rewrite of restic backup script and adding email alert

Found that our restic backup script had stopped running from Apr 20th - the log files were dated as last modified on that date. This could have been due to 
(a) an update overwriting the restic binary with an older version of ubuntu's restic via apt, which did not work, giving "backend not supported" errors for Azure Storage
(b) an additional issue that our Azure Storage account had become unavailable at some point of time due to a lapsed subscription 

So, created a new Storage account in an active subscription in the same resource group, which defaulted to the same Central India region for the storage account as we wanted. Used the same name as the earlier script's storage account name, and created a Blob container also with the same name as used by the script. 

Due to the point (a) above, this was not sufficient to make the script work, even for it to initialize the storage with lines like

restic -r azure:our-data-bk:/ourdata init

Fatal: create repository at azure:our-data-bk:/ourdata failed: invalid backend

As suggested by Gemini, the solution was to uninstall restic via apt, and to then download the latest restic and copy it to /usr/local/bin

wget https://github.com/restic/restic/releases/download/v0.18.1/restic_0.18.1_linux_amd64.bz2
bzip2 -d restic_0.18.1_linux_amd64.bz2

chmod +x restic_0.18.1_linux_amd64

sudo mv restic_0.18.1_linux_amd64 /usr/local/bin/restic

sudo apt remove restic

Then,

restic version

-bash: /usr/bin/restic: No such file or directory

We needed to tell bash to refresh the location - 

hash -r

Then the restic version showed the correct version, and the init also was successful. 

I wanted to get emails on future failures instead of the script failing silently, so Gemini helped with this script, which I have modified to change the passwords etc

#!/bin/bash

#This will run Restic backups from cron.

export RESTIC_PASSWORD=ourpw

export AZURE_ACCOUNT_NAME=ourname

#export AZURE_ACCOUNT_SAS="sv=2022-11-02&ss=bfqt&srt=c&sp=not_used_this_time%3D"

export AZURE_ACCOUNT_KEY="mVthisisthekey99999wPlEA=="

# not using rclone+gdrive due to slow,timeouts,rate-limits

#RCLONE_CONFIG=/home/user/.config/rclone/rclone.conf

#create new repo

# https://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#microsoft-azure-blob-storage

#restic -r azure:our-data-bk:/ourdata init

# take backups

/usr/local/bin/restic  -r azure:sssvv-data-bk:/1data  --verbose backup  /var/www/1_data_disk/1_data/filedir > /home/user/1resticlog.txt 2>&1

/usr/local/bin/restic  -r azure:sssvv-data-bk:/2data  --verbose backup  /var/www/1_data_disk/2_data/filedir > /home/user/2resticlog.txt 2>&1

/usr/local/bin/restic  -r azure:sssvv-data-bk:/3data  --verbose backup  /var/www1_data_disk/3_data/filedir > /home/user/3resticlog.txt 2>&1

EXIT_CODE=$?

if [ $EXIT_CODE -eq 0 ]; then

    SUBJECT="SUCCESS: Weekly Restic Backup"

    MESSAGE="Your weekly restic backup completed successfully."

else

    SUBJECT="ALERT: Weekly Restic Backup FAILED"

    MESSAGE="WARNING: Your restic backup FAILED with exit code $EXIT_CODE. Please investigate immediately."

fi

mail -s "$SUBJECT" "my@email.org" << EOF

$MESSAGE

Here is the log output:

--------------------------------------------------

$(cat "/home/user/3resticlog.txt")

EOF

Updating expiring Azure Linux Virtual Machine Secure Boot 2011 certificates

Microsoft Azure's email notification asked us to update the secure boot certificates before the end of the month, and pointed us to verification, and if necessary updating, steps. The "vendor recommended" documentation for Ubuntu support was a bit contradictory - saying that rollout had been paused - so took the help of ChatGPT and Gemini for completing the process. First took up a non-critical VM, completed that, and then went on to the others.

sudo snap install fwupd

sudo fwupdmgr refresh

sudo fwupdmgr update

#(say yes, yes, and yes to reboot)

Gemini reassured that the devices listed with "no updates" are not a concern, we should only check whether the mokutil tests below work OK.

As per the verification link above, 

Tested with

mokutil --db | grep "2023"

            Not Before: Jun 13 19:21:47 2023 GMT

        Subject: C=US, O=Microsoft Corporation, CN=Microsoft UEFI CA 2023

mokutil --kek | grep "2023"

            Not Before: Mar  2 20:21:35 2023 GMT

        Subject: C=US, O=Microsoft Corporation, CN=Microsoft Corporation KEK 2K CA 2023

Removed the fwupd snap, and also removed snap itself to prevent bloat

sudo snap remove fwupd

(and remove snap itself on ELS)

snap list

(if nothing other than core, core20, lxd, or snapd, can remove)

sudo systemctl disable --now snapd.service snapd.socket

sudo apt-get purge -y snapd

sudo rm -rf /snap /var/snap /var/lib/snapd /var/cache/snapd /usr/lib/snapd

Found that the L VM was already up-to-date since it was a newer VM, created in 2025.

SDev2 had to be updated in the same manner as for the HAPROXY VM above.

SSS web server also had to be updated in the same manner.

On the AWS VM, I see

mokutil --sb-state

EFI variables are not supported on this system

Gemini says,

You do not need to do anything for this AWS VM. You are completely in the clear.

Seeing EFI variables are not supported on this system means that this specific EC2 instance is not using UEFI Secure Boot at all. In fact, it is likely booting using Legacy BIOS rather than UEFI.

With that, all the VMs seem to be accounted for.

Samsung phone Gboard voice typing icon vanished

At some point of time, after some upgrades / updates, the voice-typing mic icon vanished, for the Gboard keyboard on my Samsung M34 5G phone. 

There were lots of contradictory (and perhaps out-dated) info online on how to re-enable voice-typing, but what worked for me was as follows. Gboard was already set as the default keyboard, and not Samsung keyboard in the settings. 

When Gboard was visible, the path to set this was,
the icon to show more items - 

then the Gboard settings icon,

 followed by voice-typing

and finally slide to enable "Use voice typing" as below.

Then the mic icon at the top right corner of Gboard becomes visible.

income tax filing has become simplified

Income tax filing for us in India has now become further simplified. Bank interest and salary income are automatically being pre-filled via the AIS, so only capital gains if any, from sale of mutual fund units, needs to be entered by us. No need to keep track of any other deductions, since we've now moved to the new tax regime. Also, no need to report gift from parents / sister. So, my workflow was:

1. Download AIS from the income tax site

2. Check the salary component in AIS against the Form16 given to us from the office
3. Verify that the AIS contains the interest statements from all three banks in which I have accounts

4. Download Capital Gains statement from MFCentral 

5. Go through ITR2, entering only minor info (like "secondary address is same as primary address") and the capital gains schedules (which have also become simplified for me since most of the current redemptions are of assets purchased after 2018 and can be entered just as single consolidated figures).

in-place upgrade Ubuntu 22.04 web server to Ubuntu 24.04

One of our web servers was running Ubuntu 22.04 and showed that an upgrade was available via 'do-release-upgrade'

I took the plunge, running the upgrade via screen in case our connection broke. (The upgrade process also auto-starts sshd on port 1022 also, in case the upgrade needs recovery. But thankfully, I didn't need it.)

Chose the default options every time for retaining the configuration files. Noticed that apache showed a "syntax error" in config files.

After the restart, checked apache status with

sudo systemctl status apache2

× apache2.service - The Apache HTTP Server

     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)

     Active: failed (Result: exit-code) since Sat 2026-06-06 04:18:46 UTC; 1min 46s ago

       Docs: https://httpd.apache.org/docs/2.4/

    Process: 797 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

        CPU: 28ms

Jun 06 04:18:45 sssihms-web-vm2023 systemd[1]: Starting apache2.service - The Apache HTTP Server...

Jun 06 04:18:45 sssihms-web-vm2023 apachectl[821]: apache2: Syntax error on line 146 of /etc/apache2/apache2.conf: Syntax error on line 3 of /etc/apache2/mods-enabled/php8.1.load:>

Jun 06 04:18:46 sssihms-web-vm2023 systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE

Jun 06 04:18:46 sssihms-web-vm2023 systemd[1]: apache2.service: Failed with result 'exit-code'.

Jun 06 04:18:46 sssihms-web-vm2023 systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

Claude pointed out that Ubuntu 24.04 has php8.3, so loading php8.1 would fail. So, 

sudo a2dismod php8.1

# Install php8.3

sudo apt install php8.3 libapache2-mod-php8.3

# this had already been installed during the upgrade

# Enable the new module

sudo a2enmod php8.3

sudo systemctl restart apache2

All good. Wordpress is also running fine.

lobby Raspberry Pi not booting

We had multi-day issues booting the Raspberry Pi in the lobby, which would play a video loop. Disconnecting the USB power and re-connecting it, or taking out the micro-sdcard, checking it for errors on Linux Mint and then re-inserting it would make it work.

Suspecting power supply issues, the current idea is to

1. add a separate switch to turn on power to the Pi after the TVs are powered on.

2. change the power cord as well as the USB power adapter

With these two changes, the Pi booted up without trouble today, we would probably need to monitor it for a week or so to be sure that this has solved the problem.

visuals on planetarium dome getting washed out

Copy-pasting from an email thread - 

Just a follow-up on the issues with washed-out visuals we were facing.

When slowly fading in particular scenes, we can clearly see a point where parts of the scene get washed out, with the projector suddenly jumping in brightness. Looks like this projector, Optoma ZK-507-W, has some poorly executed "high-brightness" handling, which we don't seem to be able to disable. As long as we keep large areas below 50% brightness, small bright areas like stars, trails etc can be viewed with good contrast. 

I think it is some sort of local dimming similar to what is used in some TVs, https://www.academia.edu/88311604/Backlight_local_dimming_algorithm_for_high_contrast_LCD_TV but with very poor results.

Perhaps a warning line can be added at https://paulbourke.net/dome/faq/#projectors for this projector, indicating its poor performance.

To which Paul replied,

I  assume you have tried

1. Turning off the DynamicBlack settings in Display ->  Image setting -> Brightness mode menu.

2. Turning off the HDR/HLG in Display -> Image settings -> Dynamic range menu.

Yes for the 2nd, there was no such menu for the first point. Since my source is not HDR, I also tried "Auto" in addition to "Off".

Also, have tried all the different modes, including "Film" - even that has the noticeable brightness jump once a large enough area has a pixel value high enough (perhaps >50%). 

(Interestingly, some planetarium shows have more problems than others.

Eg. Unseen Earth, https://www.unseenearth.eu/ - has some drone shots etc which look terrible on our dome if I don't mask out most of it to <50%

Mars - the Ultimate Voyage - https://www.bellmuseum.umn.edu/mars-ultimate-voyage/ - has gamma settings, lighting etc such that most of the show looks pretty good on our dome.

In our own productions using OpenSpace, https://www.openspaceproject.com/ , there seems to be a difference between scenes rendered on Mac and scenes rendered on PC (Linux). Maybe gamma differences.

These micro-organisms are rendered fine, while I had to darken these scenes rendered on Mac for Jupiter, Saturn and Europa to not become completely washed out.

Interestingly, this scene, rendered on Linux, is fine.)