Improve

— improve —
Additional documentation and maybe a forum to ask other users for suggestions on
what to use or how to go about getting things set up would be nice. Half of my
challenge is knowing what already exists and what it does. If I know that, I can
read the documentation. If I don’t know what is here, I start looking for all
solutions and then have to think about how I would have to install a new package and
get it working just for me.

Thank you. We do have a forum at http://www.eskimo.com/bbs/

— improve —
I dream of cutting the cable.
Wish there was a no-frills high speed connection to Eskimo and/or Internet.

— improve —
I sometime do not understand the services offered. Confused about technology but
that is normal for me. I am more marketing oriented and less technically oriented.
This sometimes hampers my ability to understand and use some services.

— improve —
To know others

— improve —
I need to figure how to use PuTTY instead of telnet. (probably not your job as the
need is occasional.)
(I’m probably going to call support today for FTP help if I can’t figure a login
problem.)

— improve —
Nothing I can think of. I live in the county down here in Shelton and
my only access is DSL through century link as I live on a private road
with buried phone lines and no access to cable. If you could get lower
rates for Satalite internet that might be something I would like. But
over all you have been a great provider and I’ve stuck with you through
all the little hiccups over the years as your decent people and a great
business.

— improve —
security, encryption?

Could you specify where you would add this? Sessions encryption is supported by ssh or nx or vnc tunneled over nx.  Mail encryption is provided with either TLS or SSL, and encryption of mail between our site and others is supported if they support TLS.  Web encryption is supported via https.  For ftp you can use sftp instead, or tunnel over ssh.

— improve —
I think many people don’t understand that when they use “free” email such as gmail
or Yahoo, they are giving up privacy. If more people knew they had a choice, they
might choose Eskimo.

But it might be a little hard for the average non-techie type person to figure out
how to work with eskimo.

It’s kind of a niche market, but I think your niche could be bigger.

— improve —
I guess one of the reasons I try not to look at the home page is because every item
is a different color and I can’t figure out what is important and what is not. I
think I might try to use features more if the page had a better layout with good
design principles applied to the organization of the material. (you asked!)

— improve —
self help easier to find. If it is technical or such I feel comfortable calling or
leaving emails but some things like set-up I’d like to try to set up first. Part of
my self-learning about what makes my laptop email go etc.

— improve —
I wish you could be an independent internet service provider as you were years ago
when you had a dial-up service. Maybe I should try your DSL service through
CenturyLink. I currently use Clearwire, but it is very slow. 🙁

Me too, there are, unfortunately, a number of things that make that not possible at least without a huge amount of growth.  To provide access services totally independently means we’d either have to have our own wires or our own towers.  The capital requirements of either are such that it works on a scale of millions of customers but not on a scale of hundreds.  I’d really like this to be operating on a much larger scale than it is and that is part of the reason for this survey, an attempt to identify what people want, don’t want, what we’re doing right and what we need to fix.

Your help is always appreciated.  If you know of anyone with special hosting needs, wants to host a game, or a website with some unusual requirements, let me know.  If you know people who need what we offer please let them know we’re here.

— improve —
If you want new customers I think the website needs to be upgraded to one of those
“fancy” business sites.

Eskimo is doing most of the stuff really good, but try to sit down and find out what
services really needs to integrated.

I mean these days a lot of us are using the Cloud. A lot of providers are providing
some sort of free space.

Also open up for Anonymous commenting on the Eskimo North blog.


I initially had it configured this way. When the number of spam attempts per day topped 20,000 I decided I couldn’t leave it open.


— improve —
had I been able to implement any sort of porn-blocking from afar, it would have been
really handy. Am now relying on Microsoft family live & divided password ownership.
Wasn’t bright enough to do proxy dns, and at the time you all had no immediate
solutions. Had there been one, I could have been a customer during the period I
wasn’t a customer.

— improve —
The #1 feature I would like to see is a simple button for creating
vacation/out-of-touch messages. The process for doing that simple task right now is
confusing.

I will offer one other observation: I am very unusual in that I have spent the last
year living in Myanmar. I am likely the only eskimo.com customer here.

Before you added an ssl certificate (I think that’s the right jargon), eskimo web
mail outperformed gmail and yahoo by spades. Since adding that certificate, eskimo
web mail has gotten very slow and troublesome. Gmail is now the fastest of the 3.
Yahoo is the pits.

Whether or not the ssl certificate had anything to do with eskimo slowing down is
unknown. It may have just been a coincidence, or it may be a tradeoff of security
for speed and access. Also, the internet infrastructure in Myanmar is so poor that
there may have been other factors.

It’s not something I expect you to act on to change, I just wanted to share that
observation with you.

— improve —
Mr. Dinse, you have the finest ISP I have ever seen. And you are extremely kind and
considerate.

— improve —
I really appreciate how much work you do to keep eskimo up and running. It serves
my purposes well and I hope you can keep it going for a long time to come.

— improve —
Tablet friendly interface.

— improve —
I wish I could tell you more, but you are just right for me.
I wish I had time for some of the things I see are available, but that is my
schedule and it is not likely to change.

— improve —
Improve billing. Improve documentation. Overall, you’re providing a great service
at a reasonable cost.

— improve —
Please do not fix anything that is not broken.

— improve —
Make certain the email server is working all the time, other than that, it’s perfect.

— improve —
To increase the speed of accessing if possible!

— improve —
I tried to use the Java Shell and got the warning “This website’s HTTPS certificate
can not be verified. Do you want to continue?”

That’s a kind of scary message. I tried to find info about this on Eskimo’s
website. I know you’ve emailed info about eskimo’s SSL. But I couldn’t figure out
how to find it or how to verify that everything was okay. This is what I got when I
clicked the “details” button:

Version 3
Serial 295246779768673229649106604597026006099
Signature Algorithm SHA1withRSA
Issuer CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Validity Validity: [From: Sun Jul 21 17:00:00 PDT 2013,
To: Tue Jul 22 16:59:59 PDT 2014]
Subject CN=www.eskimo.com, OU=PositiveSSL, OU=Hosted by IntegraServe, OU=Domain
Control Validated
Signature 0000: C1 BB CF 63 D1 4E 8E 7F 3B 22 FC 74 0E 14 58 EC ...c.N..;".t..X.
0010: 38 82 87 57 DD B8 E4 30 35 4F 6B 4B AE 44 1F 1B 8..W...05OkK.D..
0020: E6 DE C5 EC EB 64 4A 8D 75 8F 8B 9E FF A2 16 56 .....dJ.u......V
0030: 29 CF 00 AD D5 9C C1 A6 E8 3C 0A 0A 81 DE EE 20 )........<.....
0040: 61 87 2D 47 22 AB 3D FD C5 E6 3D 6A A8 4C 71 DD a.-G".=...=j.Lq.
0050: 6D 43 F5 5C 69 A6 33 AC F3 94 6D 92 F0 9F 0C 61 mC.i.3...m....a
0060: ED 09 AE 0A 2B CF 11 8F 67 71 EB 28 10 76 2A C0 ....+...gq.(.v*.
0070: 62 73 C3 E3 E1 D1 F7 D2 E8 C4 81 8A AA 9A 49 CB bs............I.
0080: 42 27 34 E4 90 BE 89 29 F2 1C D9 E8 03 08 A9 1B B'4....)........
0090: 89 98 0D 86 05 01 40 CF B2 E9 D8 F7 12 37 72 73 ......@......7rs
00A0: 51 B6 EA 89 A1 58 C7 7C 46 41 AA 44 9A BD 9E 8D Q....X..FA.D....
00B0: 6F 11 F7 0E 3F 8A 41 B3 74 43 D5 52 68 B7 BD AF o...?.A.tC.Rh...
00C0: BA 3C 7B 45 3C 82 2E B2 0B 24 D9 FB CA 9B 24 D7 .<.E<....$....$.
00D0: E7 8B F5 74 6E D7 78 07 82 BF 34 86 22 B7 90 1F ...tn.x...4."...
00E0: 4D 03 9B 91 AC 95 22 F5 B7 68 64 1E C4 25 ED 44 M....."..hd..%.D
00F0: 7D E5 32 D9 02 97 44 AF CE A3 A8 F1 4B 61 7B D8 ..2...D.....Ka..

MD5 Fingerprint DB:34:26:A5:96:4C:E7:CB:1A:29:D2:ED:B0:AC:83:DE
SHA1 Fingerprint 9B:C2:24:7D:27:97:CF:3A:A1:B2:3C:FB:5C:BA:F2:81:A3:9A:76:2B

It would be nice to if I can ignore this warning.

For reasons I do not understand, this happens only with the Iced Tea plugin used in Linux, the browser itself doesn’t have an issue with the cert and neither does the Java plugin from Oracle that is used with Windows and MacOS.  Our certificate is a real Comodo cert and I’ve used third party tools to check it’s validity and it is good, so I would recommend ignoring the warning.

When I tried to connect with PuTTY for the first time from my new computer, I also
got a warning message that the server’s host key is not cached. It gave me the RSA2
key fingerprint, but how do I know if it’s correct for Eskimo? I think I emailed
long ago when I was using PuTTY from my old computer.

The first time you connect to a host with ssh, (PuTTY is an ssh client for Windows), ssh exchanges keys.  I don’t know really how you can know except that you specified the host when you connect.  A man-in-the-middle attack isn’t impossible but then you wouldn’t see your files and everything else you expect to see here in which case call us immediately and we’ll change your password.

Is it possible to have this info collected in an easy-to-find location?

This kind of thing is difficult to impossible to anticipate, the forum is a good place to ask this sort of question, then the answers will be available to everyone.

Also, I tried changing my password for Eskimo and couldn’t remember how to do that.

I will add some documentation on this, but basically you need to connect to the old shell server ‘eskimo.com’ and login, then type ‘passwd’.

It would be handy to have basic reference info somewhere so users could look it up.

Recent Posts

Outage Difficulties

First some background..

     Our old web server was over burdened, particularly when it came to RAM.  Also it booted off a rotary disk and only the mariadb was on nvme memory thus it was slow to boot.  Linux likes having a lot more RAM than it needs because it uses any not required by something else as I/O cache and this speeds up average disk latency considerably because frequently required items will always be in memory.  Cache was configured as write-back so system never slowed waiting on writes.  The disks themselves had 512MB buffers so even if it waited on the drive it would not have to wait for physical write to media.

     So I decided to build a new server, and for this new server I had several things on the wish list.  One, it would address more RAM, and for this reason primarily I went with an i9-10900x CPU.  This CPU could address 256GB of RAM and it had four memory channels instead of two.  It also had ten cores and twenty threads, a step up from six cores and twelve threads.  The primary limit to this CPU’s performance is cooling. It’s rated a TDP of 165 watts but this is at stock 3.6Ghz clock.  One does not buy a binned ‘X’ CPU to run at stock speed.

     Some testing revealed this was electrically stable up to about 4.7Ghz but at 4.7Ghz busy it drew 360 watts of power.  I used a Noctua 15D cooler, but rather than use the stock quiet fans, I used some noisy after market fans that produced about twice the CFM and about 10x the noise level but if you’ve ever been in a data center, noise is not a big concern.  With these fans testing revealed that it could keep the CPU at or below 90C at 4.6Ghz and at that speed it drew 320 watts.

     I wanted to avoid a water based cooler because at home you get a leak and you ruin a few thousand worth of equipment.  In a data center you get a leak, it goes into the under the floor power and you burn down a building and go out of business.

     So I only had to give up about 2-1/2% of the performance of this CPU to avoid water cooling, not bad.  Then I wanted everything on RAID and I wanted all the time sensitive data on nvram so it would go fast.  I tried to find a hardware nvme RAID controller but if they make such a beast I was unable to find one.  I could only find “fake raid” devices, these work with Whenblows but but not Linux.

     So I ended up going with software RAID.  The one thing I could not RAID was the EFI system partition because this is read by the machines UEFI and it does not know about Linux software RAID.  So while that was un-raided, I had duplicated the EFI system disk on each nvme drive so if one drive failed the system would still be bootable and all I had to do to keep them in sync was modify the scripts that installed a kernel to do a grub-install to both devices.

     And it worked for a while.  Then we lost our forth router there (fried) and at that point I decided to spring for a Juniper router.  The reason I went with this brand is that when we first moved our equipment to the co-lo at ELI, they used Junipers and we never once had a data outage there and they were not at all easy to packet flood which is what made it possible for us to run IRC servers there.  After Citizens bought them, they sold the Junipers and replaced them with Ciscos and packet flooding then took the whole co-lo center which basically left us in a situation where either we got rid of the IRC server or they got rid of us.  So having had such a good experience with the routers there I decided to go that route.  But it’s a command syntax I’m not entirely familiar with and I’m still learning (it is similar to Cisco’s but not the same).

     Meanwhile I decided to use one of the Linux boxes as a router and I used the newest server only because at the time it was the only machine with multiple interfaces.  But it was not stable routing and I did not understand why but after a bit I moved it to another machine that I just put a 1G Intel ethernet into it.  It ran for a bit then ate it’s interface card and became unstable.  I had some spare cards but they all had realtek chipsets.  What I didn’t know about Realtek is that the Linux drivers for them are absolute crap.  They work ok at 100mb/s but a 1Gb/s they randomly loose carrier or cycle up and down.  So I put one of these cards in a machine and set it up to act as a router, that lasted about two days before it crashed.  I went over and found no carrier lights, but after playing with it for a while I thought ok, this is just a bad card and so went to replace it thinking it was a 20 minute job.

     Three cards later and now 10AM the next day it still wasn’t working so I drove from the co-location facility down to Re-PC and picked up an Intel based industrial model 4-port card, these are much more robust requiring multiple PCIe lanes so  you need to use a big slot but that’s ok as I only had a wimpy graphics card that only required one.  That solved the networking issue for now.  The Juniper still will be a better solution but I could completely saturate the 1G interface so we’re not losing any speed with this arrangement.

     But the fun and games were still not over.  I got all of the machines up and running except the new web server.  For some reason it would not automatically assemble the RAID arrays and come up online.  It would go into emergency mode.  There I could type mdadm –assemble –scan and it would assemble the RAID partitions and I could mount them and bring the machine up, but if it crashed while I wasn’t there it would not come up on it’s own.  I spent until 6pm trying to troubleshoot and fix, in the past when this has happened it has always either been an issue with the EFI system partition, and I had already re-installed grub 32 times to no avail, or it was a problem with the initramfs, solved by re-creating it, but neither of those things were the cause and I wasn’t successful at locating the error causing it in the logs.

     So finally at 6pm I just re-installed Linux and resolved myself to recovering everything from backups.  So I re-installed Linux, went home, and by then 8pm, I had been working on this for about 33 hours without sleep (I had started working on it at home before deciding to go down and swap out the Network Interface cards).  So went to sleep.

     This morning I proceeded to work on installing software and restoring things from backups and getting the machine configured again and part of that process required a reboot, from which it did not recover.  So I drove to the co-lo thinking I just forgot to configure the proper boot partition in the UEFI bios or something like that and instead found it in the same condition it was in before I installed Linux.

     But this time after a number of attempts I caught an error message it through that was only on the screen for I would guess less than a tenth of a second and what I noticed was that it started with initrd, suggesting an issue with the initramfs, it took about ten more reboots to make out that the message was: initrd: duplicate entry in mdadm.conf file.

     So I checked and sure enough the system had added an entry to those I had entered by hand, identical.  So I took the extra entry out, did a chattr +i file to mark the file immutable so the operating system didn’t modify it for me again, and went home, hoping I could finish restoring it to service, but when I got home it was again dead.

     I drove back to the co-location center (and it is 25 miles each way) it was on but did not have power.  So I power cycled the power supply and it came back up, but by the time I got home it was dead again..  If I move the cord around it goes on and off so I am assuming there is a bad connection from the pin on the end side, maybe a cold solder joint or something.  At any rate, I ordered a new supply which should get here between 2pm-6pm tomorrow and will go back and replace it when it arrives.  Right now I also have one customer on this new machine, MartinMusic.com, so before I replace it I will try to grab the data for his website just in case it is something else so that I can put it on the old server until this one is solid.

     So hopefully I can get this stable and then go back to learning the Juniper syntax and get that installed.  Then I’m going to work on upgrading the old web server for other work.  The motherboard has one bad USB port on it now so not really sure how long it is going to last.

  1. Outage Leave a reply
  2. Maintenance Outage Leave a reply
  3. Outage Leave a reply
  4. Server Issues Leave a reply
  5. Carl Jung Comments Off on Carl Jung
  6. SSH Key Vulnerability Comments Off on SSH Key Vulnerability
  7. Outage Comments Off on Outage
  8. 6.1.57 Kernel Borked Comments Off on 6.1.57 Kernel Borked
  9. Stability or the Lack Thereof Comments Off on Stability or the Lack Thereof