You CAN kill yourself or someone else hastily emulating something this silly/suicidal looking.
There's something to be said about intuition, particularly yours in this situation.
What am I looking at?
You're looking at the Halo PAPR. This 3D printed model is an adaptation of what a surgeon might use in the operating room while treating COVID-19 patients.
Did you make this?
Yes and no.
While I had the idea to design a 3D printed PAPR very similar to this, my model made use of a full-face snorkel mask.
The man who designed this is Guy Kuo. Kuo is an anesthesiologist who practices in Bellevue, Washington at Overlake Medical Center and Evergreen Health. Apart from having one of the coolest specialties in medicine, he's also a 3D printer fanatic and talented designer and engineer!
Recently, Guy became of one my few man-crushes due to his ingenious design. What you saw me wearing was the "Halo PAPR" or Personal Air Powdered Respirator.
I have another, much bulkier PAPR design that is entirely my own which makes use of a ULPA ("Ultra Low Particulate Air") filter with a MERV 17 rating.
What is new is my adaptation for civilian use:
This alteration makes use of a Nalgene lid, a cut-up n95 mask, a carbon filter mask, some pillow stuffing (aka Ploy-fil useful for compressing the layers of the n95 together to maintain filter performance in addition to adding even more mechanical filtration) and aquarium silicone for a perfect seal.
Ok but why?
I'll be candid, the journey that ended here started with a sort of paranoia.
My 70-year-old mom is one of the best teachers I know. She teaches elementary and middle school as a retired teacher, turned substitute and tutor. Although she is out of work now, as are most of us including myself, I didn't know there would be a shelter-in-place order. Although I hate that she still needs to work, she's the most committed and caring person in my life. Her care and attention to students as well as my gratitude and protectiveness of her had me very concerned, to say the least. Anyone who works with children or know someone who does also knows just how often and easily those people get sick. I remember being pained every time I would see my mother battling whatever seasonal malady had been incubating among her students. I could not face the likely possibility that if she were to keep teaching that she, along with my father, would likely become very ill. I worried that even if they recovered, it might not be fully.
So rather than face this tragic likelihood, I decided to act. With social distancing loosening and uncertainty on the horizon as protesters and anti-vaxers selfishly storm the streets, I am acting once again.
As a wise former-man-crush once said: "You cannot get people to change by force. If you want change, you simply must provide a better alternative."
I act today not out of paranoia. I act to promote science, compassion for others, and creative, intrepid, action instead of ignorance, disregard, and indolence.
Finally, I also act to bring attention to Guy Kuo. Technologies like his Halo PAPR will allow caretakers and doctors in countries like India to protect themselves. It will allow people like me to protect my mom and dad. Kuo's competition, the 3M Versaflo TR-300 and similar are in short supply and can cost upwards of $3000.
How much did this cost you to make?
I was given 3D printer filament by a generous donor on Nextdoor for use in aiding healthcare workers. I took apart an old laptop and retrieved the 51mm blower fan myself. The rest has been put together with what I had around the house. Remember, I'm out of a job and out of money. I haven't even received my $1200 at this point in time.
Grand total of $0.
Why are you wearing a mask? Don't you have enough PPE already?
Look closely at the Halo PAPR. It's ok if you walk back to get a second look, I don't mind. You'll notice that while I'm protected by state of the art filtration and positive pressure...you...well you get the unfiltered exhaust.
The ONLY reason I am wearing a mask is to protect YOU.
I also design websites, deliver groceries, and offer my consultation and mad research skills. My cup is as empty as my wallet; I'm open and willing to help however I can.
My best friend in LA, electronic musician fzen, joins the fight and ups the stakes.
His music is absolutely incredible. Seriously moving and melodic stuff. Hope it reminds you of all the beauty in the world. fzen spends hundreds of hours on each track. :o You heard it here first. :p
I wish I could see him right now, but we've got important things to do right where we are. I've finally mastered leveling my Ender 3, so already I'm seeing vast improvements in print time. I've also been using FreeCad to develop a honeycomb laminar flow HEPA powered design of my own. ;)
Pro tip: Use some Aquarium Silicone to coat the inside and out to ensure a watertight, durable design.
Lonny Shavelson, MD and Thalia DeWolf, RN, CHPN of Bay Area End Of Life Options, these prints and those that follow are yours.
Keep up the amazing work. I can't think of better people or a better cause. :)
Just a little pet project of mine, I hope you find it helpful. I may come back to this post to explain my sources as well as some of the math and statistics involved.
On Linux operating systems, the chattr command modifies the attributes of files, and lsattr lists (displays) them.
In Linux, file attributes are flags which affect how the file is stored and accessed by the filesystem. They are metadata stored in the file's associated inode.
Set the file's version/generation number. This is an arbitrary
nine-digit number assigned to a file when it is created. It is not
unique. It may be changed to any other arbitrary number.
-pproject
Set the file's project number.
mode ...
One or more mode strings. For more information, see Mode strings, below.
file ...
The file or files to be changed.
Mode strings
A mode string consists of an operator and one or more attributes. It takes the form:
One of the following operators must appear at the beginning of a mode string:
character
operation
+
Attributes listed will be added to the file.
-
Attributes listed will be removed from the file.
=
The attributes listed will be added; any attributes omitted will be removed.
The remainder of the mode string is a series of characters, each representing an attribute. They are case-sensitive, cannot be separated by whitespace, and may appear in any order. For a list of attribute characters, see Attributes, below.
Example mode strings are "+caS", "-Asd", and "=eAsS".
Multiple mode strings may be specified to combine + and - operators in a single command, e.g. "+asD -c" and "-a +s +D -c" are both valid.
Recursively list attributes of directories and their contents.
-V
Display the program version.
-a
List all files in a directory, including those whose name starts with a period ('.').
-d
List directories as regular files, rather than listing their contents.
-v
List the file's version/generation number in addition to its attributes.
List of Attributes
The following characters represent attributes that may be modified by chattr or listed with lsattr.
character
attribute
description
a
append only
The file may only be opened for writing in append mode: its existing data may not be overwritten. It cannot be deleted or renamed; hard links cannot be made to this file; most of its metadata cannot be changed. Modifying this attribute requires root privileges.
A
no atime updates
When the file is accessed, its atime record is not modified, which in some situations can reduce disk I/O.
c
compressed
Files with this attribute are automatically compressed by the kernel when written to disk. Its contents are uncompressed when read. Note: This attribute has no effect in the ext2, ext3, and ext4 filesystems.
C
no copy on write
Files with this attribute are not subject to copy-on-write updates.
If this attribute is set on a directory, new files created in that
directory will have this attribute set. Note: This attribute is
only effective on filesystems which perform copy-on-write. On btrfs,
this attribute should be set on new or empty files. If this attribute is
set after a btrfs file already contains data, the time when its data
will be stable is undefined.
d
no dump
Files with this attribute are bypassed in any backup initiated by dump, a legacy tool for ext2 filesystems.
D
synchronous directory updates
Changes to a directory with this attribute are written synchronously
to disk. That is, the system waits for write completion before doing
something else. Equivalent to the the dirsync option to the mount command, applied to a subset of files on a filesystem.
e
block extents
Indicates that a file should be stored using block
extents. Data is stored contiguously between two blocks, and only those
two blocks must be known to find the file's data. Block extent mapping
may potentially save disk space, because it reduces the number of blocks
which must be listed in the file's inode.
i
immutable
Files with this attribute cannot be deleted or renamed; hard links
cannot be made to this file; most of its metadata cannot be changed;
data cannot be written to the file. Modifying this attribute requires
root, or a process with the CAP_LINUX_IMMUTABLE capability, as set with setcap.
j
data journalling
A file with this attribute has all its data written to its journal
before being written to the file itself. Only effective on ext3 and
ext4 filesystems which have journalling enabled and the "data=ordered"
or "data=writeback" options set. If journaling is enabled in those
systems, but the "data=journal" option is set, this attribute has no
effect. Only root or a process with CAP_SYS_RESOURCE capability as set
with setcap can change this attribute.
P
project hierarchy
A directory with this attribute will enforce a hierarchical
structure for project IDs. Files and directories created in the
directory will inherit the project ID of the directory. Rename
operations are constrained so when those files or directories are moved
to another directory, the project IDs will match. Hard links to these
files may only be created if the project ID of the target and
destination match.
s
secure deletion
If a file with this attribute is deleted, its data is overwritten with zeroes, similar to a simple shred. This attribute is ignored by ext2, ext3, and ext4 filesystems.
S
synchronous updates
When files with this attribute are modified, the changes are written synchronously to disk. Equivalent to the sync option of the mount command, for individual files.
t
no tail merging
A file with this attribute will not have any partial block fragment
at the end of the file shared with another file's data. This attribute
is necessary for software such as LILO,
which reads the filesystem directly and is not aware of tail merging.
Some filesystems do not support tail merging, in which case this
attribute has no effect.
T
top of directory hierarchy
A directory with this attribute is deemed to be the top of directory
hierarchies by the Orlov block allocator, used by ext2 and ext3. The
attribute gives a hint to the allocator that the subdirectories are not related in how they are used, and their data should be separate when blocks are allocated. For example, the /home directory may have this attribute, indicating that /home/mary and /home/john should be placed in separate block groups.
u
undeletable
When a file with this attribute is deleted, its contents are saved,
enabling their later undeletion. Undelete tools which can take advantage
of this attribute include extundelete.
Read-only attributes
The following attributes are read-only. They cannot be set or unset by chattr, but can be listed by lsattr.
character
meaning
description
E
compression error
The filesystem is not able to automatically compress this file.
h
huge file
The file is storing its blocks in units of the filesystem's blocksize instead of in sectors. The file is, or previously was, larger than 2 TB.
I
indexed directory
The directory is being indexed with a hashed tree (htree).
N
inline data
The file has data stored inline, within the inode itself.
X
compression raw access
An experimental attribute indicating that the raw contents of a compressed file may be accessed directly.
Z
compressed dirty file
An experimental attribute indicating that a compressed file is dirty (incompletely written).
Examples
View attributes of files
For this example, we will create three empty files with touch:
touch file file2 .file
We can view their permissions with ls, using the -l option:
ls -l
total 8
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file2
File names starting with a dot (period) are not listed by ls unless the -a option is used:
ls -a
total 28
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 .file
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file2
Now let's view attributes by running lsattr:
lsattr
-------------e-- ./file
-------------e-- ./file2
As with ls, we must use the -a option to view files whose name starts with a dot:
Attributes which apply only to directories, such as D, will not be set on regular files, successfully — no error will be returned. For example, if you try to run chattr +D on a regular file, chattr will do nothing to those files, and return a successful exit status.
Notice in the next command that we try to set the D attribute on both a regular file and a directory. The attribute is set on the directory, is not set on the regular file, and chattr returns successfully.
(The && control operator will run the next command
only if the previous command returns a successful exit status. For more
information, see Shell grammar in bash.)
To unset an attribute, use the - operator before your list of attributes.
Only one operator may be specified per mode string, but you can specify multiple attributes one after the other (without whitespace), in any order. You may specify multiple mode strings, each with their own operator.
If an attribute requires root privileges, but you are not running the command as root, chattr will not change any
attributes for that file. It will continue trying to operate on other
files, and when it completes, it will return a failing exit status (an
error).
To illustrate this, in the next command, we'll try to set the a attribute on every file in the current directory without using sudo. This should fail (unless we are logged in as root), because setting a requires superuser privileges.
Also, note that in the next command we use echo to display the value of the bash special parameter? (a question mark). The ? parameter contains the exit status of the previous command, so it will tell us if chattr succeeded (0) or failed (1). Like all bash parameters, we refer to its value by prefixing its name with $.
chattr -sS +a *; echo $?
chattr: Operation not permitted while setting flags on dir
chattr: Operation not permitted while setting flags on file2
1
Notice that file did not cause an error. It already had the a flag from a previous command, so it causes no error; and so the rest of the changes (-sS) went through just fine. The other file and directory both caused an error, and were entirely unchanged.
To set every file to match an explicit set of attributes, use the = operator. Any listed attributes will be set, and any not listed will be unset.
If you set the i attribute, a file will be marked as
"immutable", meaning its data (and some vital metadata) cannot be
changed, even by root, until the attribute is unset.
chown — Change the ownership of files or directories. chmod — Change the permissions of files and directories. ls — List the contents of a directory or directorie
This is a generalist engineer. They may have a variety of different technical backgrounds (back-end, systems, etc). Regardless of specialty, they have great productivity. They follow an iterative process. They are a coding machine. They are a move fast and break things programmer.
Linux Internals Engineer
This is an engineer who is comfortable working with Linux (or Unix-like) operating systems at a low level. They may have experience working on device drivers. They are comfortable thinking about scheduling, interrupts, file systems system calls. They can explain Spectre and Meltdown, and how they were mitigated.
Architecture/Design-Focused Generalist
This is a generalist engineer. They may have a variety of different technical backgrounds (back-end, systems, etc). Regardless of specialty, they have a strong focus on software architecture. They write clean, modular code. They do very well on software / OOP design problems. And they reason well about the interactions of complex systems.
Search for package(s) by searching the expression in name, description, short description. What exact fields are being searched by default varies in each tool. Mostly options bring tools on par.
pacman -Ss
dnf search
apt search
zypper search zypper se [-s]
emerge -S
Upgrade Packages - Install packages which have an older version already installed
pacman -Syu
dnf upgrade
apt update && apt upgrade
zypper update zypper up
emerge -uDN @world
Upgrade Packages - Another form of the update command, which can perform more complex updates -- like distribution upgrades. When the usual update command will omit package updates, which include changes in dependencies, this command can perform those updates.
pacman -Syu
dnf distro-sync
apt update && apt dist-upgrade
zypper dup
emerge -uDN @world
Clean up all local caches. Options might limit what is actually cleaned. Autoclean removes only unneeded, obsolete information.
pacman -Sc pacman -Scc
dnf clean all
apt autoclean apt clean
zypper clean
eclean distfiles
Remove dependencies that are no longer needed, because e.g. the package which needed the dependencies was removed.
pacman -Qdtq | pacman -Rs -
dnf autoremove
apt autoremove
zypper rm -u
emerge --depclean
Remove packages no longer included in any repositories.
pacman -Qmq | pacman -Rs -
dnf repoquery --extras
aptitude purge '~o'
Mark a package previously installed as a dependency as explicitly required.
pacman -D --asexplicit
dnf mark install
apt-mark manual
emerge --select
Install package(s) as dependency / without marking as explicitly required.
pacman -S --asdeps
dnf install => dnf mark remove
apt-mark auto
emerge -1
Only downloads the given package(s) without unpacking or installing them
pacman -Sw
dnf download
apt install --download-only (into the package cache) apt download (bypass the package cache)
zypper --download-only
emerge --fetchonly
Start a shell to enter multiple commands in one session
apt-config shell
zypper shell
Show a log of actions taken by the software management.
cat /var/log/pacman.log
dnf history
cat /var/log/dpkg.log
cat /var/log/zypp/history
located in /var/log/portage
Get a dump of the whole system information - Prints, Saves or similar the current state of the package management system. Preferred output is text or XML. (Note: Why either-or here? No tool offers the option to choose the output format.)
(see /var/lib/pacman/local)
(see /var/lib/rpm/Packages)
apt-cache stats
n/a
emerge --info
e-mail delivery of package changes
apt install apt-listchanges
Action
Arch
Red Hat/Fedora
Debian/Ubuntu
SUSE/openSUSE
Gentoo
Querying specific packages
Action
Arch
Red Hat/Fedora
Debian/Ubuntu
SLES/openSUSE
Gentoo
Show all or most information about a package. The tools' verbosity for the default command vary. But with options, the tools are on par with each other.
pacman -[S|Q]i
dnf list, dnf info
apt show / apt-cache policy
zypper info zypper if
emerge -S; emerge -pv; eix
Display local package information: Name, version, description, etc.
pacman -Qi
rpm -qi / dnf info installed
dpkg -s / aptitude show
zypper info; rpm -qi
emerge -pv and emerge -S
Display remote package information: Name, version, description, etc.
pacman -Si
dnf info
apt-cache show / aptitude show
zypper info
emerge -pv and emerge -S or equery m (meta)
Display files provided by local package
pacman -Ql
rpm -ql
dpkg -L
rpm -Ql
equery files; qlist
Display files provided by a remote package
pacman -Fl
dnf repoquery -l or repoquery -l (from package yum-utils)
apt-file list $pattern
pfl
Query the package which provides FILE
pacman -Qo
rpm -qf (installed only) or dnf provides (everything) or repoquery -f (from package yum-utils)
dpkg -S / dlocate
zypper search -f
equery belongs; qfile
List the files that the package holds. Again, this functionality can be mimicked by other more complex commands.
pacman -Ql pacman -Fl
dnf repoquery -l
dpkg-query -L
rpm -ql
equery files; qlist
Displays packages which provide the given exp. aka reverse provides. Mainly a shortcut to search a specific field. Other tools might offer this functionality through the search command.
pacman -Fo
dnf provides
apt-file search
zypper what-provides zypper wp
equery belongs (only installed packages); pfl
Search all packages to find the one which holds the specified file. auto-apt is using this functionality.
pacman -Fs
dnf provides
apt-file search
zypper search -f
equery belongs; qfile
Show the changelog of a package
pacman -Qc
rpm -q --changelog
apt-get changelog
rpm -q --changelog
equery changes -f
Action
Arch
Red Hat/Fedora
Debian/Ubuntu
SUSE/openSUSE
Gentoo
Querying package lists
Action
Arch
Red Hat/Fedora
Debian/Ubuntu
SLES/openSUSE
Gentoo
Search for package(s) by searching the expression in name, description, short description. What exact fields are being searched by default varies in each tool. Mostly options bring tools on par.
pacman -Ss
dnf search
apt search
zypper search zypper se [-s]
emerge -S; eix
Lists packages which have an update available. Note: Some provide special commands to limit the output to certain installation sources, others use options.
pacman -Qu
dnf list updates, dnf check-update
apt-get upgrade -> n
zypper list-updates zypper patch-check (just for patches)
emerge -uDNp @world
Display a list of all packages in all installation sources that are handled by the packages management. Some tools provide options or additional commands to limit the output to a specific installation source.
Display all packages that the specified packages obsoletes.
dnf list obsoletes
apt-cache show
Generates an output suitable for processing with dotty for the given package(s).
apt-cache dotty
n/a
Action
Arch
Red Hat/Fedora
Debian/Ubuntu
SUSE/openSUSE
Gentoo
Installation sources management
Action
Arch
Red Hat/Fedora
Debian/Ubuntu
SLES/openSUSE
Gentoo
Installation sources management
${EDITOR} /etc/pacman.conf
${EDITOR} /etc/yum.repos.d/${REPO}.repo
${EDITOR} /etc/apt/sources.list
${EDITOR} /etc/zypp/repos.d/${REPO}.repo
layman; eselect repository
Add an installation source to the system. Some tools provide additional commands for certain sources, others allow all types of source URI for the add command. Again others, like apt and dnf force editing a sources list. apt-cdrom is a special command, which offers special options design for CDs/DVDs as source.
/etc/pacman.conf
/etc/yum.repos.d/*.repo
apt-cdrom add
zypper service-add
layman, overlays
Refresh the information about the specified installation source(s) or all installation sources.
Add a package lock rule to keep its current state from being changed
/etc/pacman.conf modify IgnorePkg array
dnf.conf <--”exclude” option (add/amend)
apt-mark hold pkg
Put package name in /etc/zypp/locks, or zypper al
/etc/portage/package.mask
Delete a package lock rule
remove package from IgnorePkg line in /etc/pacman.conf
apt-mark unhold pkg
Remove package name from /etc/zypp/locks or zypper rl
/etc/portage/package.mask (or package.unmask)
Show a listing of all lock rules
cat /etc/pacman.conf
/etc/apt/preferences
View /etc/zypp/locks or zypper ll
cat /etc/portage/package.mask
Set the priority of the given package to avoid upgrade, force downgrade or to overwrite any default behavior. Can also be used to prefer a package version from a certain installation source.
If you just want to add a user to a group use the following command:
1
sudo adduser username grouptoadd
This will add your user: username, to the grouptoadd group. More often than not, this is the best practice for when you want to add a user to a group. Technically, this is considered a secondary group. The primary group defaults to a group that is the same as the username in Linux. In this example, the primary group for username would most likely be called “username” as well.
The Nitty-Gritty Details and a Tutorial
There are two kinds of groups:
Primary Group: This is the group applied to you when you log in; in most user cases it has the same name as your login name. The primary group is used by default when creating new files (or directories), modifying files, or executing commands.
Secondary Groups (AKA Supplementary Groups): These are groups you are a member of beyond your primary group. As an example, this means that if a directory or file belongs to the www-data group (as used by the web server process in this case), then all www-data group members can read or modify these files directly (assuming the permissions also allow for this).
A list of all currently available groups can be found in the /etc/group file.
Note that every group can also have administrators, members, and a password. See explanations of the gpasswd and sg commands below.
1. Create a New User: useradd or adduser
Linux users can be added via the useradd or adduser commands. Note that useradd is the native binary associated with Linux systems, whereas useradd is a Perl script that uses said binary in its backend. Both commands share functionality, but some say adduser is more user-friendly, so we’re going to start there in our demo. Using the adduser command, let’s create a new user: foobar. Later we’ll change the group permissions for this new user.
1
sudo adduser foobar
We will be asked to enter our (sudo-allowed) user password before the user account is created:
1
2
3
4
5
6
[sudo]password foruser:
Adding user foobar' ...
Adding new groupfoobar'(1001)...
Adding newuser foobar' (1001) with groupfoobar'...
Creating home directory`/home/foobar'...
...
We see that the user, foobar, was assigned the primary group, foobar, by default.
2. Get User ID and Groups Information: id and groups
To show all the user information and group memberships, we can use the id command:
There is another way to achieve the same result as above using the usermod command:
1
$sudo usermod-Gwww-data foobar
The uppercase -G option refers to a secondary or supplementary group. Now foobar will have access to the www-data group files, but new files created by that user will not have the www-data group label by default.
It’s also possible to add a user to several secondary groups at once using the usermodcommand:
1
$usermod-a-Ggroup1,group2,group3 foobar
The optional -a option makes sure the groups are added to the existing secondary groups of the user (if these exist). If this option is omitted, the user will be removed from any groups not listed after the “-G.”
5. Create or Delete a Group in Linux: groupadd and groupdel
Using the groupadd command, we can create a new group: group1.
1
2
sudo groupadd group1
sudo adduser foobar group1
We can then remove group1 from the Linux system utilizing the groupdel command:
1
sudo groupdel group1
This will also remove the memberships of any user related to this group.
User Administration in Linux (Other Commands and Articles to Try)
Let’s wrap up this article by referring to some of the other group commands in Linux:
groupmod: modify a group definition (e.g., the group ID, group name, or password)
gpasswd: administer /etc/group and /etc/gshadow files (every group can have administrators, members, and a password)
chown or chgrp: change individual or group ownership of a file or directory
Now you should be able to confidently configure users, groups, and their administrative info in Linux. Feel free to check out our article on changing file ownerships in Linux for more insights.
The following is cited and not my work. I make no money from posting such things. I just share with a few friends.
[1]S. Roberto, "Linux: Add User to Group (Primary/Secondary/New/Existing) - HostingAdvice.com", HostingAdvice.com, 2019. [Online]. Available: https://www.hostingadvice.com/how-to/linux-add-user-to-group/. [Accessed: 28- Jun- 2019].Let’s see how we can add new and existing users to primary and secondary groups in Linux. The standard Linux permission model makes use of users, groups, and file permissions (i.e., read, write, execute, and a sticky bit).
