Kvm Disabled for Security

     Tekexplore has published an exploit that uses a hardware fault in Intel processors in combination with kvm, a daemon that finds memory pages with the same content on multiple virtual machines and merges them into one to save memory on the host machine marking that page copy on write so that in theory when it is written a copy is made and the original left alone so it doesn’t affect other virtual machines sharing that page.

     Apparently it is possible to alter a single bit in a page and not trip the copy on write and by altering just a single bit in ssh keys, it is possible to weaken ssh considerably allowing it to be compromised.

     I have turned off kvm on our machines.  It is of limited use in our environment because our servers are not overcommitted and thus the only thing freed up shared pages does is provide more memory for disk caching.  I monitored the logs for some time and found that this was infrequent and so we were getting little performance benefit.


     The mysql server on the web server died this morning with no apparent cause.  I restarted it, it ran for several hours, then died again.

     The second time it died, I ran myisamchk’s on all of the tables, there were quite a few with errors that it fixed.

     Hopefully that will take care of it, else I will reboot the server if it continues.

New Old Server

     Because neither owncloud, nor newly developed nextcloud, nor osTicket in spite of months of promises, will run under PHP 7, and I’ve also got a customers website consisting of 1910 PHP code that totally breaks, I am setting up a new server with two year old software specifically for these applications.

     The new server will be called “antique.eskimo.com”, it will not be something you can login to, it will just be a web server setup like the existing machine except that it will be running PHP 5.6 and Ubuntu 14.04 LTS so that it can run antique PHP code.  Being an LTS release it will still have security updates so will not represent a security threat.

     In addition to being able to run old code, it will also provide a back door to get to our ticket system or webmail when the main web server is inoperable as it will be on a totally different physical host machine.

Owncloud -> Nextcloud

     Previously, we had a cloud service called owncloud.

     When we upgraded to PHP7, it broke the version of owncloud we had because it was not PHP7 ready.

     I upgraded to version 9 but was unable to get authentication to work.

     Then, owncloud split, the original developer and a number of others left to start nextcloud.

     Nextcloud appears to be much better documented and the documentation includes imap authentication which is what we were using.

     So I am attempting to install nextcloud as a replacement for owncloud.  At this point all of the owncloud clients will also work with next cloud.  They have agreed to keep the api the same so the same clients should continue to work.

Ubuntu Upgraded to 16.04.1 LTS

     The ubuntu.eskimo.com shell server has been upgraded to the latest release, 16.04.1 LTS.  This brings with it an upgrade of PHP to version 7.08, the same as on our web server.

     Therefore, if you are doing any PHP development and need to test scripts, this machine would be the one to use.

     This server is also equipped with a broad range of applications and has more memory than most of the others so it is a good machine to use.

     If there are some applications you need which are not present, please contact support@eskimo.com.

Ubuntu and Shellx Maintenance

     I will be moving shellx and ubuntu virtual machines to a different physical host machine in order to free up memory and allow more effective caching on the web server.

     This will require about an hour of downtime on both servers but should otherwise be transparent other than a barely noticeable improvement in responsiveness owing to additional hardware resources available.

User Meeting August 27th 3-6pm Spiros on Aurora

     I have not scheduled a user meeting since April for two reasons:

  1. The relative poor turn-out at the April meeting.  We only had about half a dozen people show.
  2. My health has been problematic.  I have been battling diabetic neuropathy and until very recently associated pain was very poorly controlled.  I’ve recently switched medications and am doing much better.

     So hopefully we’ll see some of you there.  I am now getting back to some projects that have been placed on hold for a while.

     The next meeting will be on August 27th starting at 3PM at Spiros on 185th and Aurora in the Fred Meyer parking lot.  It will be in the banquet room.  I hope enough of you come to justify reserving the room in the future.

     For directions please see: https://www.eskimo.com/eskimo-north-user-meeting/

Fedora and Opensuse Broke

     Both Fedora and Opensuse broke after rebooting the host computers.  I can not find anything wrong yet.  Fedora will not initialize the network interface and opensuse is not getting authentication information properly.  I reverted to earlier copies of these machines but earlier copies also do not function.

     I am tired so I am going to leave these down for the night and if I can not figure out what is wrong tomorrow, I will do a fresh install.

Maintenance July 29th, 2016

     Tomorrow, assuming no emergencies, I will be installing a new physical server at the co-location facility and I will be rebooting two existing host machines in order to load the most recent kernels.

     This will result in an outage that will probably last around 15-20 minutes on Friday evening.  This will affect all services, DNS, mail, etc, but I where services are duplicated, DNS, incoming mail, etc, I will be doing one set at a time to avoid interruption of those services.

     Client services are not duplicated so there will be an unavoidable outage for this maintenance work.

Work Backed Up

     I am behind in pretty much everything including sending account expiration notices.

     In March I was diagnosed with type 2 diabetes.  At the time the only symptom I had was mild burning in my feet but after they started treatment it turned in to frequent body-wide from the neck down burning hell.  Also allodynia where touch becomes pain.

     This varies in intensity quite a bit.  Some days pain is minimal and I am pretty functional, others it makes sleep impossible until it’s light out again.

     If you call in the morning and I am unavailable, this is likely why.  In that case please do leave a message and I will return your call as soon as I can.

     I have made great progress in getting my blood glucose down.  I’ve gone from an A1C value of 13.5% to 8.4% in two months.  My doctor said this is quite possibly the fastest reduction he has ever seen.  So I’m making progress.  I am working towards getting it down to 6.7% or below at which point hopefully my nerves will begin to heal.  That is a very slow process as nerves grow about a millimeter per month.

     In the meantime I am working with doctors to better manage my neuropathy pain and improve my functionality and struggling to catch up with work.  So please be patient with me, I’m not ignoring you, just a bit overwhelmed with health issues.