Bog Roll :: unix

It's Not Magic, It's Work!

15 Apr 2022

Upgrade cycle

Last May I started the process of upgrading all my Debian systems from version 10 to 11. I completed all the desktop and laptop systems pretty quickly and by the summer only my home server and cloud server remained on the older version.

In the autumn we moved into my mother-in-law's while the major work on the house was done and it wasn't habitable. As a result the upgrade to the server was delayed as we were somewhat at sixes and sevens, and a server upgrade wasn't the best thing to do.

The house rebuild isn't complete, but it's getting closers and I really should look at upgrading my servers from Debian 10 to 11. It's mostly that there are a few changes that this upgrade introduces and I don't want to rock the boat too much if I need to make changes to accommodate the upgrade.

26 Aug 2021

Debian GNU/Linux 11.0 "Bullseye"

I've now upgraded or installed Debian Bullseye on all my non-server systems. The upgrade this cycle was one of the easiest of all, and overall I'd say the change was the most evolutionary rather than revolutionary to date, in my experience since I started with Woody.

Most things seem to work in the same way as before, only things are a little newer and a little better, a few bugs have been fixed and a few new features have arrived. There are a few visual improvements, but it's very much more of the same - which is a good thing, I think.

I'll upgrade my servers last, even though they actually have way fewer packages on them (not having a GUI or any desktop allocations) there have been major changes to Exim, so I don't want to break my email system...

25 Jun 2021

More Debian GNU/Linux 11.0 "Bullseye"

Though still not officially stable I've upgraded a further spare laptop, a lightly used desktop and a virtual system from Debian 10.10 to 11.0. In all cases there was even less than usual that needed any manual attention. In most cases I reset to standard where I could and then checked afterwards if I wanted to put back any customisation. I've also built one new system directly on Bullseye, and that's a pretty neat system too, given it's age and low spec.

Superficially everything is a bit newer and a bit more polished, and the like most recent upgrades it's evolutionary rather than revolutionary. Compared to the 9 to 10 step, so far there was even less to worry about, and things have just got a more polished. While the KDE 4 to 5 transition was a big technical change, as was the move to systemd, I feel the last noticeable change was versions 7 to 8. A decade ago the move from 5 to 6 was very noticeable as KDE jumped from 3 to 4, which was a more noticeable change than the later KDE 4 to 5 transition.

The biggest step change I remember was 3 "Woody" to 3.1 "Sarge". Sarge had been in gestation for quite a while, and though it was only numbered 3.1 it was one of the biggest jumps, which saw a whole range of changes and also gave Debian a reputation for slow release cycles, which is unfair as post 3.1, most versions have actually come out with an even cadence of about 2 years per release...!

Dull upgrades are always good, but other than a few changed splash screens and some new graphics it mostly feels the same, just a bit better, which is good.

20 May 2021

Debian GNU/Linux 11.0 "Bullseye"

Yesterday I test upgraded an old/spare laptop from Debian 10 to Debian 11. The upgrade process has changed for this release cycle, it now uses apt instead of apt-get, but seemed to go well other than a few minor cases when I needed to press Y for it to continue.

I'll probably put some new systems I'm building directly onto Bullseye, but I won't upgrade the rest of my systems until the formal release rolls round later this year. It looks pretty good already, and I've noticed fewer changes on a virtual system that has been shadowing Bullseye for a while.

07 Apr 2021

NFSv4 over a VPN

Over the Easter weekend, we were visting (fully vaccinated) family. So we were away from the house. Using my WireGuard VPN I was easily able to read email from my home server on my laptop without having to do much to make it all work. I still need to tweak the dynamically generated /etc/resolv.conf file, but I can live with that.

For a laugh I tried to see if NFS would work over WireGuard. Other than adding my machine's VPN name (already in BIND) to the exports file, nothing actually needed to be changed, and autofs started working as if the laptop was at home, and I was able to stream FLAC files over NFSv4 fom home to my laptop away from home...!

I think that's a result!

29 Jan 2021

Further adventures in IPv6 land

Now all my systems at home are running IPv6, and have been renamed I'm having fun with the way IPv6 works relative to IPv4.

With IPv4 my computers had one IP address per interface, which usually means just one, except when a laptop is connected via wires and wireless at the same when it is multi-homed. For the machine that has more than one address it's not a problem, but it's a pain to connect to as means duplicate records in DNS and more faff with DHCPD. Most of the time it's not a problem, but once I added WireGuard everything had at least two IPs.

To solve the VPN address, I reorganised my domains. The external machines have their own unique IPv4 and IPv6 addresses at the top of my domain, and the home systems are on their own home sub-domain and the VPN addresses in a different VPN only domain, which makes the name resolution easy, and the domain search order simple.

IPv6 is inherently both more complex and simpler than IPv4... Every machine makes up a non routeable local address based on its own MAC address (unless privacy in enabled), and it normally takes a prefix from the router and adds that to the local address to create a globally unique and routeable address. You can also allocate a local non-routeable, private address which is static and can easily be used in your local DNS. The global address is basically based on something given to you by your ISP, so can change at any time so no use for DNS, and the local address is no use if privacy is enabled as instead of a static MAC address base, it becomes a random number...

For my immobile systems, you can tell the system to allocate a static IPv4 and IPv6 address, and let the automatic IPv6 address happen as well. I can then put the static address into my DNS, and not worry about the global address. On the mobile systems it's a bit more confusing, but it turns out you can merge the static allocation, and let network-manager deal with the automatic stuff as well... Win!

22 Jan 2021


Linux has worked fine with IPv6 for years, but while in the UK I only had an IPv4 connection to the Internet, so I just ignored IPv6. In fact I disabled it on most of my machines to make my life easier.

Since moving to France, my Internet connection has dropped from a half decent VDSL connection at ~35 MBit/s to a more meagre ADSL2 connection at ~6 MBit/s. However I have gone from one static IPv4 address to one semi-static IPv4 and one semi-static IPv6 block. I've started to turn IPv6 back on and it has had some interesting results....!

03 Jan 2021


I've run a VPN at home for a while. Initially I used SSH to create ad hoc tunnels which work but aren't practical in a regular way. I then tried OpenVPN, which is mature enough to have books about it, and was easy enough to set up. Performance was so-so, which is important as the ADSL into the house is poor, so I can't really afford much of an over head.

At the end of 2019 I installed WireGuard and ran it side by side with OpenVPN. The VPN part is actually the easy bit, the more challenging part is making sure that NAT/firewalls and such are all configured too. After a while it became clear than WireGuard is more efficient, and I migrated everything over to that. Until we are upgraded to FTTP the lower overhead of WireGuard is pretty important to me, even if OpenVPN is a good solution too.

As of 1 January 2021 companies like Sky have stopped roaming of their UK contracts within the EU, so lots of Brits suddenly discovered on New Year's day that their British TV services are no longer valid. Another gift of Brexit. It's relativly easy to get round these GeoIP restrictions with a VPN, so we can expect the commercial VPN providers to pick up some new business from Brits residing in the EU unable to watch local TV, buying VPN contracts so they can continue to watch British TV...

My French isn't good enough to watch French TV and follow everything that happens, so at the moment I download programmes using youtube-dl, which also downloads the subtitles, from the TV company in France, and then run the French subtitles through a translation service into English, and then I hand correct them the best I can. It's not perfect, but it means I can at least hear French and absorb some of the meaning as I watch more and more French TV.

11 Jun 2020

How many is too many?

How many typefaces or fonts does one person actually need. As I said last year not that many. It's a pity that so many get installed and then clutter up your menus.

I mostly use sans-serif typefaces, at the moment the IBM Plex family is my favourite. I've previously uses Source Sans Pro for several years before that. I used Myriad Pro, which comes with most version of the Adobe Acrobat Reader as well which I rather like. At work there is the usual mix of Arial, Verdana and Calibri that come with Office/Windows but I don't use them at home.

For mono-spaced fonts, I currently use IBM Plex Mono but previously used Source Code Pro. Though I don't use Fira Mono I have used Fira Code for programming as it comes with fancy ligatures for programming which are fun.

I pretty much don't use serif typefaces at all. They just look ugly, but perhaps with a higher resolution screen (when I eventually buy one) they may look okay.

So to answer my own question, very few!

While my home PC looks like "mine", my work work is most dull corporate except my SAP screen where the ABAP developer screen uses Solarized (sic) colour scheme which is most uncommon, even if the type face is dull.

10 Jan 2020

Canon CR3

Canon have updated their camera raw format from CR2 to CR3 standard. Canon do not publish standard of their file format, so if you have an older operating system that what they support, or one that they do not support at all, then you can not open the CR3 files that your camera creates and you are forced to use the JPEG format files only.

To open the CR3 file a team of open source volunteers will have to reverse engineer the file format, and try to understand what Canon have done. Under European law reverse engineering is expressly permitted for the purpose of making something compatible. However it takes time and money to do, and would be much better if Canon were prepared to at least document their new file format, but not giving the details away all that will happen is the open source community will work it out and publish the details, so they aren't making it a secret, just making it awkward for their customers.

At the moment I have no compact camera since my Canon PowerShot S110 died. I was going to buy a Canon PowerShot G7X Mk III, but there isn't point now until I can open the files. The darktable people are working on it, but it will be a while. I will have to live without a compact camera for a while...

01 Dec 2019

Font culling

Over the past few days of tinkering with fonts I've realised that I have far more fonts than I need. It probably isn't impacting the performance of my computer, however it does make the font menu unwieldy to use. In practical terms I use one or two mono-spaced fonts of command line usage and programming, one sans-serif font in any written document, and a handful of other type faces for effect only. I also use another sans-serif font for my GUI.

I can't uninstall plenty of font families, because a package that I'm using depends on it, even though I'm not using the "default" font that that package wants. For example I don't need Vera and DejaVu, which are essentially the same. I've nothing against non Latin languages but I can't read them, so don't need them and while I can unload most of them, I can't get rid of them all. Thankfully KDE allows me to deactivate fonts, so I've turned all the ones I can't uninstall off!

30 Nov 2019

Monospaced Font Features

Some modern fonts come with built-in features that allow you to select alternate glyph or activate or deactivate some ligatures. For example Source Code Pro puts a dot in the centre of the zero to mark it, but if you tell it, it you can have a slash instead. Fira Code is the reverse.

  • Fira Code - default
    The quick brown fox jumps the lazy black dog.
    (ilI1 0oO /@#$%&[]{}\!=->)
  • Fira Code - zero
    The quick brown fox jumps the lazy black dog.
    (ilI1 0oO /@#$%&[]{}\!=->)
  • Source Code Pro - default
    The quick brown fox jumps the lazy black dog.
    (ilI1 0oO /@#$%&[]{}\!=->)
  • Source Code Pro - zero
    The quick brown fox jumps the lazy black dog.
    (ilI1 0oO /@#$%&[]{}\!=->)

Which is only visible if you happen to have the fonts installed, and a browser that can do the rendering trick, but if you do then you will see the difference above. Most useful to know. I prefer slashed zeros, some people prefer the dot versions, and I particularly like the left to right slash, rather than the far more common right to left.

28 Nov 2019

Monospaced Fonts

Over a decade ago I wrote about fonts: Monospaced Fonts. Fonts are still a strange thing. I have an even larger collection of them now, but I only use a few at most. The one area that I do care about are the monospaced or fixed width font that I use. I use fixed pitch fonts a lot, all my important work is either done in a console window, or is programming which I prefer to use a monospaced font even in a fancy IDE.

The problem was that font designers don't seem to care all that much about monospaced fonts, most people don't have a use for them, so there weren't that many to choose from relative to proportional fonts. Additionally in programming it's important to clearly see the difference between "l", "1", "i", "I", and "0", "o", "O". The less commonly used punctuation characters are additionally more important than normal text, and some puncutuation mark combinations are important and need to be clear.

This list is what I had all those years ago, and updated a bit...

Slashed zero, which I prefer:

  1. Anonymous
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Nice typeface, a bit Monaco like but more spaced out.
    • Not so common, I love the \ through the zero instead of the / and the a as used in Monaco.
    • Only one weight, if you need italic etc you need the Pro version.
  2. Anonymous Pro
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Nice typeface, based on Anoymous but updated.
    • More weights and versions, but still a bit too wide.
  3. Monaco
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Nice (Mac) typeface, no longer the default.
    • I like it a lot and used it now and then over the years.
    • I'm fond of the lower case i and it's compact overall.
  4. Consolas
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • This comes with most Microsoft software and it's nice and compact.
    • Like Andale Mono is a safe bet if there isn't anything better.
  5. Oxygen Mono
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Nice font used by KDE in the Oxygen theme.
  6. Fira Code
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • This is a modern coding typeface, with some fancy ligatures: != -> => >= ~=
    • Not used it much, but I think I should.

Dotted zero, which is okay:

  1. Andale Mono
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Okay typeface, a safe bet if nothing else is available.
    • Microsoft gave it away, so widely available, Consolas is better.
  2. Bitstream Vera Sans Mono
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Nice typeface.
    • Freely available thanks to Bitstream, most Linuxes have it by though DejaVu has mostly replaced it.
  3. DejaVu Sans Mono
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Nice typeface. I like them both but I prefer a slashed to a dotted zero.
    • Based on Vera, but expanded and improved.
    • Apple's Menlo is in the same family but does have a slashed 0.
  4. Source Code Pro
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Adobe gave this professionally designed font away.
    • I have used it a lot, but it doesn't have a slashed zero in the default view, but you can turn it on in some editors.

Un marked zero - sort of okay but best avoided.

  1. Lucida Console
    The quick brown fox jumps the lazy black dog. (ilI1 0oO /@#$%&[]{}\!=->)
    • Nice typeface - use to be a personal favourite.
    • Microsoft gave this one away as well.
    • Zero isn't marked - which is a pity.
    • See also Lucida Typewriter, which also has an unmarked 0

Programming and console use are similar, but not quite the same as I use the console for writing emails and doing other stuff, not just programming. I wonder what fonts I'll be using in another decade...?

Debian GNU/Linux 10.0 "Buster"

Debian released Debian 10.0 earlier this year. For a while I didn't bother upgrading, I was busy at work and I didn't really have the time to upgrade my growing network of systems.

Eventually I bit the bullet and started on my second oldest laptop, that I don't use much as it's a bit slow and the scratch pad doesn't work for no obvious reason (hardware fault of some kind), Other than Amarok being missing, the upgrade was painless. I then upgraded a few more systems, including my mother-in-laws laptop which had previously been running Windows 7.

All my systems are now running Debian 10 and other than a few minor glitches, it all went rather well. Overall a very dull upgrade, in that there is nothing radically different, and most things are just a little better and work in mostly the same way that I was used to. I know that there a have been some architectural changes, but at the user level it's just better - which is a good thing.

21 Oct 2019

Private Network

For years I've used the Secure Shell (SSH) to connect from system to system. On works systems, home systems and to friends. OpenSSH is a wonderful tool and is a fantastic poor man's Virtual Private Network (VPN), which is why many sane organisations are careful who has SSH, because it is so powerful.

SSH is brilliant if you want a shell on a remote system, and the forwarding means you can create ad hoc tunnels when required but it's not perfect and not a real VPN.

OpenVPN is an open-source SSL VPN. It dates back to 2001 and is a mature product with plenty of books and web sites telling you how to use it, and plenty of people do use it. It is a real VPN, unlike SSH, but easy enough to start using without having to use all the bells and whistles.

WireGuard is a simpler and newer VPN which has been built on the latest technology only. It is far smaller than OpenVPN, and may be faster, but for a small system of computers it is also far easier to set up.

At the moment I'm running both, but I think for my needs WireGuard is the best option.