message getting frozen and we generally want to do a retry, then
+check if they had the same error. If they result in the same error,
+unless they really look like they should be working (eg: they are to
+gmail or something), just clear the paniclog and leave them frozen. You
+can investigate the message more by doing exim -Mvh MESSAGEID and exim
+-Mvb MESSAGEID
+
+
+```
+exim -M 1k0XKc-0007nv-GI 1k0XMv-0008DR-PP
+cat /var/log/exim4/paniclog
+```
+
+If you suspect there is an overload problem, load up munin stats for
+that period. Do an immediate retry of some messages and watch the
+log:
+
+```
+tail -f /var/log/exim4/mainlog | grep 1k0XKc-0007nv-GI
+# separate terminal:
+exim -M 1k0XKc-0007nv-GI
+```
Added:
trunk/sviki/fsf/tickets/email/exim-string_sprintf-expansion-was-longer-than-32768.mdwn
===================================================================
---
trunk/sviki/fsf/tickets/email/exim-string_sprintf-expansion-was-longer-than-32768.mdwn
(rev 0)
+++
trunk/sviki/fsf/tickets/email/exim-string_sprintf-expansion-was-longer-than-32768.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,14 @@
+[[!meta description="exim paniclog string_sprintf expansion was longer than
32768"]]
+
+Afaik: due to messages with very long headers, there is nothing bad
+about this other than messing with our logs. You can assume these
+messages are spam, I've verified by looking at one.
+
+This could theoretically be used to exploit a security issue called
+stack clash. There are no published exploits for remote code
+execution, but it's been posited that it is theoretically possible. If this is
+happening several times per minute, look into stopping it
+for security sake. Of course, an exim upgrade would certainly fix it.
+
+Reference:
+https://lists.gt.net/exim/users/91714?page=last
Added: trunk/sviki/fsf/tickets/email/mail.fsf.org-aliases.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/email/mail.fsf.org-aliases.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/email/mail.fsf.org-aliases.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,11 @@
+# Adding an exim alias for domains with mail.fsf.org as MX
+
+1. In ansible, edit `roles/exim/files/fsfmail/simple/etc/aliases-DOMAIN`
+ where DOMAIN is the domain.
+
+ You can redirect a set of similar domains with one file by
+ symlinking. For example, see `ls -la roles/exim/files/fsfmail/simple/etc`
+
+1. Add the domain to `group_vars/fsfmail` under `exim4_local_domains:`
+
+1. Run the `exim` ansible role for mail.fsf.org
Added: trunk/sviki/fsf/tickets/email/new-sending-ip.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/email/new-sending-ip.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/email/new-sending-ip.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,52 @@
+# To transition sending email to a new ip or range
+
+Send a certain percent of messages on the new and old ip. To do this on one
machine which has both ips,
+add these to the remote smtp transports. For example, in
`/etc/exim4/conf.d/transports.conf` depending on the config setup.
+
+
+
+
+```
+helo_data = ${lookup dnsdb
{ptr=$sending_ip_address}{$value}{$primary_hostname}}
+interface = ${if < {${randint:1000}}{3} {209.51.188.17}{208.118.235.17}}
+```
+
+In this example the new ip is 209.51.188.17 and the old is 208.118.235.17 and
+this makes it send 3/1000 messages on the new ip.
+
+Progression should be slowly increasing. We used this daily sequence
+change in the 2018/2019 change: 5 10 15 20 30 40 60 80 120 160 220 320
+480 640 860 1000
+
+For exim about 4.71 or earlier, the rng is bad or nonexistent, so use this
instead.
+
+```
+interface = ${if <= {${run{/usr/bin/python -c "import random; import sys;
sys.stdout.write(str(random.randint(1,1000)))"}}}{5}
{209.51.188.13}{208.118.235.13}}
+```
+
+For testing on the normal mail servers, i did this config and test message:
+
+```
+interface = ${if eq {iankelling.org}{$domain} {209.51.188.13}{208.118.235.13}}
+echo "test body" | mail -s "test mail from $HOSTNAME" ian@iankelling.org
+```
+
+and to verify the helo, i ran this
+
+```
+ exim -d -t <<'EOF'
+From: root@gnu.org
+To: ian@iankelling.org
+Subject: Testing Exim
+
+This is a test message.
+EOF
+```
+
+For testing config changes, run update-exim4.conf, which will affect
+subsequent runs of exim, for example when you send a test message, or
+when new queue runners are spawned, but it won't restart existing
+processes, thus it will have a less detrimental affect if things are
+wrong. There are better ways to test new configs where the new queue
+runner's won't pick it up, but I haven't figured it out yet. After a
+change is tested, restart exim.
\ No newline at end of file
Added: trunk/sviki/fsf/tickets/email/not-delivered.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/email/not-delivered.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/email/not-delivered.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,13 @@
+# X email didn't go through
+
+* Find the email in the eximlog. /var/log/exim4/mainlog (on our
+ mailservers, theres a symlink /el/mainlog).
+
+* If exim log says `C="250`, their mail server accepted it. In that
+ case:
+ * If it was
+ from civicrm, check if it bounced (they get processed every 5
+ minutes):
+ `grep -ri RECIPIENT_ADDR
/var/www/drupal-and-civi/sites/default/files/civicrm/custom/CiviMail.*`
+ * Have the recipient check the spam folder.
+ * Get it sent again with you cced you so you can inspect the headers.
Added: trunk/sviki/fsf/tickets/email/set-up-vacation-responder.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/email/set-up-vacation-responder.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/email/set-up-vacation-responder.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,29 @@
+# Set up vacation responder
+
+[Brains link for
staff](https://brains.fsf.org/wiki/tools/email-clients/?updated#index5h1)
+
+Login to `mail.fsf.org`.
+
+ ssh root@mail.fsf.org
+
+Add a `USERNAME.msg` file containing the response in
+`/etc/exim4/vacation/fsf.org/`. Where `USERNAME` is their email in lowercase.
+
+ vim /etc/exim4/vacation/fsf.org/USERNAME.msg
+
+Example `USERNAME.msg`:
+
+```
+I will be out of the office June 3-7, back on June 10.
+```
+
+Check their text for grammatical mistakes.
+
+Send them a test email.
+
+Check to see if their log file has a new entry after your email.
+
+ tail -f /var/archive/vacation/fsf.org/USERNAME.log
+
+Delete the `/var/archive/vacation/fsf.org/user.db` file on `mail.fsf.org` so
+people will be notified again about this particular vacation. (This files does
not exist?)
Added: trunk/sviki/fsf/tickets/esd/fix-links-from-missing-translations.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/esd/fix-links-from-missing-translations.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/esd/fix-links-from-missing-translations.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,19 @@
+Example: [[!rt 1976061]]
+
+We got a new translation and the link doesn work. Everything looks right on
the git and cron side of things.
+
+Login.
+
+ ssh root@emailselfdefense.fsf.org
+
+Edit this file.
+
+ vim /etc/apache2/sites-available/emailselfdefense1p.fsf.org-ssl.conf
+
+Change a file like this similar change for Italian.
+
+ #Alias /it /var/www/enc-live/missing
+
+Reload apache.
+
+ systemctl reload apache2.service
Added: trunk/sviki/fsf/tickets/esd/fix-links-from-tor-to-clearnet.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/esd/fix-links-from-tor-to-clearnet.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/esd/fix-links-from-tor-to-clearnet.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,19 @@
+# fix ESD / enc links from Tor to clearnet
+
+on `emailselfdefense.fsf.org`, there is a script which gets run on a regular
+basis, and creates a Tor version of translated pages by replacing links to the
+clearnet.
+
+One of the things the script does for each language is to replace the link to
+the Onion service with a link pointing back to the clearnet, including the
+visible text part of the link. If you get an error message like `missing
+language conversion (we have 6 / 8)`, then we need to add or edit translation
+strings so they match.
+
+Lines to edit or add in `/root/scripts/esd-to-tor.sh` look like:
+
+ rewrite_tor_link_to_clearnet "en" "This site's tor onion service"
"This site's clearnet URL"
+ rewrite_tor_link_to_clearnet "es" "El servicio tor onion de este
sitio" "La URL de clearnet de este sitio"
+
+The first bit of text that gets replaced on the Tor site must exactly match the
+string that is in the original translated page.
Added: trunk/sviki/fsf/tickets/firewall/xtables-lock.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/firewall/xtables-lock.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/firewall/xtables-lock.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,8 @@
+# Fix xtables lock error for ufw
+
+*ERROR: problem running iptables: Another app is currently holding the xtables
+lock. Perhaps you want to use the -w option?*
+
+```
+ufw disable; iptables -F; iptables -X; ip6tables -F; ip6tables -X; ufw enable
+```
Added: trunk/sviki/fsf/tickets/git/corrupted-files.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/git/corrupted-files.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/git/corrupted-files.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,19 @@
+# git corrupted files
+
+Run this in the git repo to check the git objects in a bare repo, or in `.git`
+of a normal repo:
+
+ git fsck
+
+The above command doesn't always correct checked out files in a regular repo,
+so the cache must be cleared. **(Uncommited changes will be lost!)**
+
+ git rm -r --cached .
+ git reset --hard
+
+If you want to automate that command on a directory containing many git
+subdirectories:
+
+ ls */.git -d | sed -e "s:/.git$::" | sort > repos-in-this-dir
+
+ while read line ; do echo NEXT $line ; cd $line ; git rm -r --cached . ;
git reset --hard ; cd .. ; done < repos-in-this-dir 2>&1 | less
Added: trunk/sviki/fsf/tickets/gmg/delete-entry.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/gmg/delete-entry.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/gmg/delete-entry.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,24 @@
+# delete entry on gnu mediagoblin
+
+this might be useful if a process fails to complete, or if there is a server
+error when visiting an entry.
+
+you might want to query the data in these tables to find the media file you
+need to delete too. these lines could be added to a script the next time this
+process is needed.
+
+ select * from core__media_entries where slug =
'reuse-simple-steps-to-declare-your-copyright-and-licenses-audio-only';
+ delete from core__media_entries where slug =
'reuse-simple-steps-to-declare-your-copyright-and-licenses-audio-only';
+ # complaint about table constraint on id 2526
+
+ select * from core__comment_subscriptions where media_entry_id = 2526;
+ delete from core__comment_subscriptions where media_entry_id = 2526;
+
+ select * from core__media_tags where media_entry = 2526;
+ delete from core__media_tags where media_entry = 2526;
+
+ select * from core__mediafiles where media_entry = 2526;
+ delete from core__mediafiles where media_entry = 2526;
+
+ delete from core__media_entries where slug =
'reuse-simple-steps-to-declare-your-copyright-and-licenses-audio-only';
+ # success
Added: trunk/sviki/fsf/tickets/gnu/new-gnu-package-request.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/gnu/new-gnu-package-request.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/gnu/new-gnu-package-request.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,4 @@
+# new gnu package request
+
+Point people who would like to add a new package to GNU here:
+<https://www.gnu.org/help/evaluation.html>
Added: trunk/sviki/fsf/tickets/hardware/buying-ssds.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/hardware/buying-ssds.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/hardware/buying-ssds.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,24 @@
+# Hardware: buying SSDs
+
+Ruben wants us to buy Intel SSDs for all of our production servers. (Hard
drives
+are of course acceptable where we need large data storage).
+
+## Acceptable models for production
+
+### Ceph data storage
+
+Ask Ruben about his preference and document it here.
+
+### Server root FS
+
+* Intel
+ * Specific model doesn't make a big difference
+* Samsung
+ * They are okay for this purpose. Ruben doesn't have a strong preference in
+ this case.
+
+## Places to buy SSDs
+
+* <https://neweggbusiness.com>
+* <https://www.allhdd.com>
+* ???
Added: trunk/sviki/fsf/tickets/irc/block-unregistered-users.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/irc/block-unregistered-users.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/irc/block-unregistered-users.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,41 @@
+# block unregistered users
+
+## get info about modes
+
+<https://libera.chat/guides/channelmodes>
+
+ /msg ChanServ info #libreplanet
+
+## block unregistered users
+
+Users can't join, but if they're already there, they maintain access and are
+able to speak.
+
+Get current modes, using the `info` command above. If your modes are
+`+ntc-slk`, then add them to `+r`:
+
+ /msg ChanServ set #libreplanet mlock +ntcr-slk
+
+Or if your channel isn't using ChanServ:
+
+ /mode #libreplanet +r
+
+### unset modes set above
+
+Get current modes, using the `info` command above. If your modes are
+`+ntcr-slk`, then remove the `+r`:
+
+ /msg ChanServ set #libreplanet mlock +ntc-slk
+
+Or if your channel isn't using ChanServ:
+
+ /mode #libreplanet -r
+
+## quiet unregistered users
+
+**these instructions aren't working. ask for help in #libera.**
+
+<strike>Unregistered users can join, but only ops can hear them.
+
+Get current modes, using the `info` command above. If your modes are
+`+ntc-slk`, then add them to `+qz $~a`</strike>
Added: trunk/sviki/fsf/tickets/irc/require-registered-account-for-voice.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/irc/require-registered-account-for-voice.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/irc/require-registered-account-for-voice.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,11 @@
+# require registered account for voice
+
+One possible issue with this is that people might post to our channel, but
+might not realize that nobody else can see what they are saying. It may
+generally be better to require registration in order to connect to a channel if
+needed, so that there will be feedback about the error condition.
+
+ <Fuchs> bokchoy: you can use +q $~a for that, $ is extban syantax
(/quote help extban), $~a matches all unidentified users
+ <Fuchs> again, voice would override that, so you can voice trusted / nice
users who don't have an account
+
+If you get stuck, ask for help on `#libera`.
Added: trunk/sviki/fsf/tickets/irc/secure-channel.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/irc/secure-channel.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/irc/secure-channel.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,37 @@
+# secure irc channel
+
+<https://libera.chat/guides/channelmodes>
+
+this guide is not complete. here are a few useful commands:
+
+register a new channel with chanserv:
+
+ /msg chanserv register #channel-name
+
+become an operator:
+
+ /msg chanserv op #channel-name
+
+To give full admin and founder status to a trusted staff member:
+
+ /msg chanserv flags #channel-name sudoman +AFRefiorstv
+
+this command reserves the channel even if everyone logs out:
+
+ /msg chanserv set #channel-name guard on
+
+this command should set secret mode so it isn't listed in `/whois` or `/msg
+alis list foo`:
+
+ /mode #channel-name +s
+
+if it gets immediately unset by chanserv, run these commands:
+
+ /msg chanserv info #channel-name
+
+Then copy and paste the mode into the next command, moving `s` from `-` to `+`:
+
+ /msg chanserv set mlock #channel-name +ntcs-lk
+
+To require, or allow lack of, registration / identification with NickServ, use
+the above methodology, but with the `r` flag.
Added: trunk/sviki/fsf/tickets/jitsi-meet/count-room-use.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/jitsi-meet/count-room-use.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/jitsi-meet/count-room-use.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,14 @@
+# Count room use
+
+We want to search 7 daily archived logs:
+
+ ls -lh syslog.*
+
+The command to do the counting:
+
+ cat /var/log/syslog.1|grep room=|sed 's/.*room=//;s/ .*//'|sort -u |wc -l
+ for x in /var/log/syslog.*gz; do zcat $x|grep room=|sed 's/.*room=//;s/
.*//'|sort -u |wc -l ; done
+
+ python3
+ >>> (16 + 20 + 37 + 24 + 24 + 17 + 30) / 7
+ 24.0
Added: trunk/sviki/fsf/tickets/lists/change-domain-of-list.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/lists/change-domain-of-list.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/lists/change-domain-of-list.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,14 @@
+# On the same server, change list domain
+
+eg, from nongnu.org to gnu.org
+
+In the list general settings, change the domain.
+
+On the server
+
+```
+sudo -i -u list
+cd ~/mailman/lists/LIST/domains
+mv nongnu.org gnu.org
+withlist -l -r fix_url LIST -v
+```
Added: trunk/sviki/fsf/tickets/lists/create-list.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/lists/create-list.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/lists/create-list.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,11 @@
+# Creating a new list
+
+Do not use the web interface. Instead:
+
+```
+ssh root@lists.(fsf|gnu).org
+sudo -i -u list
+./mycreate_list.pl
+```
+
+In general, project maintainers/owners can create additional lists for their
project. They can try through savannah, if that doesn't work, we can do it.
Added: trunk/sviki/fsf/tickets/lists/decommission-list.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/lists/decommission-list.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/lists/decommission-list.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,13 @@
+# Decommissioning a mailman list
+
+Disable email to the list, eg:
+```
+~/mailman/lists/ludap-cvs/domains$ mv nongnu.org nongnu.org-disabled
+```
+
+Then, turn of advertised at
+
+https://lists.gnu.org/mailman/admin/LIST/privacy
+
+Optionally, add a redirect to a new url at
+`ansible-configs/roles/mailman/files/all-lists-common.conf`
Added: trunk/sviki/fsf/tickets/lists/import-list.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/lists/import-list.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/lists/import-list.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,22 @@
+# Importing list archives from another mailman server
+
+1. Get the mbox formatted list archives from the other server
+1. Create the new list
+1. example of importing the list archives
+
+```
+scp userops.mbox lists.gnu.org:
+ssh root@lists.gnu.org
+chown mharc:mharc userops.mbox
+mv userops.mbox /home/mharc
+sudo -i -u mharc
+export LISTNAME=mediagoblin-userops
+formail -s /usr/bin/procmail -p /home/mharc/procmailrc.mailman <userops.mbox
+# wait for archiving cronjob to run, or turn it off and run manually:
+/home/mharc/bin/web-archive -verbose |& tee -a /home/mharc/log/web-archive.log
+cd ~list/mailman/archives/private
+mkdir mediagoblin-userops
+cd mediagoblin-userops
+mv /home/mharc/userops.mbox mediagoblin-userops.mbox
+chown list:list mediagoblin-userops.mbox
+```
Added: trunk/sviki/fsf/tickets/lists/recover-spam.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/lists/recover-spam.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/lists/recover-spam.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,3 @@
+# subject: Message never made it to mailing list
+
+On the lists server, in the exim log, it will say router is
take_sa_hint_router if we misclassified it as spam. Find the message file in
/spam/LIST/new. If the message's to, cc, and bcc are just local lists, then run
`exim -i -t <FILE` (it will take the destination from those fields). If those
fields have other addresses in it, then run `exim -i listaddress
[listaddress2...] <FILE`, so that it only delivers to the list(s).
Added: trunk/sviki/fsf/tickets/lists/remove-me-from-all-lists.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/lists/remove-me-from-all-lists.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/lists/remove-me-from-all-lists.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,34 @@
+# Mass removal from mailman lists
+
+
+Checking what lists some email addresses are subscribed to:
+
+```
+declare -A ba
+ba[a@example.com]=t
+ba[a2@example.com]=t
+cd /home/list/mailman/bin
+time for list in $(./list_lists -b); do for m in $(./list_members $list); do
if [[ ${ba[$m]} ]]; then echo $list $m; fi; done; done
+```
+
+For example, removing 2 addresses from all @gnu.org lists.
+
+```
+list@lists1p:~/mailman/lists$ for x in */domains/gnu.org; do l=${x%%/*};
../bin/remove_members $l mattl@gnu.org mattl@cnuk.org; done
+```
+
+If someone wanted removal from all mailman lists we run, remove the
+domains part, and run it on both our lists servers. Of course, they can
+always unsubscribe themselves.
+
+# Changing address
+
+Tell them to contact each list administrator of the private lists and have
+them check his identity and change the subscription. For public
+lists, they can just subscribe using the new address, and the old
+address will automatically be unsubscribed when it bounces.
+
+Changing an address could be scripted, similar to removal from all
+lists. If the number of lists is small, the best way is to use admin
+interface for each list to subscribe new address and remove subscription of
+old address. Example: [[!rt 1975207]]
Added: trunk/sviki/fsf/tickets/lists/rename-list.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/lists/rename-list.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/lists/rename-list.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,46 @@
+# Renaming a list
+
+Based on
+<https://wiki.list.org/DOC/4.70%20How%20do%20I%20change%20the%20name%20of%20%28rename%29%20a%20list%3F>
and how we do things:
+
+Post to the list that it is being renamed, and for a few minutes it
+might not be working properly and they should avoid it. If this list
+gets lots of posts, then you may want to do something to prevent new
+posts, or might want to script all the below stuff so it gets done very
+fast. Also mention that old listinfo and archive urls will be
+redirected, but other urls wont be.
+
+As root:
+
+```
+oldlist=x
+newlist=y
+cd /var/lib/mailman
+mv lists/$oldlist lists/$newlist
+mv archives/private/$oldlist archives/private/$newlist
+mv archives/private/$oldlist.mbox archives/private/$newlist.mbox
+mv archives/private/$newlist.mbox/$oldlist.mbox
archives/private/$newlist.mbox/$newlist.mbox
+```
+
+Manually run the appropriate cronjob from `/etc/cron.d/mailman-export`
+
+As mharc:
+
+```
+cd ~/mbox
+mv OLDLIST NEWLIST
+```
+
+Regenerate the archive using commands from [[Tickets/lists/edit-lists-archive]]
+
+Add redirects to the `all-lists-common.conf` apache file and reload
+apache. See the ring -> jami rename for example.
+
+If you want the old address to continue working, update
`ansible-configs/roles/mailman/files/exim-conf.d/router/030_exim4-config_mailman_bogus`
for example, for erc-discuss rename to emacs-erc:
+
+```
+erc_rename:
+ driver = redirect
+ local_parts = erc-discuss
+ data = emacs-erc@gnu.org
+```
Added: trunk/sviki/fsf/tickets/low-filesystem-space.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/low-filesystem-space.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/low-filesystem-space.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,30 @@
+## Finding the big files/directory which are the problem:
+
+
+### Good commands to see disk usage:
+
+ shopt -s extglob
+ du -shc /!(proc|sys)
+ du -shc *|grep '\S*[MG]'|sort -g
+
+### If du is significantly different than df
+
+Try `lsof +L1` to show files open with less than 1 filesystem link to show
+files that have been deleted but are still taking up space. This can
+happen if you rm a log file which is being written to and is normally
+logrotated: it will continue to grow forever until the writing process
+is stopped. If you want to reduce the size of a log file like that,
+manually invoke logrotate, then you can safely delete the rotated file.
+
+### Misc
+
+You should never need this, but it's cool. To see space used underneath
+mount points, bind mount the parent mount somewhere else:
+
+ mount --bind / /mnt
+ du -sh /mnt
+
+## GNU Hope
+
+If the host is on GNU Hope and the filesystem does need more space,
+see instructions for expanding the filesystem with [[/hosts/physical/gnuhope/]]
Added: trunk/sviki/fsf/tickets/mediawiki/form-dropdown-missing-entry.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/mediawiki/form-dropdown-missing-entry.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/mediawiki/form-dropdown-missing-entry.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,7 @@
+Example report:
+CC-BY-SA 3.0 mysteriously not in license form
+
+The license was added recently, but the drop down didn't update to
+include it. I fixed it by making a trivial edit to
+https://directory.fsf.org/wiki?title=Form:Entry&action=edit then
+reverted it, this refreshes the license list.
Added: trunk/sviki/fsf/tickets/mediawiki/manual-autoconfirm-user.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/mediawiki/manual-autoconfirm-user.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/mediawiki/manual-autoconfirm-user.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,18 @@
+# manual autoconfirm user
+
+This might be based off of the registration date of the account. There are
+other criteria in the ACLs in the site config. Not sure how to update the
+database to get past that. Maybe specific edits to pages on the site must be
+done as that user first.
+
+## add user to "Trusted" grop
+
+Not sure if this works, but it's possible to add people to the "Trusted" group,
+which is rare on the wiki, and maybe can't be set via the web interface. This
+might entail more than the Admin or Bureaucrat roles.
+
+ select user_id, user_name, ug_group from user u inner join user_groups g
on u.user_id = g.ug_user where user_name = "Valessio" limit 10;
+
+In this case, the UID is `2556`.
+
+ insert into user_groups (ug_user, ug_group) values (2556, "Trusted")
Added: trunk/sviki/fsf/tickets/mirror/mirror-out-of-date.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/mirror/mirror-out-of-date.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/mirror/mirror-out-of-date.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,7 @@
+# alert: "mirror out of date"
+
+this may be in an issue with upstream, or it could be us failing to sync. to
compare to other mirrors, see:
+
+* <https://mirmon.trisquel.org/>
+ * <https://jenkins.trisquel.org/job/update-repositories/>
+* <https://www.parabola.nu/mirrors/>
Added: trunk/sviki/fsf/tickets/networking/reverse-ipv6.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/networking/reverse-ipv6.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/networking/reverse-ipv6.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,110 @@
+Issue: Reverse ipv6 lookups fail.
+
+Check all our dns servers to make sure they work. If they do, then
+contact hurricane electric using the info in [[Network]]. Here is what a
+working ipv6 reverse dns lookup looks like:
+
+
+```
+$ command dig +trace -x 2001:470:142:5::116
+
+; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> +trace -x 2001:470:142:5::116
+;; global options: +cmd
+. 477190 IN NS m.root-servers.net.
+. 477190 IN NS b.root-servers.net.
+. 477190 IN NS c.root-servers.net.
+. 477190 IN NS d.root-servers.net.
+. 477190 IN NS e.root-servers.net.
+. 477190 IN NS f.root-servers.net.
+. 477190 IN NS g.root-servers.net.
+. 477190 IN NS h.root-servers.net.
+. 477190 IN NS a.root-servers.net.
+. 477190 IN NS i.root-servers.net.
+. 477190 IN NS j.root-servers.net.
+. 477190 IN NS k.root-servers.net.
+. 477190 IN NS l.root-servers.net.
+. 477190 IN RRSIG NS 8 0 518400 20211120050000
20211107040000 14lX eEHS/VRPQra65v3yjIwI6134O/wbCgOtuT48H+GeTXfWyoIo+9FdyCLL
ii2/Dw==
+;; Received 525 bytes from 23.239.24.5#53(23.239.24.5) in 0 ms
+
+ip6.arpa. 172800 IN NS a.ip6-servers.arpa.
+ip6.arpa. 172800 IN NS b.ip6-servers.arpa.
+ip6.arpa. 172800 IN NS c.ip6-servers.arpa.
+ip6.arpa. 172800 IN NS d.ip6-servers.arpa.
+ip6.arpa. 172800 IN NS e.ip6-servers.arpa.
+ip6.arpa. 172800 IN NS f.ip6-servers.arpa.
+ip6.arpa. 86400 IN DS 13880 8 2
068554EFCB5861F42AF93EF8E79C442A86C1
+ip6.arpa. 86400 IN DS 45094 8 2
E6B54E0A20CE1EDBFCB6879C02F5782059CE
+ip6.arpa. 86400 IN DS 64060 8 2
8A11501086330132BE2C23F22DEDF0634AD5
+ip6.arpa. 86400 IN RRSIG DS 8 2 86400 20211121000000
20211107230000 523EOtTb
dWAZkS252DEOckKpMVD9SdLvbA26H5PfRoE84GQtnjm561QTNao4HxoG XDP8Dw==
+;; Received 937 bytes from 2001:500:200::b#53(b.root-servers.net) in 32 ms
+
+4.0.1.0.0.2.ip6.arpa. 86400 IN NS r.arin.net.
+4.0.1.0.0.2.ip6.arpa. 86400 IN NS u.arin.net.
+4.0.1.0.0.2.ip6.arpa. 86400 IN NS x.arin.net.
+4.0.1.0.0.2.ip6.arpa. 86400 IN NS y.arin.net.
+4.0.1.0.0.2.ip6.arpa. 86400 IN NS z.arin.net.
+4.0.1.0.0.2.ip6.arpa. 86400 IN NS arin.authdns.ripe.net.
+4.0.1.0.0.2.ip6.arpa. 86400 IN DS 28600 8 2
BA934D6DDB4EC89E0BE9DF44F6335688F9AB
+4.0.1.0.0.2.ip6.arpa. 86400 IN RRSIG DS 8 8 86400 20211122140044
20211101141337 451
+;; Received 437 bytes from 199.253.182.182#53(b.ip6-servers.arpa) in 32 ms
+
+0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN NS ns2.he.net.
+0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN NS ns3.he.net.
+0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN NS ns1.he.net.
+0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN NS ns5.he.net.
+0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN NS ns4.he.net.
+0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN NSEC 0.8.4.0.1.0.0.2.ip6.arpa. NS
RRSIG NSEC
+0.7.4.0.1.0.0.2.ip6.arpa. 10800 IN RRSIG NSEC 8 10 10800 20211122013335
20211108003335
+;; Received 475 bytes from 204.61.216.50#53(u.arin.net) in 1 ms
+
+2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN NS ns3.gnu.org.
+2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN NS ns1.gnu.org.
+2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 86400 IN NS ns2.gnu.org.
+;; Received 162 bytes from 2001:470:400::2#53(ns4.he.net) in 16 ms
+
+6.1.1.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 60
IN PTR wildebeest
+6.1.1.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 60
IN RRSIG PTR 7 34f08gstJ63Ddbp
6ULpIr08nYjQzUTvL3yHbuj7wHYk5u1RTAzg6auFKvBi/xr0ehq+Vc6J p/nhyF+HyiS8qYQYANCFO5P
+2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 60 IN NS ns1.gnu.org.
+2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 60 IN NS ns3.gnu.org.
+2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 60 IN NS ns2.gnu.org.
+2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 60 IN NS ns4.gnu.org.
+2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 60 IN RRSIG NS 7 14 60 20221104202022
20211104202022 367281sMl6ea5Are3LAVRN9TPQaor63korNX
vNmhHnbhOlhkG7TJ6ultO37lP+maZmf3IvJSDDt/e7POrFCFS6xyZ0w0 Cj/jE
+;; Received 995 bytes from 2001:470:142::163#53(ns2.gnu.org) in 44 ms
+
+li:/a $ command dig -x 2001:470:142:5::116
+
+; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> -x 2001:470:142:5::116
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9015
+;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
+
+;; OPT PSEUDOSECTION:
+; EDNS: version: 0, flags:; udp: 4096
+;; QUESTION SECTION:
+;6.1.1.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. IN
PTR
+
+;; ANSWER SECTION:
+6.1.1.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa. 60
IN PTR wildebeest1p.gnu.org.
+
+;; Query time: 136 msec
+;; SERVER: 23.239.24.5#53(23.239.24.5)
+;; WHEN: Sun Nov 07 23:16:11 EST 2021
+;; MSG SIZE rcvd: 135
+
+$ host 2001:470:142:5::116
+6.1.1.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.2.4.1.0.0.7.4.0.1.0.0.2.ip6.arpa
domain name pointer wildebeest1p.gnu.org.
+
+```
+
+If reverse ipv6 breaks, we should make exim only use ipv4 so we don't
+look like a bad server when others lookup our ip. That can be done with
+this in the main options:
+
+```
+dns_ipv4_lookup = *
+```
+
+and for that to work properly, if the exim servers accepts incoming
+mail, we should unpublish our aaaa record, so that we don't fail to
+verify incoming emails on ipv6 due to the exim setting.
Added: trunk/sviki/fsf/tickets/raid/add-internal-bitmap.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/raid/add-internal-bitmap.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/raid/add-internal-bitmap.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,8 @@
+# raid add internal bitmap
+
+ mdadm --grow --bitmap=internal /dev/md0
+
+if you get an error because the drive is auto read-only, you can run this
+first:
+
+ mdadm --readwrite /dev/md0
Added: trunk/sviki/fsf/tickets/raid/create-new-raid-array.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/raid/create-new-raid-array.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/raid/create-new-raid-array.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,6 @@
+# RAID Tickets: create new RAID array
+
+If you only have 1/2 drives for a RAID1, and you want to create a new array
+anyways:
+
+ mdadm --create /dev/md4 --level=1 --raid-devices=2 --bitmap=internal
/dev/sdc2 missing
Added: trunk/sviki/fsf/tickets/raid/disable-and-check-raid-badblocks.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/raid/disable-and-check-raid-badblocks.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/raid/disable-and-check-raid-badblocks.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,20 @@
+# disable and check raid badblocks
+
+For context, see
+<https://raid.wiki.kernel.org/index.php/The_Badblocks_controversy>. The issue
+is that using `--replace` on a RAID array can run into errors if the RAID
+badblocks feature is enabled (or is it only if there are bad blocks?)
+
+## checking for raid badblocks on the array
+
+Do this for each array member:
+
+ mdadm --examine-badblocks /dev/sdi1
+
+## Disabling badblocks
+
+This only works if there are no RAID bad blocks in the RAID array. The option
+to force removal of badblocks will apparently cause corruption. See the above
+article.
+
+ mdadm ... --assemble --update=no-bbl
Added: trunk/sviki/fsf/tickets/raid/force-sync-array.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/raid/force-sync-array.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/raid/force-sync-array.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,3 @@
+# force sync a raid array
+
+ check > /sys/block/mdXX/md/sync_action
Added: trunk/sviki/fsf/tickets/raid/remove-detached-drive.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/raid/remove-detached-drive.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/raid/remove-detached-drive.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,6 @@
+# RAID remove detached drive
+
+If you cannot remove a drive that has been been unplugged from the system, you
+can use the following command:
+
+ mdadm /dev/md0 --remove detached
Added: trunk/sviki/fsf/tickets/raid/replace-drive-in-raid1-or-raid10.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/raid/replace-drive-in-raid1-or-raid10.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/raid/replace-drive-in-raid1-or-raid10.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,35 @@
+# replace drive in raid1 or raid10
+
+When replacing a drive in a RAID array, it's generally best to have as many
+previously active disks in the array as possible before adding a new drive.
+This allows bad blocks to be handled properly, so syncing a new drive into an
+array is less likely to fail, and to prevent data loss.
+
+In that case, you should generally use the `--replace` option if the drive to
+be removed can remain within the array until the new disk is done syncing.
+(Then the replaced drive will automatically be kicked out when it's safe). An
+exception is when that drive is extremely slow, and slows down the entire
+array. Using it instead of `--fail` helps to avoid the rebuild failure risk
+that a degraded array poses. See the `mdadm` man page for details about the
+replace option.
+
+If a drive has failed in the RAID1 or RAID10 array, you should `--re-add` it
+before trying to overwrite data with `--add`, unless the array has no bitmaps.
+(Note that `--add` will attempt to `--re-add`, but if that fails, it will
+overwrite the header and bitmaps, which can lead to rebuild failures later).
+
+It's important that all of our arrays have
+[[bitmaps|/Tickets/raid/add-internal-bitmap]] to avoid lost data when an array
+becomes degraded. If the array has no bitmaps, you might as well attempt to
+`--add` the new drive and hope that there are no read errors from the array.
+
+Recently used at hal with these two commands:
+
+ mdadm --manage /dev/md122 --replace /dev/sdi1
+ mdadm --add /dev/md122 /dev/sdm1
+
+Worse case scenario:
+
+ mdadm /dev/md0 --fail /dev/sda1
+ mdadm /dev/md0 --remove failed
+ mdadm /dev/md0 --add /dev/sdc1
Added: trunk/sviki/fsf/tickets/raid/soft-reset-drive.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/raid/soft-reset-drive.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/raid/soft-reset-drive.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,20 @@
+[[!meta description="Subject: Soft reset hard drive"]]
+
+# soft-reset drive
+
+To reset a hard drive without physically removing it:
+
+ readlink /sys/block/sdX
+
+ ../devices/pci0000:00/0000:00:1f.2/**host1**/target1:0:0/1:0:0:0/block/sr0
+
+Force disconnect the device:
+
+ echo 1 > /sys/block/sdX/device/delete
+
+Notice the host1 in the returned line above. That’s the controller that needs
rescanned.
+Trigger rescan:
+
+ echo "- - -" > /sys/class/scsi_host/host1/scan
+
+<https://zedt.eu/tech/linux/soft-resetting-sata-devices-linux/>
Added: trunk/sviki/fsf/tickets/savannah/delete-old-project-page.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/savannah/delete-old-project-page.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/savannah/delete-old-project-page.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,30 @@
+# How to delete an old Savannah project page
+
+*Email response from Bob Proulx:*
+
+Honestly I have no idea. The Policy as I was instructed was that we
+curate and archive and don't ever delete free software. However we
+have deleted things at times. Things that were duplicated, illegal,
+dox, spam, abusive, and so forth. So if it needs to be done then of
+course we will delete it.
+
+As to Policy I looked and find
+this. https://savannah.nongnu.org/maintenance/RemovingProject/
+https://savannah.nongnu.org/maintenance/HowDoIResetMyProject/
+
+You can see where my instruction has come from on this.
+
+But if it is an empty project then I don't see any harm in removing
+it. But you asked how to remove it. I have no idea. Never done it
+before.
+
+That project REDACTED is not public. It isn't possible to see it
+unless one is logged in as Superuser in the web UI. As such it just
+exists as a couple of database entries. It has an empty home page.
+An empty release area. It's really just some lint.
+
+Is it really important to erase the lint? (It's okay to say yes. I
+am just asking because it seems pretty trivial stuff not important
+enough to want to stomp out.)
+
+Bob
Added: trunk/sviki/fsf/tickets/sql/restore-flat-db-dump-file.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/sql/restore-flat-db-dump-file.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/sql/restore-flat-db-dump-file.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,25 @@
+# restore flat db dump file
+
+These instructions come from rwp, and apply to some of the vms that he works
+on, such as Savannah.
+
+To restore a full database dump:
+
+ zcat < mysql.dump.20170415084708 | mysql -uROOTUSER -pROOTPASS
+
+To restore a specific database:
+
+ Use sed to filter out other databases.
+ time zcat mysql.dump.20170415084708 |
+ sed -n '/^CREATE DATABASE.*`foo_database`/,/^CREATE DATABASE/p' |
+ mysql -uSOMEUSER -pSOMEPASS foo_database
+
+To restore a specific table from a specific database:
+
+ Use sed to filter out other databases.
+ Then use sed to filter out other tables. In my case here the name
+ of the table is foo_table and so I am looking for that specific table.
+ time zcat mysql.dump.20170415084708 |
+ sed -n '/^CREATE DATABASE.*`foo_database`/,/^CREATE DATABASE/p' |
+ sed -n '/^DROP TABLE.* `foo_table`/,/^UNLOCK TABLES/p' |
+ mysql -uSOMEUSER -pSOMEPASS foo_database
Added: trunk/sviki/fsf/tickets/ssh/filezilla-sftp.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/ssh/filezilla-sftp.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/ssh/filezilla-sftp.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,13 @@
+[[!meta description="Subject: Filezilla: No supported authentication methods
available (server sent public key)"]]
+
+## Subject: No supported authentication methods available (server sent public
key)
+
+Filezilla is able to use ssh-agent if it is running. It should not be necessary
+to import any `.ppk` format keys; otherwise, unenecrypted keys can be created
+with puttgen. The client should be set to "Interactive", for key-based login.
+
+This error appears similar to "(permission denied, public key)" in OpenSSH.
+Make sure that the account lists the contents of `id_rsa.pub` in the relevant
+`authorized_keys` file. If the user can't log in via the command line with
+`ssh`, then Filezilla certainly won't work, so you might as well debug that
+first.
Added: trunk/sviki/fsf/tickets/ssh/no-matching-key-exchange-method-found.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/ssh/no-matching-key-exchange-method-found.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/ssh/no-matching-key-exchange-method-found.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,8 @@
+
+Unable to negotiate with 192.168.0.16 port 22: no matching key exchange method
found. Their offer:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
+
+solution:
+https://unix.stackexchange.com/questions/340844/how-to-enable-diffie-hellman-group1-sha1-key-exchange-on-debian-8-0
+
+
+ssh -oKexAlgorithms=+diffie-hellman-group1-sha1
Added: trunk/sviki/fsf/tickets/ssl/restart-service-after-cert-renewal.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/ssl/restart-service-after-cert-renewal.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/ssl/restart-service-after-cert-renewal.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,8 @@
+# certbot: restart service after cert renewal
+
+Place an executable script in `/etc/letsencrypt/renewal-hooks/deploy/`, with
+contents like:
+
+ #! /bin/bash
+
+ systemctl restart mumble-server.service
Added: trunk/sviki/fsf/tickets/trisquel/missing-packages-from-mirror.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/trisquel/missing-packages-from-mirror.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/trisquel/missing-packages-from-mirror.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,3 @@
+# missing packages from mirror
+
+Old archives are here: <http://oldarchive.trisquel.info/>
Added: trunk/sviki/fsf/tickets/trisquel/upgrade-to-nabia-wont-boot.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/trisquel/upgrade-to-nabia-wont-boot.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/trisquel/upgrade-to-nabia-wont-boot.mdwn
2023-12-06 21:04:15 UTC (rev 686)
@@ -0,0 +1,43 @@
+# vm won't boot after dist-upgrade to nabia
+
+before working on a vm in a chroot / mount point, make sure that the vm is shut
+down or destroyed. before starting a vm, make sure that it's completely
+unmounted and crypt and nbd device files closed, etc.
+
+install `cryptsetup-initramfs`, add `link_in_boot = no` to
+`/etc/kernel-img.conf`, run `update-initramfs -u`, fix the symlinks for
+`/vmlinuz` and `/initrd.img` in /.
+
+contents of `/etc/initramfs-tools/modules`:
+
+ xfs
+ ext4
+ aes-x86_64
+ dm-mod
+ dm-crypt
+
+then run `update-initramfs -u`.
+
+If that doesn't work, you may need to chroot into the fs on the host. note that
+`systemd-nspawn` may not work for this purpose. be sure to bind-mount /dev. If
+`cryptsetup` is not added to the initramfs (command doesn't exist in busybox
+console: `virsh console example.fsf.org`), then you may want to add
+`CRYPTSETUP=y` to `/etc/cryptsetup-initramfs/conf-hook` and rebuild the
+initramfs.
+
+You will likely need the above rule to force add cryptsetup. When you update
+the initramfs, there's an error about a mismatch in device names, so when you
+boot, you'll need to manually open the encrypted drive with cryptsetup then
+mount the resuling partition to /root. Best if all of the above is done before
+the first boot after upgrading.
+
+If you needed to manually unlock on boot, make sure to update the initramfs
+again, confirm that there is no warning about mistamtched devices, then reboot.
+
+If you get an error about this on boot:
+
+ /lib/systemd/libsystemd-shared-245.so: undefined symbol: seccomp_api_get
+
+mount the fs externally, chroot in, and run this command:
+
+ mv /lib/x86_64-linux-gnu/libseccomp.so.2* ~
Added: trunk/sviki/fsf/tickets/vcs/delete-branch.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/vcs/delete-branch.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/vcs/delete-branch.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,31 @@
+# Delete a branch from vcs.
+
+Login to vcs.
+
+ ssh root@vcs.fsf.org
+
+Login as the `git` user.
+
+ su -l git
+
+Change to the directory that you want to modify.
+
+ cd repositories/civicrm-core.git/
+
+List all branches.
+
+ git branch -a
+
+Delete the branch with `-d`:
+
+ git branch -d 5.24.4-fsf-michael-attempt-0
+
+Psych! Follow the prompts to really delete it with `-D`:
+
+ git branch -D 5.24.4-fsf-michael-attempt-0
+
+Exit.
+
+ exit
+
+ exit
Added: trunk/sviki/fsf/tickets/vcs/https_repo_out_of_date.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/vcs/https_repo_out_of_date.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/vcs/https_repo_out_of_date.mdwn 2023-12-06
21:04:15 UTC (rev 686)
@@ -0,0 +1,8 @@
+# https repo out of date
+
+make sure that `hooks/post-update` contains this command on the first
+non-comment line:
+
+ git update-server-info
+
+it must come before all `cd` and `exit` commands, etc, otherwise it won't work.
Added: trunk/sviki/fsf/tickets/video/transcode-videos.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/video/transcode-videos.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/video/transcode-videos.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,130 @@
+# Transcode videos
+
+See also [LP 2019
Streaming](https://libreplanet.org/wiki/LibrePlanet:Conference/2019/Streaming)
+and [brains
gmg](https://brains.fsf.org/wiki/campaigns/manual/www/media.libreplanet.org/#index2h2)
+for more ffmpeg commands.
+
+## Remux to fix seeking in icecast recordings
+
+ mkdir -p remux
+ for i in *.webm; do echo "$i" && ffmpeg -i $i -vcodec copy -acodec copy
remux/$i ; done
+
+## Remove exif
+
+You might want to remove Exif metadata from the source file before you
transcode, to avoid mentions of Apple software:
+
+ exiftool -all= source.mov
+
+## Scale cartoon
+
+To scale to a cartoon to a 360 px tall H.264 video, with somewhat low quality:
+
+ ffmpeg -i input.mov -acodec aac -b:a 64k -vcodec h264 -vf scale=-1:360
-crf 25 -preset veryslow -tune animation output.mp4
+
+To boost the quality, reduce the `-crf 25` value. The default is `23`. To speed
+up encoding, for testing purposes, use something like `-preset medium`.
+
+Drop the `-vf scale=-1:360` part for the original video resolution.
+
+To do similar, but for WebM:
+
+ ffmpeg -i input.mov -acodec libvorbis -b:a 64k -vcodec libvpx -vf
scale=-1:360 -b:v 800k -preset veryslow output.webm
+
+To do similar, but for ogv:
+
+ ffmpeg -i input.mov -acodec libvorbis -b:a 64k -vcodec libtheora -vf
scale=-1:360 -b:v 1300k -preset veryslow output.ogv
+
+## Trim by timestamp
+
+ ffmpeg -i input-video.webm -ss 00:00:16 -to 00:33:25 -acodec copy -vcodec
copy output-video.webm
+
+## Trim and correct audio delay
+
+(<https://www.geekyhacker.com/2020/05/17/synchronize-audio-and-video-with-ffmpeg/>)
+
+ # correct audio ahead video (delay audio by 200ms)
+ ffmpeg -i in.webm -itsoffset 00:00:00.200 -i in.webm -ss 00:00:47 -to
00:38:08 -c:a copy -c:v copy -map 0:v:0 -map 1:a:0 out.webm
+
+ # correct audio behind video (skip audio by 200ms)
+ ffmpeg -i in.webm -itsoffset 00:00:00.200 -i in.webm -ss 00:00:47 -to
00:38:08 -c:a copy -c:v copy -map 0:a:0 -map 1:v:0 out.webm
+
+
+## Transcode to vp9
+
+
+If you have time, use 2 pass encoding (note, needs testing):
+
+The 1st command creates a log file in the current directory which is used in
the 2nd command. Do not run this twice in parallell in the same directory, or
it will screw up the log file!
+
+```
+ffmpeg -threads 0 -i INPUT.webm -g 192 -vcodec libvpx-vp9 -vf scale=-1:720
-max_muxing_queue_size 9999 -b:v 750K -pass 1 -an -f null /dev/null && \
+ffmpeg -threads 0 -i INPUT.webm -g 192 -vcodec libvpx-vp9 -vf scale=-1:720
-max_muxing_queue_size 9999 -b:v 750K -pass 2 -c:a libvorbis -qscale:a 5
OUTPUT.webm
+```
+
+background:
+
+https://trac.ffmpeg.org/wiki/Encode/VP9#speed
+
+-g = from ffmpeg -h full, it is group of picture (GOP) size. Google says this
is the number of frames per key frame.
+
+
+If you don't have time, use one pass:
+
+```
+ffmpeg -threads 0 -i INPUT.webm -g 192 -vcodec libvpx-vp9 -vf scale=-1:720
-max_muxing_queue_size 9999 -c:a libvorbis -qscale:a 5 -ss 00:00:05 -to
00:03:09 OUTPUT.webm
+```
+
+## Extract audio from video
+
+Single video.
+
+ ffmpeg -i $i -vn -acodec copy $i.ogg
+
+Batch.
+
+```
+mkdir -p /data/incoming/lp2022-audio/nointro/
+cd /data/incoming/lp2022-video/jupiter
+for i in *.webm; do echo "$i" && ffmpeg -i $i -vn -acodec copy
/data/incoming/lp2022-audio/nointro/$i.ogg ; done
+cd /data/incoming/lp2022-video/saturn
+for i in *.webm; do echo "$i" && ffmpeg -i $i -vn -acodec copy
/data/incoming/lp2022-audio/nointro/$i.ogg ; done
+cd /data/incoming/lp2022-video/neptune
+for i in *.webm; do echo "$i" && ffmpeg -i $i -vn -acodec copy
/data/incoming/lp2022-audio/nointro/$i.ogg ; done
+cd /data/incoming/lp2022-audio/nointro/
+rename 's/.webm.ogg/.ogg/g' *
+```
+
+Campaigns may want to add an audio introduction.
+
+### Adding an introduction with sox
+
+Syntax: `sox short1.wav short2.wav short3.wav long.wav`
+
+ mkdir -p /data/incoming/lp2022-audio/withintro/
+ for i in *.ogg; do echo "$i" && sox
/data/incoming/gregf-audio-intro-lp2022-stereo.ogg $i
/data/incoming/lp2022-audio/withintro/$i ; done
+
+If you get the error `sox FAIL sox: Input files must have the same #
channels`, you may need to change one of the inputs from mono to stereo. This
can be done with ffmpeg. [See
doc.](https://trac.ffmpeg.org/wiki/AudioChannelManipulation)
+
+ ffmpeg -i mono.ogg -ac 2 stereo.ogg
+
+If you get the error `sox FAIL formats: no handler for detected file type
'opus'`, you may need to compile sox.
+
+### Adding an introduction with ffmpeg (Needs testing)
+
+Both files must have the same codec.
+
+ mkdir -p /data/incoming/lp2022-audio/withintro/
+ for i in *.ogg; do echo "$i" && ffmpeg -i
/data/incoming/gregf-audio-intro-lp2022.ogg -i $i -filter_complex
'[0:0][1:0]concat=n=2:v=0:a=1[out]' -map '[out]'
/data/incoming/lp2022-audio/withintro/$i ; done
+
+## Combine videos with the same codec (needs testing)
+
+[ffmpeg doc](https://trac.ffmpeg.org/wiki/Concatenate#samecodec)
+
+ for f in *.webm; do echo "file '$f'" >> mylist.txt; done
+ ffmpeg -f concat -safe 0 -i mylist.txt -c copy output.webm
+
+## Replace audio track
+
+If an audio segment needs additional processing in audacity, you can bring it
back in through ffmpeg.
+
+ ffmpeg -i video.webm -i audio.ogg -c:v copy -map 0:v:0 -map 1:a:0 new.webm
Added: trunk/sviki/fsf/tickets/web/partial-login.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/web/partial-login.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/web/partial-login.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,9 @@
+[[!meta description="Subject: I logged in, but I can't edit this page."]]
+
+## Subject: I logged in, but I can't edit this page.
+
+This sometimes happens when a user logs in with http and then tries to edit a
+page with https, or vice versa. The browser apparently doesn't share cookies
+across protocols. This is most likely a security feature. The solution is to
+log in under https and to use that protocol in one's pasted edit urls and when
+browsing.
Added: trunk/sviki/fsf/tickets/xmpp/cant-join-rooms.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/xmpp/cant-join-rooms.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/xmpp/cant-join-rooms.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,9 @@
+# user can't join chat rooms
+
+an admin or channel user may need to invite the new person to an xmpp channel.
+use gajim or pidgin to invite people.
+
+if they still can't log in, it may be an issue with their client. (i have this
+issue on bitlbee with the 'pizzatalk' channel). they can try to leave the room,
+then invite themselves from pidgin, or have an admin invite them, then accept
+the invitation and join into that channel.
Added: trunk/sviki/fsf/tickets/xmpp/invalid-cert.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/xmpp/invalid-cert.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/xmpp/invalid-cert.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,16 @@
+[[!meta description="Subject: Invalid cert for jabber.member.fsf.org"]]
+
+## Subject: Invalid cert for jabber.member.fsf.org
+
+Make sure that your domain is @"member.fsf.org". So you user name should be
+"user\_name@member.fsf.org". Your client might need its connect server to
+"jabber.member.fsf.org", but most modern clients shouldn't need that setting.
+
+If you were previously logging in as "user\_name@jabber.member.fsf.org" for a
+long time and you have contact lists, etc. then you might want to keep using
+jabber.member.fsf.org as your domain so you can keep your contacts and so
+people can reach you at the same address. In that case, you will likely have to
+manually accept that certificate. Note that your phone does say that it's valid
+for \*.fsf.org, so that's the FSF's cert.
+
+Please let me know if there are any further issues.
Added: trunk/sviki/fsf/tickets/xmpp/please-enable-muc.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/xmpp/please-enable-muc.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/xmpp/please-enable-muc.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,4 @@
+# please enable MUC (multi-user chat) on member XMPP server
+
+We decided that we don't want to host any group chats on our XMPP server,
+because we have no way of moderating them.
Added: trunk/sviki/fsf/tickets/xmpp/room-management.mdwn
===================================================================
--- trunk/sviki/fsf/tickets/xmpp/room-management.mdwn
(rev 0)
+++ trunk/sviki/fsf/tickets/xmpp/room-management.mdwn 2023-12-06 21:04:15 UTC
(rev 686)
@@ -0,0 +1,4 @@
+# xmpp room management
+
+Use Gajim to connect to XMPP, join a room, then use the hamburger menu to
+change the room settings.
Modified: trunk/sviki/fsf.mdwn
===================================================================
--- trunk/sviki/fsf.mdwn 2023-12-06 20:05:18 UTC (rev 685)
+++ trunk/sviki/fsf.mdwn 2023-12-06 21:04:15 UTC (rev 686)
@@ -11,12 +11,15 @@
[[!map pages="fsf/tools/* and ! fsf/tools/*/*"]]
+### Tickets - How to handle various common & rare tickets
+[[!map pages="fsf/tickets/* and ! fsf/tickets/*/*"]]
+
## Background info
FSF tech team has an internal ikiwiki wiki called gluestick for various
-technical documentation. It was created in 2014 and to store some things
+technical documentation. It was created in 2014 to store some things
that made sense to be private, but a bad practice started of adding
documentation there that was better off public since we didn't have a
public ikiwiki.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [686] add tickets pages,
iank <=