Recent comments on posts in the blog:

debian/rules target work-around


We worked on a debian/rules target to download upstream tarball and signature. But I don't know if my debian sponsor is happy about it.

# Gets the name of the source package
DEB_SOURCE_PACKAGE := $(strip $(shell egrep '^Source: ' debian/control | cut -f 2 -d ':'))

# Gets the full version of the source package including debian version
DEB_VERSION := $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
DEB_NOEPOCH_VERSION := $(shell echo $(DEB_VERSION) | cut -d: -f2-)

# Gets only the upstream version of the package
DEB_UPSTREAM_VERSION := $(shell echo $(DEB_NOEPOCH_VERSION) | sed 's/-[^-]*$$//')
DEB_SOURCE_PACKAGE := $(strip $(shell egrep '^Source: ' debian/control | cut -f 2 -d ':'))
DEB_UPSTREAM_MINOR_VERSION := $(shell echo $(DEB_UPSTREAM_VERSION) | sed -r 's/([0-9]+).([0-9]+).([0-9]+)/\1.\2.x/')

# Sets tarball-dir if not provided by command line
TARBALL_DIR ?= ../tarballs

# Sets export-dir if not provided by command line
EXPORT_DIR ?= ../build-area

  mkdir -p $(TARBALL_DIR)
  mkdir -p $(EXPORT_DIR)
Comment by Joël Krähemann
Re: OpenVPN settings

What changes need to be made to /etc/openvpn/server.conf in order to use Unbound from within the VPN tunnel when connected to the server from an external client?

I haven't yet figured out how to do that, but it's something I'd really like to add to my OpenVPN setup.

Comment by francois
OpenVPN settings

Dear Fran├žois,

Thank you so much for this! What changes need to be made to /etc/openvpn/server.conf in order to use Unbound from within the VPN tunnel when connected to the server from an external client?

Thanks for your help, Fran├žois!

Comment by Anonymous
comment 1
Not sure why, but on my freshly installed Stretch I have ntpd installed in /usr/sbin/ntpd and systemd-timesyncd seems to be running fine. Actually it looks like both are running in top?
Comment by EVD
enable UEFI
Also, you need to enable UEFI boot, so the usb or cd can boot... and plug in the AC power
Comment by Anonymous
Re: Point of Network Scanner... Windows

sane is supported on windows (Xsane for win32, SwingSane), but only as a network client. You can't plug a scanner into a windows machine with USB and use sane, but you can plug a scanner into a linux machine, run saned, and then connect sane on windows to that.

Why would you do this? HP Multifunction printers are notorious for not supporting the latest version of windows. HP will make a "universal print driver" and ignore the scanner. So anyone with an older device (something made for XP or Win9x) can't scan from windows normally. saned keeps these devices alive.

Comment by Paul K
Captive Portal

I'm doing a lot of business trips so I'm using a lot of Airport and Hotel WiFis. So far I could reach all the captive portals when directly typing into my browser address bar. I don't know if this a standard but so far it seems all the captive portals are reachable this way. If it won't work I would have a look at the IP DHCP gave, e.g., and then would try to acces (but I never needed to try this as always worked for me).

Comment by Martin
Proper Grub approach

Hi, I found the Grub reconfig too complex and not working well in case the /boot is on a separate partition, failing to rescue mode.

Instead of fiddling with the grub console, one can fix the issue before reboot - just to chroot into the mounted md partitions (be aware, CHOOSE TO INSTALL GRUB TO MD-ENABLED DRIVE ONLY, just not to touch the "source" drive):

mount -t proc /proc /mnt/mntroot/proc
mount --rbind /sys /mnt/mntroot/sys
mount --make-rslave /mnt/mntroot/sys
mount --rbind /dev /mnt/mntroot/dev
mount --make-rslave /mnt/mntroot/dev
chroot /mnt/mntroot /bin/bash
source /etc/profile
dpkg-reconfigure grub-pc  

I consider this approach to be much cleaner.

Comment by TyNyT
Why stop Apache?
You could use the Apache or webroot plugins to do the renewals without stopping Apache. Is there anything that prevents you from doing that?
Comment by Marius Gedminas
comment 6
@Jonathan Because programs other than browsers use dns. Or maybe because you do local dns lookups while using a socks proxy for the https requests.
Comment by Anonymous