Members

Members directory

  • Profile picture of anthony
    active 5 hours, 26 minutes ago

No Responses to “Members

  • A brilliantly written account that uncannily reflected my experiences on the day. Excellent stuff.

  • Chateau sir (you are the King of the Castle). 2015 was my first* Fred Whitton and you have described it to the minute and to the emotion. My personal learning from the Calder Bridge food stop is that apricot-jam-and-cheese is a valid sandwich.
    (*: whether there is a second is a complex ballet between: my psyche that has already started thinking about which sections I could go faster on; the same psyche on whether I actually want to even risk entering the ballot; and negotiations with the family about other ways to spend my waking hours).

  • Rob, Malc – you are both too kind.

    A few weeks ago now – but still very much in my mind. The effect of “this is not a hill” or “this is not pain” is still very much in effect – along with the rest of the club that went still making with the “Good Effort” and “How Do”. It amuses.

    Would I go next year – maybe. Has it tempted to me to do something like a Marmott – maybe also.

    The over riding feeling we have all been left with “I DID A THING” – a sense of achievement that cannot be taken away. … it was – emotional.

  • In case it helps, the repetition of “nom nom nom” seems to be caused by /etc/default/grub.d/dmraid2mdadm.cfg appending the entries to the kernel command line without checking and dpkg-reconfigure grub-pc picking those up and writing them into /etc/default/grub — so each reconfigure of grub-pc will add one more iteration :-(

    See my blog post (http://ewen.mcneill.gen.nz/blog/entry/2015-06-14-ubuntu-lucid-to-trust-in-two-larger-steps/) for some more details/links.

    Ewen

    • Ewen – many thanks – much appreciated… I was getting that ‘it’s just me feeling‘. Indeed this is an MD configuration – and this appears to be the issue.

  • An update on this – how silly I am. I *assumed* that the issue was specific to Debian and Ubuntu.

    I had *assumed* that they were concentrating their efforts on the more standard ‘enterprise’ (read stable through using really old stuff and not innovating (okay – except the installed for CentOS7 I like that))… but oh no. CentOS 3.10.0-229.7.2.el7.x86_64 – no dice either. Lush. Is there actually anything current you DO support?

    CentOS7 – either cPanel decided it needed its own kernel – OR – CentOS7 is not supported either as I am directed towards:

    ======================

    You can download it here:
    http://repo.r1soft.com/modules/Centos_7_x64/hcpdriver-cki-3.10.0-229.7.2.el7.x86_64.ko

    — Download the module from the link above and place it here:
    /lib/modules/r1soft
    — Restart the agent:
    # /etc/init.d/cdp-agent start
    — Make sure the module is loaded:
    # lsmod | grep hcpdriver

    ======================

  • Funnily enough, as I driver, I feel the same way whenever I see/hear cyclists bemoaning those drivers who don’t know how to share the road with cyclists.

    I do know how to drive around cyclists and get similarly irked when tarred with the same brush as those who don’t.

  • FOLLOW UP ON WINDOWS 10 EMAIL ISSUES

    The solution to the random and related issues of unable to find host, SSL failure, unable to connect and so on that started after the upgrades to Windows 10 seems to be quite straight forward.

    The update said it went okay – alas – it did not.

    The solution is to check the files installed – and make good.

    While this takes a while – it appears to resolve the random wrongness we are seeing after people upgrade to Windows 10 – where Outlook stops working – when it did perfectly well before.

    With elevated privileges run the following at the command line:

    sfc /scannow

    … let it do it’s thing – find the files that are not as they should be – take an age doing so.

    Return to machine working.

    Great success.

  • My good friend. I have this same exact issue and I have a support ticket opened up with Dell since September 21st. They have no resolve for it and are “working on it”. No ETA. Did you ever find out what the issue was? Also what is your support ticket number so maybe the two support reps can work together to get this resolved.

  • Brad – hello.

    Yes, we did, of sorts – hence the post. That and the shock that if we have 10+ in stock not racked up – of differing ages – all with the same issue… then this is going to be a wider, if not global issue. I could not find anything on it online – so thought it was worth putting down the experience should someone (you in this case) have similar… as a goal that has been met.

    We went through the support hoops of applying most current firmware. Then the beta version. Then the 64bit version. Then the September boot-from-patch-o-matic-ISO full of firmware. Still no dice. They attempted to recreate the issue in their lab, and discovered an issue with one of the files on the FTP server and resolved that. Still no luck. They approached L3 support who advised them to roll it back. After a huge song and dance they enabled full iDRAC enterprise license on the host so they could remote work. Recreated the problem. Went through all the obvious steps. Repeatedly. Then rolled the firmware back to an OLD version. The old version connected without issue.

    SO – yes the problem has been identified, and yes there are means to resolve. HOWEVER if you do update – it ceases to function so the solution is mute.

    They are able to recreate the issue there – which means this must be an awful lot of Power Edge R220’s that are not going to be able to update, again, ever – unless they have manual intervention and have the firmware retrograded.

    I am not happy to share the ticket reference – however I am happy to share the surname of the long suffering support engineer – her surname is Thampi and would be UK support. While the solution was poor and took an age, their professionalism and diligence (almost) excuses the amount of time it took – and a lot of blaming the network connection.

    How have things panned out for you?

    I will update this once they have a real resolution moving forwards.

  • Dear Anthony,

    We have two R220’s with the same exact issue. I pointed our Dell Representative to this webpage so they could get an idea of what is going on hoping that maybe they can work on this in unison. I was not given half the support/information that you were given. I was asked to install the OME on a management node which is something I have no intentions of using or setting up at this time.

    So it looks like you were able to update everything with the Dell Repository all in one ISO. I might just have them send me that to update all my hardware firmware and worry about the LLC later. I will let you know if i find out any other information (i have this saved as a favorite).

    Also i greatly appreciate you posting this article. Hopefully Dell gets the hint that this is a huge issue that needs resolved. Please post an update if you find or hear of a resolution and I will do the same.

    For an entire week i also had to fight with Dell informing them that this was not a network issue on my side. It was a rather frustrating experience.

  • I am sorry to hear of your experience with the Dell Enterprise Support team. We seem to get through to the same people, so I assume they are UK specific – they certainly seem to work the same hours despite location. Their support was not the fastest – however this was partly down to it not being an issue or priority – more of a concern… I was not updating them very often. However they were exceptionally diligent in its pursuit which was appreciated.

    I was sent a lot of files to patch with. A few of which I managed to install. None of which worked. The ISO was a last ditch attempt. It was a bit of a blunt instrument in approach, but for hardware it located it patched if the version was higher on the disk. Nice. However – worth noting the reported BIOS release version for machines this was run on was the same as it was when it POSTs was unchanged after the patch CD had run. It certainly does seem to bring everything else up to speed though (PERC, NIC, etc.).

    Network issues. This was something I had been presented as a cause. More than once. I had tried this from an internal LAN range (where you could understand this), and an external allocation with the firewall off. A packet capture showed this up to be a standard FTP connection. I supplied times and IP’s for them to check their logs for access. My hope was this would show a request for a file. It being downloaded, and it underlining a local issue.

    On requesting means to enable a temporary enterprise license on the iDRAC – we left them to it. They reported back that the issue could be resolved by rolling the BIOS bask to an old version, and then the FTP issue did not occur.

    The titles above were my questions following this “solution” and the answers that followed.

    While it is great there is a means to resolve the FTP update issue. There is no advantage to this if using it breaks it again.

    You don’t have to be in an enterprise environment for this to be an issue.

  • On follow up yesterday I got the following this morning:

    Apparently, the bug is already visible to the LC development guys and they are working on it. I have sent them an email on what workaround can be suggested till the next release is out and I am awaiting a response from them.

    Got an update from the LC team that they are still root causing this issue however there is a suspicion on the role of the server BIOS in this matter.
    The workaround for this is what we have currently done, get down to 1.4 versions for the LC. Please don’t attempt to downgrade the BIOS .
    I will get back to you once I get the fix from the Product Team.

    …likewise, Brad, or in fact anyone else – if you have any updates – do let me know.

  • Article written in June, and update in October

    “The agent installation currently does not support 3.19 or newer kernels for Ubuntu installations. The 3.16 versions should work as intended. Any module for kernels higher then 3.16 will generate I/O errors. ” — R1soft support.

    So four months on – no movement on this. At all. The viabillity of this with Ubuntu or Debian looks bad.

    With 14.04LTS still under support – but a new LTS release out before too long – then they had better have a good plan moving forwards.

    If there was a platform we could move to that was as good – I would be pushing for that.

    r1soft does not support btrfs
    r1soft does not support xfs
    r1soft does not support 3.19 kernel
    r1soft does not support 4.0 kernel

  • I spoke with our Dell reps and they said that since this is an ongoing issue they were going to replace our r220’s with r320s. However they said since it was past the return period they have to get approval for the transaction. This is frustrating since I put in a ticket about 3 days after i received the servers which tells them that i had a problem since day 1. However, it took 3-4 weeks for Dell to finally realize there was an issue on there side which pushed me over the return window. Then our Dell Representative asked us if we could buy the 320s and keep the r220s for spares or repurpose them because they didn’t want to jump through all the hoops. I am at my wits end right now with Dell over this issue.

    Please let me know if Dell ends up resolving this issue. If it gets resolved before Dell ships me the new r320’s then i might just stick with what we have. I appreciate all the help.

  • Brad – hello.

    The Life Cycle Controller (LCC) is something that is key to remote management tie ins (such as OMSA), and ‘what the name suggests’ in terms of asset tracking. Otherwise it is something that slows up a box restart that even in the most ideal of situations always takes far longer than you would like it to.

    What surprises and concerns me the most is that I have highlighted this. What has essentially been an issue on this platform for anyone who has a newer BIOS or has updated from an older one will be unable to update again. While – as a group we are pretty much Dell / Cisco / APC all the way this is apparently “news to Dell” – to the point you found this article as opposed to your engineer saying “oh its this issue”. This is kinda odd if you ask me and highlights both failures in support knowledge and communication – and obviously in release / testing.

    The inability to update the firmware from the LCC is no great loss. If you absolutely have to update I believe it can still be done from the OS if the correct applications are installed? However we were looking to have that “from boot” knowledge that this was one more vector covered, another door bolted, one less hardware failure lurking.

    We wont be moving to another vendor – it is not a deal breaker – however what I do think its piss poor from a leading enterprise vendor.

    I don’t believe you would find this with HP kit – and it shouldn’t have to be a case of paying a premium for something that works as advertised.

    I trust you advised your Dell Representative where they could place their suggestion. Why on earth would you want to BUY R320’s when you spec’d and bought R220’s that you now cannot use? They seem to need an introduction to the clue stick!

  • Following up on this – and a discussion in the office… “Open Mindedness” … I guess it is as much about that as anything else.

    The “oh you use that” the lack of vision, acceptance, the ‘what I consider normal or you are wrong’.

    If you are offering services that can only be connected to by platform X – then maybe the issue is not platform Y – but your lack of planning, lack of flexibility.

    I wonder if that is indicative to to a wider issue with these people?

    It will be interesting – if a little depressing – to see how this pans out.

  • We have waited over 8 weeks to get a replacement sever from Dell and are still waiting for approval. I am flabbergasted with the service that we are currently getting from Dell. They agreed the issue was on there side and there was nothing they could do to fix it at the moment. Agreed to give us replacement servers. Now we have been delayed almost 2.5 months due to a Dell issue.

  • Brad – I do not know what to say.

    I recently had a follow up call regarding the matter: This was the usual Customer Service fluff – which while it has its place, specifically with non engineering staff – I do not appreciate someone without a full grasp of the situation (not the engineer I had been dealing with) calling up, not knowing what we did, who we are, or how this could feasibly cause us an issue. We are a big Dell hardware user (we only have 24 racks of the stuff on this site, but this is *not* a DC – we have 10 other locations in the UK that are) – the concept of ‘do you have many’ – or still trying to get mileage of out ‘we must have tested with different network hardware’ …. then on being challenged on it not being a network issue countered with ‘I am just guessing’ …. not ideal.

    I raised this on twitter – and they went back to the engineer – which to be fair – she has done a fantastic job…. however its others trying to pick up the ball and run with it and meet customer service as opposed to engineering goals that has caused me pain on this.

    As apparently this is not a priority (a BIOS fault that went unnoticed / undiagnosed for over a year?) – this will be released Q1 2016.

    Otherwise they state that a version 1.4 BIOS will work – just DO NOT ATTEMPT TO REGRESS IT … which is as good as not knowing or not having a solution IMHO.

    They have however issued a new link to the CD for updating to current firmware. A small victory.

    Realistically this for us is an obstacle to introducing a new policy / best practice. It is not preventing us from using hardware. However what it is showing clear chinks in the QA, BIOS code, functionality – that have gone undiagnosed, and unfixed for over a year. It also makes me question who – if anyone is using the FTP BIOS tools.

    How is this preventing you from using these hosts?

    Please do keep me abreast of any changes / updates regarding this.

  • Baby steps: “HTTPS Everywhere is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS. Information about how to access the project’s Git repository and get involved in development is here.” — https://www.eff.org/Https-Everywhere

  • More baby steps: “At Open Whisper Systems, we want everyone to have access to advanced secure communication tools that are as easy and reliable to use as making a normal phone call or sending a normal text message.
    Over the past year, we’ve been working to bring the privacy software we’ve developed for Android to the iPhone, and today we’re releasing Signal – free, worldwide, encrypted voice calls for iPhone, and fully compatible with RedPhone for Android.
    High Privacy, Low Friction
    Signal uses your existing number, doesn’t require a password, and leverages privacy-preserving contact discovery to immediately display which of your contacts are reachable with Signal. Under the hood, it uses ZRTP, a well-tested protocol for secure voice communication.
    Signal was designed specifically for mobile devices, using a jitter buffer tuned to the characteristics of mobile networks, and using push notifications to preserve battery life while still remaining responsive. Signal is also Free and Open Source Software, allowing anyone to audit the code for correctness or help contribute improvements. The project even pays out a percentage of donated Bitcoin for every merged pull request.” — https://whispersystems.org/blog/signal/
    Looking over the list of users who appear from my contacts – I admit to a wry chuckle to see the usual suspects appear.

  • Same issue here on 2 x R220’s

  • Aaaaaaaaaaaaaaaaand again. It is almost as if they are are not allowed to disclose them:

    http://www.theregister.co.uk/2015/11/25/dsdtestprovider/

    …and the removal of the Dell Root Certificates:

    http://www.dell.com/support/article/us/en/19/SLN300321?dgc=SM&cid=266893&lid=5645279

  • A word to the wise:

    Through much wailing and gnashing of teeth I have learnt another thing today.

    ERROR 1036 (HY000) at line 30: Table ‘BlahBlahBlah’ is read only

    SO, here we are. Read only tables, and no matter what you do regarding checking permissions on physical files, repairs, settings to ensure the default is not read only – the innodb tables are stuck RO.

    You start thinking about deleting folders and rebuilding them from backups – that will work right? But you cannot delete them – because they are properly irrevocably RO.

    nnnnnnNNNNNNNAAAAAARGH!

    It transpires that keeping the:

    innodb_force_recovery = 6

    … or more specifically anything above a 4 (I believe – I had better check that) will result in innodb tables being read only.

    You live – you learn*.

    * and you get a little greyer in the process every day.

  • Regretfully before too long I was back to square one.

    Cycling booting restarting.

    Nice.

    RO tables, and a fix works in terms of RO tables, and then back to looping. Nice.

    *SO* – dumped the whole lot to file.

    Purged MariaDB 10.1.

    Deleted the folder structure.

    Installed MariaDB 10.0

    Reimported the data forcing it all to InnoDB format (previously some MYI).

    Problem goes away.

    “Great Success”

  • Just received our R320 replacement servers in just under 11 weeks. Took forever but we did get the R320’s and they worked flawlessly.

  • **ADVISORY**

    Make sure you do turn this off again afterwards.
    The reason why I say this bit me today on one host where I had omitted to do so.
    Vulnerabilities discovered in older releases.
    Machine had attempted to update to new version.
    As far as it was concerned it was up to speed.
    It was not.
    Local version was 11.54.0.1 (insecure) … when other servers we have were on version 11.54.0.7 (secure).
    As such carry out the move to remove that file – and you have a winner when you re-run the script to update cPanel.
    Not so smart now… however resolved.

  • TechMoan has just done a new post on Compact Cassette – who knew.

  • Ever get any clarity on what was causing this? We’re getting hit by the same thing.

  • No. In a word.

    However the assumption that I made above fits well.

    They are reasonably autonomous, and are not really that interested in interactions that are not revenue generating.

    I no longer try submit caches of likely compromised account details from p0wn3d hosting accounts, they really don’t seem interested in anything that isn’t compliance, liability, and income… at which point they are right back to you.

    As such the chance of getting a straight answer back on this is equally low to none. However, if you, or indeed someone else should happen to have a definitive answer – DO SHARE.

  • Now we are looking at a month.

    After asking for an explanation it comes down to this – they are unwilling to replace any part of a bundled kit without the entire bundle being returned.

    Did they answer the repeated question on how am I meant to know which of the sensors or straps came with the kit, no.

    On the up side – are they asking / demanding for the original packaging – no. This is great – I seem to remember this argument when returning a tape deck with monster wow/flutter issues back in the day – equally around ten months old and still within warranty but the “we need it in the original box” … “Do you now. Well allow me to retort…” .

    Lacking in clear reasoning without requests – but lets hope now they have all the parts that Wiggle can progress this in a timely manner… even if I am currently unable to use the damned thing.

  • “In this weeks gripping episode of No Shit Sherlock…”

    http://www.fastcoexist.com/3058425/this-simulation-rewinds-bike-accidents-to-see-if-a-helmet-would-have-saved-your-head

    … which I would stand by.

    Mates who have had largeer blows to the head rendering their helmets rather mute windchimes strapped together – the resultant can leave with ongoing issues such as forgetfulness, repetition, so on. However they are still here – yay.

    Sure – there is also the camp that say that this introduces a larger leverage on the neck – in terms of rotational force – and I am behind that too. Equally I am aware that the stats in AU were skewed in terms of number of accidents, when vast numbers of people simply stopped riding when it became mandatory there to wear a helmet.

    Most annoyingly is the question from the professional … “were you wearing a helmet?”

    Please ask this with caution and tact… as “was this the root cause of my injuries?” … NO, it was a negligent driver being in a space they should not have been.. the helmet was mostly keeping my head warm up to that point. Equally it is not indicative of diligence.

    The last time I had cause to USE one a bunch of it wore away through dragging. This time, I would have had more than my hair parted. I chose to wear one… however I appreciate that a layer of foam and shell on top of my head is not a cure all, and I respect the wishes of others to wear / not wear as they see fit. The latter is an important thing to me.

  • Follow up on this again – after a colleague exclaimed that he must be onto a loser as he was looking for something and found something that I had written… more strength indeed to the location model of answer. If the IP of the requester is being passed this may be the issue.

    In our case we are using this with WHMCS – as you would as a hosting provider.

    In this particular case the account was setup with an IP in Cuba. Simply changing the requesting IP (to our own, as we were placing the payment now) – and the request went through, after it failing from their location.

    This does not detract from the fact that this is an appallingly handled error message. Vague in error message, and vague in documentation.

  • Why you no copy and Paste -damn you and your tin foil hat sir!

  • UPDATE:

    So – 5 weeks – ultrasound – too sore to do. 7 weeks MRI. 8 weeks definitive diagnosis.

    Two fractures involving the shoulder. Completely missed up to that point.

    Neck to shoulder nerve damage.

    Roll the dice. Embrace the winning.

  • UPDATE

    Scan or retain those proof of postage receipts from Collect+

    They had lost the Garmin, lost the sensors, and were unwilling to accept the emails they had sent saying they were in receipt.

    Thankfully I had scanned both of them – so had a copy of them.

    I mean how often do you keep those after you have been told they are received?

    Okay – how about 2 months later?

    No. Me neither!

    Scanning FTW in this case – at which point they ship me a new performance bundle 8pm, and it is with me before 9am the next day…. albeit in a box that looked like it had been run over.

    Trying to follow up on the where / why / how – nothing. Zero. They consider it resolved. No means to escalate, no means to follow up, no means to formally feed back.

    Irritated.

    There are many things that I will forego, overlook, work around… however disappointing me… not so much. I am … disappointed Wiggle. Shame on you.

  • Not that I am planning to defy (openly) my orthopedic / trauma consultant or physiotherapist – however the main material obstacle for me to getting back on the bike has been overcome.

    ‘just saying.

  • This particular adventure took place, and has taken place since on an Open-E platform.

    From their console there is a login that required shortcut keys to get anywhere.

    Open-E key combination for RAID controller set up is:

    CRTL + SHIFT + R

    PuTTY apparently does nice pass through according to their support – but I have had no issue with standard SSH console.

    Setting up the console can be found under:

    SETUP -> ADMINISTRATOR -> REMOTE ACCESS CONSOLE

    For me this saves a world of pain as these are old school Supermicro chassis – with KVM on the back only. Arse. Equally listening to the alarm is a dream behind the machine.

  • [update on this Monday 27th March 2017]

    Having moved from now EoL CentOS5 to the recommended release for our Xen based virtualisation platform – I cannot really even begin to share the deep, DEEP JOY, that is clicking on console and it happening in HTML5 as opposed to Java.

    No more clawing at the screen as you notice your package update is changing your Java version. Gone are the “is the right browser” “right java” “right java version” – nnnnrrrrgggh! NooooooooOOOOOOOOOO! … and then asking around for everyone else to have a go at getting logged in. GREAT SUCCESS.

  • UPDATE

    So today I have had some progress with these. In an almost textbook manner they go a little as follows:

    R1SOFT
    =======
    Q.: Can you upload a tarball of the headers for me?
    A.: I did that preempting your question and pointed it out in the initial email?
    Q.: I have escalated this to the Concerns Department*.

    CLOUD LINUX
    ============
    Q.: You want to do what? That, that would be a very bad idea. Explain more how this does not work.
    A.: The compile has failed for years, the fetch module doesn’t have one, the handraulic website modules do not have one since May, so nothing works.

  • Reuters report in this morning.

    https://www.reuters.com/article/us-cyber-attack-ukraine-idUSKBN19K1WI

    Some machines did not go down.

    What if:

    – Breach of somewhere / thing wiping evidence;
    – BIOS payload installed;
    – Infected known targets software sources knowing reinstall will be required;
    – Machine credentials gone before wiped, reinstall will use same.

    …generally suspicion of this being a smoke screen, a distraction, as it seems a little full on for a “test”.

    It is cold comfort – but nice to hear that sometimes thinking “like me” actually pans out, and isn’t just worrying about could be, might be, could happen events.

  • I doubt the real people / state / organisation behind the recent Petya will be publically identified. Furthermore while we are in a ‘Word War One style scenario’ of technology to attack outstripping our means to use it effectively and defend against it within this space… it is unlikely we EVER will.

    However it comes as no real surprise – that after previous accounts of Russia using the Ukraine as a sandbox for testing – and general punchbag – accounts like this from the Independent really do not have me reaching for where I keep my surprised face:

    https://www.independent.co.uk/news/world/europe/russia-cyber-attack-ukraine-petya-telebots-blackenergy-sbu-cadbury-a7819501.html

    https://www.wired.com/story/russian-hackers-attack-ukraine/

  • I am fortunate enough to work in an environment where people can talk about things. It is good to talk. It is good to have differences of opinion. If you cannot talk about things and reason them – you do not have a reasoned opinion – you have a belief… you know like fairies.

    So – Anyway – their take was similar – to the point of commenting on a LinkedIN post regarding it… which sparked the conversation.

    So lets take the following and summarise:

    POINTS

    1. WhatsApp – is a part of Facebook. They are a compliant organisation;

    2. End to End – is only an issue for someone doing mass surveillance;

    3. The Law – if monitoring was installed, they would not be allowed to talk about it;

    4. Herding – Nothing says “can all you bad people use this” like a statement saying we cannot read your shizzle if you use this platform;

    5. Golden Keys and Backdooring – apparently they are NOT looking for these – so what are they looking for?

    6. Munitions – GPG/PGP has always been classified as a weapon under US law and as such distribution to other countries was restricted;

    SUMMARY

    New technology – With the introduction of quantum cryptography and other cypher methods there are no rules on their proliferation. It has always been a given that given enough time and resources you could probably brute something. “cryptographically secure” doesn’t mean secure for ever. Just you would neeeeeed to want to get in. The introduction of QUANTUM CRYPTOGRAPHY looms. This is a Pandora’s box, along with quantum computing that is going to change all of the rules. It is possible that now is the time to reclassify cryptographic method. Which – to be fair is not such a dumb idea. However to demonise it – to announce that “real people” do not need it, do not care about it… well that – THAT is just dumb.

    /me Shakes head in a disapproving manner.

  • Da iawn

  • Here we are revisiting this, trying to figure out what on earth went on when the domain has an SPF. Here is another example:

    Received: from com-z.win ([5.206.227.77])
    deborah@randomdomainname.co.uk-i.win

  • “OMG, there has been a change of status: ALARM! ALARM! ” —
    https://zerosandones.co.uk/lsimegaraid-sas-alarm-off/

    That could really get on a guy’s nerves >_<

  • And there is more…. (as I am fed up of cross referencing)

    What is the current rebuild rate:

    megacli -AdpGetProp RebuildRate -a0

    What would I like the current rebuild rate to be:

    megacli -AdpSetProp RebuildRate 60 -a0

    How long is this likely to take, as this is RAID6 but we don’t need slow for longer than we possibly can have:

    megacli -PDRbld -ShowProg -PhysDrv [32:1] -aALL

  • Equally another option you may wish to pursue is firewall based – depending on your access and flexibility:

    iptables -A INPUT -p tcp –dport 25 -m string –string ylmf-pc –algo bm -j DROP

    However, this only tackles email coming in from port 25. Anything on encrypted ports you are going to struggle with here. But none the less – iptables.

  • I have just had an update to this I am guessing as this has reverted.

    Make the changes again I will.

    Returns to working it does.

  • For my SQL challenged colleague Alex – this would look a little like this for a single domain ;)

    mysql> UPDATE dm_regdomain SET id_protect = 1 WHERE id in (SELECT id FROM dm_basedomain WHERE domain=’domainname.tld’);

    mysql> UPDATE subscr_domain SET id_protect_fee = 9.99 WHERE domain_name=’domainname.tld’;

    mysql> UPDATE subscr_domain SET is_id_protect = 1 WHERE domain_name=’domainname.tld’;

  • [Update at 1354 GMT]

    CloudLinux has updated to say they are within 3 hours of posting that to the repository for a yum update and reboot.

    If they have turned around the RHEL source that quickly – I should imagine the CentOS community will be hot on their heals… and following that, everyone else.

  • Jason
    5 months ago

    Hi there,

    Great Post.

    I tried posting on your post about your Kinesis build back in Oct 2016, but for some reason it would not post so hoping this will get to you.

    I am preparing to do exactly the same setup. The only thing I am concerned about is the sizing of the frame. Would you mind telling me what size you got and your height ? so I can get a comparison. It just seems the sizing on their site would come out too big for me for the height I am.

    Thanks

    Jason

    • Their sizing worked out for me. But clearly, you found it otherwise? The frame has more seat post and more stand over for the same size frame than others I have ridden. I bought the frame as opposed to ‘a bike’ and it worked out with their sizing – but each to their own I guess.

  • Go! Go! Go!

  • “Beginning is underrated
    Merely beginning.

    With inadequate preparation, because you will never be fully prepared.

    With imperfect odds of success, because the odds are never perfect.

    Begin. With the humility of someone who’s not sure, and the excitement of someone who knows that it’s possible.” — SETH GODIN

    [http://sethgodin.typepad.com/seths_blog/2018/01/beginning-is-underrated.html]

  • Sarah
    5 months ago

    8 miles a day, 40 miles a week, 2000 miles a year, small always grows. ?

  • Robert Armour
    3 months ago

    The “drive reinforcing plates” are actually adapters to reduce the width of the frame from 135mm (disc brake wheel) to 130mm (rim brake wheel).
    No need to use them for a 135mm spacing wheel.

    If you ever decide to fit flat mount disc brake calipers (and I can highly recommend it), you’ll find that the mounting bolts come in several sizes.
    Please note that this size does NOT refer to the length of the bolt, but the thickness of the frame, where the bolt goes through.

    Loving mine – it’s such a joy to ride.

  • Robert – Hello!

    Plates – yes – moved them a week or so later. A mate pointed out what they were for.

    Life moved on – change of wheels to tubeless Hunt 4 Season Disc, and switching from cable to hydraulic.

    Not having the converters and switching to centre lock 160 front and 140 rear made a hell of a difference in terms of confidence and ride.

    I really loved the frame and did indeed use year round – leaving the carbon bikes all tucked up while commuting through the summer. More the shame when the dropout failed on me. Being aware of an absolute carbon copy failure on a mates Kinesis 4sd was one thing, but then CRC confirmed another that is a pattern forming.

    The friend got a great offer on a GF Ti in replacement. I didn’t alas. So I am replacing with like… and hoping if it does fail – it goes when I am clipping in again as opposed to that fast downhill bend, in the dark, rain, with no phone reception while breaking… you know the one ;)

    Alas, the Silver / Orange I like is no more – now just grey and purple and blue left. This is more of an annoyance than you would think – despite the use the paint was in absolutely mint condition – great lustre on it. Loved it. More the shame/annoyance in failure.

    Apparently, their next model in the pipeline has that area beefed up – and is bolt-through only as opposed to QR. Good work. Alas too far off to be useful to us. Not a fault of workmanship or manufacture – just design.

    Fingers crossed it stays together, and fingers crossed it is speedy – I am without a winter bike!!

  • Here is a related article on blocking these – while more the ones that have shown their head within JavaScript events – they are still well worth blocking…. and while I remember I will add this one too ;)

    https://zerosandones.co.uk/using-pi-hole-to-neuter-js-crypto-threat/

  • I currently have the same issue with Dediserve, OnApp, Xen and Cloudlinux. Server breaks after the first cloudlinux update and reboot.

  • Hello Den.

    Thanks for commenting: Sometimes a lack of anything out there just makes you think it’s your issue. Have you been in touch with Cloud Linux also?

    As you can see from the update section above – the two will not work together – end of. Xen can run Virtual Machines in two ways HVM and PV. CentOS will be run in PV mode. The combination of the necessary moves to mitigate spectre and meltdown (as best you can), their means to segregate users (Virtuozzo?), and Xen in PV mode… it’s not going to happen. No patch will fix.

    I believe your best bet is to migrate to CentOS (which is what I did) – lose the cage and multi-php version. However, the latter is covered with newer versions of Plesk for example if you running a cPanel on top (I should imagine you are if you are running CL).

    I hear good things about Dediserve – their infrastructure and engineers specifically. Have you contacted Cloud Linux directly – or have they been liaising for you? I believe you can raise your own ticket without an account as such – run the cldoctor.sh above – gather the shizzle – and let them do their thing. If the outlook has changed please do take a moment to update me : )

    I have a few other articles on this – and the clarity over threat surface from this on the underlying OnApp Xen… however all kinda mute if patches come thick and fast and you are not applying these kernels as newer ones simply won’t get much further than POST.

    https://zerosandones.co.uk/spectre-meltdown-and-linux/ …highlighting the various update pages as it unfolded.

    https://zerosandones.co.uk/cl7-kernel-xen-pv/ — early days issues

    https://zerosandones.co.uk/is-xen-vulnerable-to-variant-3-meltdown-or-cve-2017-5754/ … the initial confusion over what was covered and what was not.

    https://zerosandones.co.uk/xen-based-vms-seem-immune-to-meltdown/ … more of teh same with specifics. …”guest kernels running in 64-bit PV mode (eg CentOS) are not vulnerable to attack using Variant 3, because 64-bit PV guests already run in a KPTI-like mode.” … who knew.

    Anyway – it’s a thing – and I believe the long-term solution is likely to be a migration over to a stock CentOS 7. This may be Hobson’s Choice however : /

    Now…. as for whether Kernel Care sees similar… I would say yes… but they seem to think not ;)

  • Hi Anthony,

    I didnt contact CloudLinux yet, but Dediserve offered me to move my account to a different location with KVM servers, however I am not sure if I want to do that becaue I chose this location for a reason, unfortunately its the only location without KVM.

    I actually moved from cPanel to Plesk recently and I heard about their resource limit feature, but I kinda like the cagefs option with CloudLinux. So I am not sure what to do now, I want to move all my customers to a new plesk server by the end of this month. 2 Weeks left to find a solution :)

  • Den – hello!

    If they have a Xen only environment – then its a move to CentOS. If they have KVM then you could move to that … but won’t that also be a provision and migrate?

    What is wrong with the location? Is your concern nation / compliance / law or service level and connectivity? If you are going to stick a DC anywhere, and a then build a deployment of something like OnApp then its going to be well supported / connected surely?

    Plesk migrations are good these days – that should be the least of your worries – and the most recent Onyx release (last week?) adds even more functionality including nginx caching and so on.

    Let me know how you get on with KVM : )

  • Is the latest Plesk version 17.8 stable enough for a production server? I’ve read on Twitter that the release date for the stable version will be June and the recommended update April 6.

    The location is more like a branding thing, the last few years I gained a lot of local customers around that location. I think most of them wouldn’t even notice a location change at all, so I still consider this as an option.

  • 17.8 has a bunch of improvements, nice to have features, and is not too in your face about them as well. It is not an update – but an upgrade (had me wondering for a while where to find it). We have seen little issue with Linux upgrades*, however, Windows has been a very different experience. It’s a big change that is for sure… so if you are getting a redeployment would be a good time to give it a go.

    I believe the official line is that it is not beta it is just early adopter – its been in alpha, beta, and RC for a while – we are now seeing it out there amongst the masses. With supporting updates to WP Toolkit, Joomla Toolkit and so on coming prior to it.

    It all depends on your needs really. How enterprise is enterprise.

    As to location – if it’s fast enough – I doubt they would care or notice. You could have your servers in one location but your peering and transit appearing from another…. it’s not always so clear-cut. Equally (although not so much with VM platforms) – you pay a premium for desirable locations. London for example… I fail to see the clamour.

    Compliance I completely get, compliance and governance. Say you were using OnApp’s federation platform – and you decided to spin up a failover in a country WELL out of your legal jurisdiction… its great you can do that but it’s a bit too spicy for my tastes. At that point it IS all about location location location : )

    *small quirks, SELinux, SSL’s, Docker (CentOS bug as opposed to Plesk apparently).

  • The CloudLinux support told me that their Kernel team is currently working on it. I tried the beta kernel but of course, didnt work either. So, I decided to keep the current location and use CentOS 7 until they release a patch.

    I’ll give 17.8 a try ;)

  • That is interesting.

    I have the formal line from their developers previously as a no, with a side of unlikely to be possible. But, to be fair that was back then.

    The boat has already sailed for myself and my desk neighbour – we have made the jump.

    I guess it also depends on what version of OnApp they are running 5.0.x LTS for Enterprise stability or the current of 5.5.x … as this will define what release of Xen they are deploying.

    5.0LTS runs Xen4 and that apparently is a no go.

    I could not, in all confidence, maintain an out of date kernel knowledgeably – so something had to go … and despite their FINE* efforts, I had to move.

    If you do hear of a change of situation on this, or have more to share it would be great to hear from you.

    * CloudLinux support is awesome. Really keen to help, really REALLY knowledgeable, fast responses, good communication, and even looking into issues that are clearly not theirs (Yes R1soft CDP – we are looking at you).

  • Hi Anthony

    Really glad I saw this, I was looking for photos of the BB cable routing for the 4S before I bought one and linked to this through your build lessons post.

    This seems to be a very obvious design flaw – this area is under significant load and takes all of the shocks/bumps from the road so fatigue will build up quickly. The cross section through the break is shockingly small for Aluminium – this is a driveside dropout we’re talking about, not a Garmin mount!

    This has completely put me off buying one of these and I’m not waiting 6 months for the TA version.

    Anyway, thanks for your post – back to searching for a new frame for me!

    Cheers

    Tom

  • Hello there Tom.

    I am glad this was useful to you. Around the bottom bracket is a little cluttered. but it works fine. As I had said previously this was replaced with a hydraulic hose which is a bit thinner, looks tidier.

    The finish was superb.

    The build quality was superb.

    Best winter bike I have had bar none – especially after the wheel + brake upgrade.

    However, the replaceable dropout really does nothing to reinforce that area. While it doubles the girth of the dropout – it does not also present a bunch of stress risers. I had notied the mech get pulled flat as the QR did up – less than optimal. I wonder if epoxying it in place would strengthen it as an interim measure?

    The warranty is only 3 years – something to keep in mind. My Cannondale, and hell, even my old Dynatech (Raleigh of the 90’s) are both lifetime warranty.

    I have taken the replacement option. I loved the bike. Alas, I liked it in the silver and orange – of which there are none left.

    Allegedly I am ‘just unfortunate one off’, with a friend with the same. Exactly the same. I can do no more than trust in that… otherwise, they would not continue to sell that model, would they? No. Or, if they were – that would be a very very different matter.

    Let me know what you chose – and I can have a “Look at what you could have won” tribute to Jim Bowen :D

  • Hi Anthony

    Well I sincerely hope that this was a 1-off for you, even the highest quality products will have bad examples – a “Friday afternoon bike”.

    If the mech is being pulled straight by doing up the QR then the dropout must be misaligned (I know, stating the obvious). From the pictures it also looks like the failure occurred right where the dropout would be under maximum stress – when you tighten the QR the whole chainstay will be trying to bow outwards to allow the dropout to align correctly and all of that stress will be concentrated on that spot, with a hole drilled through it for good measure!

    Have you got your replacement frame yet? If the mech clamps up straight on that one then it sounds like you have found the culprit.

    At least it looks like there is a contributory factor to the failure – a fractionally misaligned chainstay that was missed by quality control. Kinesis are aware of the issue so may well have changed the QC procedure to make sure these faults can’t occur in the future.

    I agree with your opinion on the colour too, not such a big fan of the grey/purple. Colour is generally the last consideration for me on a frame and it’s not too offensive so I could live with it.

    Having said that some colours are so repugnant that I’ve been completely put off buying the frame! Manufacturers should always offer a basic grey/black for those of us who don’t like this season’s latest colour/graphics scheme.

    Good luck with the new build, I think I might have a bike building addiction – do you know of a help group (bike builders anonymous?) who might be able to help me?!

    Cheers

  • Yes yes, I can not stress enough build, finish, QC all very good indeed. Just design – possibly could be a little heavier through there.

    As for rear mech – I am forever bending them – however, this – was the hangar and the dropout I believe. Had slightly different ideas of ‘forwards’. Certainly not structural, and as I dont ride my bike without the wheels in it – not a functional issue either.

    I had Silver/Orange. In now have Grey/Purple.

    I was prepared to be disappointed and press on – but it turns out that ‘Grey’ and ‘Silver’ are apparently THE SAME – huzzah! I did like that silver.

    Furthermore – its no longer the 90’s when EVERYTHING was anodized purple – so its socially acceptable to do 20 years on ; D

    Alas now getting around to:

    1 – fitting some wider bars I had;
    2 – replacing old cables;
    3 – that chain is due a change – and Shimano asymmetric chains don’t make that funny noise my preferred ones do on Shimano chainrings;
    4 – Shoes need changing;
    5 – I need to learn how to bleed hydraulics quickly.

    ….this is a very expensive effort all of a sudden : /

    Ahh well once its done – I will leave the mudguards off and get on with getting back to riding.

    Currently, I am rocking a Raleigh DynaTech Ti with 753 forks from the early 90’s with Campag… you really do not appreciate how far things have come on in the world until you have cause to look back.

    Thank you for the candour it has been good.

    I promise to document the rebuild and DO let me know what you went with (the Mason looked good – then I saw the price, and it’s designed by the same guy!!).

    *I too like building and fixing. However, like my day job changing X usually means that Y and Z now need addressing… why-o-why cannot it just be a case of “fix and work” sometimes, Have a great weekend.

  • Thank you for the update – much appreciated.

    That ship has sailed for me alas – however I know some other people that will want to know about that and be keen to give it a whirl (… especially as I will be the engineer picking up the pieces if it doesn’t pull through).

    Upon testing I will confirm.

    Thank you again – and have a great weekend : )

  • Good luck with it all. The Mason does look fantastic but it’s seriously pricey even for a European made alloy frameset – the Kinesis 4S is such a similar frame for half the money I would find it hard to justify.

    I’ve built a couple of bikes with Shimano hydraulics and I can recommend a bleed kit from these people:

    http://www.epicbleedsolutions.com/

    They have some quite good tips on their website as well.

    Bleeding the Shimanos is quite easy but getting a firm short lever pull less so, I found initially that the lever would pull almost to the bars before full braking power and when braking with 2 fingers from the hoods the brake levers would squash my lower 2 fingers.

    The best tips I’ve got are:

    Once you’ve bled the system and with the reservoir still attached to the lever “flick” the lever several times. i.e pull the lever back and then slide your fingers off allowing it to spring back. This seems to draw slightly more fluid into the system before the caliper pistons have had a chance to push back into the caliper. It also seems to shake stubborn bubbles out.

    Having bled a lot of car brakes as well – bleed, bleed and bleed again!! Just when you think the job is done another little bubble will appear! If it’s a new system you can pour the bled fluid back into your bottle and re-use it.

    Also if you’re using the syringe in the bleed kit make sure you draw the plunger back slowly when filling it or tiny air bubbles can draw in through past the plunger seal without you noticing.

    Lastly I would recommend spreading a small amount of grease between the captive washer and the bolt head on the caliper bolts – I used a cable tie like a little spatula. It seemed to me that the friction between the washer and bolt head was enough to twist the washer and would easily torque the caliper out of alignment when tightening the bolts even with the brakes on hard.

    Once they’re done properly though they are incredible – no rubbing, 1 or 2 finger braking to the point of lockup and amazing modulation.

    Hope it all goes well!

  • how about adding license detection according to ip to bash script? :)

  • Thank you for your suggestion eth.

    These are understandably fragments of usefulness.

    When culling licenses when VM’s are retired from the pool we do indeed involve a bunch of logic.

    The logic does a bunch of things including forming a pool of IP’s, nmap scanning, checking to see if they are cPanel, checking to see if we have a license for CloudLinux through cPanel – and building a list for further action of all of those IP’s with a license on an IP and not running cPanel.

    So yeah, that kind of thing and more is alive and well… and if I can implement it I am damned sure anyone can.

    The above, as with so many of my posts, are intended as an aide memoir – and to assist others if they face similar.

    Please feel free to share back your offerings too : )

  • This appears to be CUTWAIL & PUSHDO related – and still as relative now as it was then. Old bots don’t seem to die.

    https://en.wikipedia.org/wiki/Cutwail_botnet

  • Michael
    2 months ago

    Exact same problems with the Kenesis Tracer 1.5 DISC TA fork with DT Dwiss E1800 using the 6 bolt adaptor.

  • Good evening Michael –

    These are marked as TRACER FLT. MNT. DISC. 1.5 – so I am assuming that is flat mount. Good to know – thank you for sharing regarding the Tracer 1.5 Disc TA also…. I can live without nice matching anodizing (honestly) – and centre lock is actually quite a tidy solution to be fair – it just came as a bit of “REALLY?!” moment as I looked at the nice Hope rotors, at the clearance, and back again.

Trackbacks & Pings

  • Automated blocking. - Zeros & Ones :

    […] from my last post on making my Suricata logs … less, by using eDROP and DSHIELD with IPTABLES. This as an approach ticket the boxes – the catch all of the Spamhaus eDROP and the real time […]

    3 years ago
  • PayPal - TrustWave - PCI Compliance - Zeros & Ones :

    […] be to move card fraud back out of civil into criminal (as I understand it) law – and take reported account compromises more […]

    3 years ago
  • PayPal - TrustWave - PCI Compliance - Zeros & Ones :

    […] While the PCI standard holds water, while its goals are amicable, lets have the top of tree playing by the same rules…. or am I getting them confused with “A Bank“. […]

    3 years ago
  • Bonus root certificate - Zeros & Ones :

    […] / BIOS level management and access – its going to be a lot harder to scrutinise…. hell, *THEY* do not check over it… does this not ring bells […]

    3 years ago
  • L O L - Zeros & Ones :

    […] up on things you can do when you have big data… it is not just about all the dark worst case […]

    2 years ago
  • Simple. Enjoyable. - Zeros & Ones :

    […] some baggies and a loose cut jersey? Consciously trying not to hurry – hey I even stopped to speak to Cyril for the first time in …ever. Shifting not all that shiny, rear wheel a bit of a buckle, but […]

    2 years ago
  • Carry On Regardless - Zeros & Ones :

    […] “My website has been compromised, again!” “This is not acceptable” “I am moving my site to another provider“ […]

    2 years ago
  • MegaRAID SAS CLI rebuild - Zeros & Ones :

    […] have gone into some details previously on installing megaraidsas cli on Ubuntu, and turning the alarm off on MegaRAID SAS from the CLI (as the damned thing will turn it back on […]

    1 year ago
  • Swiper! No Wiping! - Zeros & Ones :

    […] night I put together some words called p0wn3d . This was basically an outlet after watching things unfold … again … with malware […]

    12 months ago
  • A pain shared - Zeros & Ones :

    […] – Will there come a point where the Kernel is not supported by the bundled JVM? […]

    11 months ago
Skip to toolbar