Python Hack

I suddenly had a problem on the laptop (ubuntu 18.04, Bionic), and I’ve seen similar problems on Cinnamon. One manifestation is that when I try to start terminal using the gnome-terminal.desktop app, i.e. the icon in the dock, the launch fails, with no stated reason. A look in the log reveals a problem in Python loading _gi.

I resolved to look at it later. I was able to start the terminal from the desktop by right clicking, and open terminal.

Later I had a similar problem trying to launch gnome-tweak. It failed in the same way, trying to start up the python app it attempted to load _gi.

I have only the vaguest clue what is going on here. I looked at the python code. Indeed they are attempting:

From . import _gi. 

And the directory /usr/lib/python3/dist-packages/gi does not have a library named _gi. It does however have two library files:

_gi.cpython-36m-x86_64-linux-gnu.so
   and 
_gi_cairo.cpython-36m-x86_64-linux-gnu.so

Perusing the net, I find some suggestion that these libraries, with the 36m designation are somehow specific to or found by Python 3.6, and that if I want this to work under Python 3.7, I have to copy these files, and change 36m to 37m.

Ok, what have I got to lose? I did that simple thing – with just a simple copy in the above named directory. Lo and behold, it fixed the symptom that I was experiencing.

I don’t really like fixing things with magic when I don’t know what is happening, but now is not the time to go on a voyage of discovery with Python.

Setting up Arch on UEFI laptop

A good friend had mentioned to me that he used Arch linux in one of his recent installs. I’ve never tried it. I have this old HP laptop that a different friend gave me, when he replaced it. It isn’t that old! I decided to try installing Arch on it.

I had a bunch of issues, and ultimately today I resolved to reinstall the thing again, and record my experience. One of the issues – as usual a self-inflicted wound – is that this is a UEFI capable laptop, but the disk that is in it is MBR partitioned, not GUID partitioned. It probably would have been smarter to just partition the disk with a GUID table. But I didn’t. Below is the description of what I did.

Continue reading Setting up Arch on UEFI laptop

Root Account is locked

A few months ago Fedora crashed, and wouldn’t boot. It seems to do that from time to time. I have about had it with Fedora. I have at least three times as much trouble with Fedora as I do with Ubuntu.

So I reinstalled Fedora. I was back-level anyway, as I have grown very cautious of their automatic update – which about a third of the time ends up requiring a full system rebuild. My thinking about it wasn’t quite this black and white, but might has well have been: “It’s going to crash eventually, and require me to scrape it down to the bare metal – I might as well wait till that happens, rather than hastening the process by trying to update fedora.”

Anyway, on that occasion back in May, I rebuilt a new Fedora 30 system on a new disk, and restored everything.

Continue reading Root Account is locked

adding a VPN Router to the network

The topology for the handling of downloads of stuff via a vpn previously involved a vpn client directly on rosemary. The problem with this was that sometimes the vpn would fail – it would get disconnected from the remote end. If I didn’t realize this, and started a download, it would be in the clear.

I thought a better solution was to have a separate router (herein the “vpn” router) between rosemary and the external router, and to have that router establish a constant vpn through it’s wan interface, through the external router. Everything that connected to a lan port on the vpn router would be protected. Rosemary would then use the vpn router as its path to the internet. Everything that rosemary sends or receives from the internet would come exclusively through the vpn router.

Continue reading adding a VPN Router to the network

Setting Up Openvpn Server

The objective of this project was to install a vpn server on one of the boxes in the cloud (initially asafoetida, then moved to tarragon), in order to provide a VPN server service for a friend who was traveling. My friend uses the name Darrell for his client, so in what follows the vpn is called by this name.

Create a Certificate Authority

A lot of the instructions, even from openvpn site, say to use the “easyrsa” package to generate the certificates for openvpn. This package seems to be put out by the openvpn boys, or at least with their cooperation. But I didn’t do that. I created a ca with raw openssl.

Continue reading Setting Up Openvpn Server

Fedora Crash, again

Preparing to go off on my semi-annual visit east I was trying to ensure that the primary systems here that have encrypted root drives (oregano, cinnamon and rosemary) could each be rebooted from afar by attaching to a dropbear instance during the initramfs. See article on booting notes about that.

Somehow Oregano became unbootable. Again. It usually takes three or four hours of flailing around to figure out what little thing has caused it to point its casters to the sky. It takes only a little longer to just rebuild from scratch with the latest release.

Continue reading Fedora Crash, again

New Internal Network setup

Owing to the failure of oregano detailed in the last post, I have finally taken steps to clean up a long standing issue in my internal network, viz: that oregano, the primary development computer was offering essential network services which all the other boxes relied upon. When oregano was down, almost everything else suffered.

This problem dates back at least 20 years. In early days I began the practice of having my primary linux computer act as a firewall separating the rest of the network from the internet, and as the dhcp server. I won’t try to defend the practice – it was what I did; but it has made less and less sense over the years. Plus it had the very undesirable side effect that when that primary computer was down the other systems lost their dhcp server and their path to the net.

I had this generic Chinese openwrt router which I bought last year, for reasons passing understanding. I’d planned to replace the primary router with it, but that proved a bad plan. I decided to use this extra router to fill the role oregano had filled, of separating the internal and external networks.

So this router, named obelisk, performs dhcp and dns forwarding. Henceforth Oregano will be just another box on the internal network.

Automatic update of Fedora Fails

I tried doing an update of fedora the other day, with the dnf system upgrade business, to upgrade in place. I should have known better. The failure is almost certainly related to the ongoing frustration of the graphics card.

One is offered the choice of two nice poisons. One may elect to use the open source nouveau driver, in which case the graphics driver will spontaneously crash about once a week forcing a reboot. Or, alternatively, one may choose instead to install the proprietary nvidia driver, in which case every few months one will get a new kernel that invalidates the driver, and the machine will suddenly not boot at all, requiring that you get in and fool around with grub and intitramfs until you can get it up enough to download and rebuild a new nvidia driver. Continue reading Automatic update of Fedora Fails

Certificates Redux

An earlier post talked about switching my server tarragon (where this blog sits) to a wildcard certificate from letsencrypt. There were two reasons why I was using a wildcard certificate. One had to do with test versions of websites that run on this server, and the need that some of those sites have for wildcards, of the form: bob.websitename.com, sally.websitename.com, etc. The other reason was that I have a lot of hosts (oregano, cinnamon, paprika, lemongrass) in addition to tarragon that “need” to have a certificate, for https, for imap, and for smtp, and when I was having to pay for them, it was cheaper to get one wildcard for wmbuck.net. Continue reading Certificates Redux