Early Saturday morning, just after midnight, I will be performing some system maintenance.

First will be a reboot of the main file server to test the shutdown and start-up scripts to be sure I’ve got all the bugs worked out.  This will take everything down briefly, but if successful, that is to say if I’ve killed all the bugs in the shutdown and start-up scripts, this will only take about five minutes.

This will be followed by about 15 minutes of downtime for the web server for imaging to make sure the backup image has the current 2.4.7 Apache, the current 7.25 version of Drupal, and some other recent updates to our website.

Our instructions for visual access use a No Machine product called 3.5 Client.  Unfortunately, this is no longer available.

Nx 4.0 Player DOES WORK with our service although it can take 4 or 5 attempts typically to get a connection and setup is more complex.  I am working on a new set of instructions of use with it.

Also, on Windows and Linux, OpenNX and X2Go also work with our system although X2Go sometimes doesn’t play nice with other applicaitons.  On McIntosh systems, these products seem to have key mapping issues.

An alternative to No Machine (NX) 4.0 Player for Mac is a VNC client.  I recommend Chicken VNC (this is a derivative of Chicken of the VNC and is better because it supports tunneling through ssh).

VNC does not compress as efficiently as NX but if you have a broadband connection, the response is satisfactory.  X2Go is new and somewhat spotty still, but when it does work, it also provides sound (but that also is intermittent).

For Windows, TightVNC performs well but is insecure since everything passes plain-text unless you setup an ssh tunnel using putty or other windows ssh client.   The risks with TightVNC are essentially the same as those of telnet or rlogin, everything is passed over the Internet plain-text.

I’m working on support pages for these newer products and always looking for something more solid, but on the bleeding edge, that’s sometimes how things are.

I will not be available at 9AM on New Years Day.

I will be available between 12 noon – 6pm and after 6pm intermittently.  If you call after 6pm, leave a message and I will return your call.

So if you need help with something or want to extend your subscription, I will be here in the afternoon and evening to take your calls.

Tomorrow starts a New Year.

     I want to thank everyone who has been with us over the years and wish you all a great 2014!

If you see e-mail that says your password will expire in three days, ignore it.  This is a phishing scam that is attempting to get your login credentials here.  Do not click on the link, do not fill in your login and password.

This is entirely different than the notices we send out regarding account expiration dates.

The web server has been upgraded to Apache 2.4.7, Apr has been upgraded to 1.5.0, and Apr-Util to 1.5.3

 
Changes with Apache 2.4.7

*) APR 1.5.0 or later is now required for the event MPM.
Apr has been upgraded to 1.5.0, Event MPM is being used.

*) slotmem_shm: Error detection. [Jim Jagielski]

*) event: Use skiplist data structure. [Jim Jagielski]

*) mpm_unix: Add ap_mpm_podx_* implementation to avoid code duplication
and align w/ trunk. [Jim Jagielski]

*) Fix potential rejection of valid MaxMemFree and ThreadStackSize
directives. [Mike Rumph ]

*) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted. [Jeff Trawick]

*) mod_proxy_fcgi: Handle reading protocol data that is split between
packets. [Jeff Trawick]

*) mod_ssl: Improve handling of ephemeral DH and ECDH keys by
allowing custom parameters to be configured via SSLCertificateFile,
and by adding standardized DH parameters for 1024/2048/3072/4096 bits.
Unless custom parameters are configured, the standardized parameters
are applied based on the certificate’s RSA/DSA key size. [Kaspar Brand]

*) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]

*) mod_ssl: drop support for export-grade ciphers with ephemeral RSA
keys, and unconditionally disable aNULL, eNULL and EXP ciphers
(not overridable via SSLCipherSuite). [Kaspar Brand]

*) Add experimental cmake-based build system for Windows. [Jeff Trawick,
Tom Donovan]

*) event MPM: Fix possible crashes (third party modules accessing c->sbh)
or occasional missed mod_status updates for some keepalive requests
under load. [Eric Covener]

*) mod_authn_socache: Support optional initialization arguments for
socache providers. [Chris Darroch]

*) mod_session: Reset the max-age on session save. PR 47476. [Alexey
Varlamov ]

*) mod_session: After parsing the value of the header specified by the
SessionHeader directive, remove the value from the response. PR 55279.
[Graham Leggett]

*) mod_headers: Allow for format specifiers in the substitution string
when using Header edit. [Daniel Ruggeri]

*) mod_dav: dav_resource->uri is treated as unencoded. This was an
unnecessary ABI changed introduced in 2.4.6. PR 55397.

*) mod_dav: Don’t require lock tokens for COPY source. PR 55306.

*) core: Don’t truncate output when sending is interrupted by a signal,
such as from an exiting CGI process. PR 55643. [Jeff Trawick]

*) WinNT MPM: Exit the child if the parent process crashes or is terminated.
[Oracle Corporation]

*) Windows: Correct failure to discard stderr in some error log
configurations. (Error message AH00093) [Jeff Trawick]

*) mod_session_crypto: Allow using exec: calls to obtain session
encryption key. [Daniel Ruggeri]

*) core: Add missing Reason-Phrase in HTTP response headers.
PR 54946. [Rainer Jung]

*) mod_rewrite: Make rewrite websocket-aware to allow proxying.
PR 55598. [Chris Harris ]

*) mod_ldap: When looking up sub-groups, use an implicit objectClass=*
instead of an explicit cn=* filter. [David Hawes ]

*) ab: Add wait time, fix processing time, and output write errors only if
they occured. [Christophe Jaillet]

*) worker MPM: Don’t forcibly kill worker threads if the child process is
exiting gracefully. [Oracle Corporation]

*) core: apachectl -S prints wildcard name-based virtual hosts twice.
PR54948 [Eric Covener]

*) mod_auth_basic: Add AuthBasicUseDigestAlgorithm directive to
allow migration of passwords from digest to basic authentication.
[Chris Darroch]

*) ab: Add a new -l parameter in order not to check the length of the responses.
This can be usefull with dynamic pages.
PR9945, PR27888, PR42040 []

*) Suppress formatting of startup messages written to the console when
ErrorLogFormat is used. [Jeff Trawick]

*) mod_auth_digest: Be more specific when the realm mismatches because the
realm has not been specified. [Graham Leggett]

*) mod_proxy: Add a note in the balancer manager stating whether changes
will or will not be persisted and whether settings are inherited.
[Daniel Ruggeri, Jim Jagielski]

*) mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
[Graham Leggett]

*) core: Add util_fcgi.h and associated definitions and support
routines for FastCGI, based largely on mod_proxy_fcgi.
[Jeff Trawick]

*) mod_headers: Add ‘Header note header-name note-name’ for copying a response
headers value into a note. [Eric Covener]

*) mod_headers: Add ‘setifempty’ command to Header and RequestHeader.
[Eric Covener]

*) mod_logio: new format-specifier %S (sum) which is the sum of received
and sent byte counts.
PR54015 [Christophe Jaillet]

*) mod_deflate: Improve error detection when decompressing request bodies
with trailing garbage: handle case where trailing bytes are in
the same bucket. [Rainer Jung]

*) mod_authz_groupfile, mod_authz_user: Reduce severity of AH01671 and AH01663
from ERROR to DEBUG, since these modules do not know what mod_authz_core
is doing with their AUTHZ_DENIED return value. [Eric Covener]

*) mod_ldap: add TRACE5 for LDAP retries. [Eric Covener]

*) mod_ldap: retry on an LDAP timeout during authn. [Eric Covener]

*) mod_ldap: Change “LDAPReferrals off” to actually set the underlying LDAP
SDK option to OFF, and introduce “LDAPReferrals default” to take the SDK
default, sans rebind authentication callback.
[Jan Kaluza ]

*) core: Log a message at TRACE1 when the client aborts a connection.
[Eric Covener]

*) WinNT MPM: Don’t crash during child process initialization if the
Listen protocol is unrecognized. [Jeff Trawick]

*) modules: Fix some compiler warnings. [Guenter Knauf]

*) Sync 2.4 and trunk
– Avoid some memory allocation and work when TRACE1 is not activated
– fix typo in include guard
– indent
– No need to lower the string before removing the path, it is just a waste of time…
– Save a few cycles
[Christophe Jaillet ]

*) mod_filter: Add “change=no” as a proto-flag to FilterProtocol
to remove a providers initial flags set at registration time.
[Eric Covener]

*) core, mod_ssl: Enable the ability for a module to reverse the sense of
a poll event from a read to a write or vice versa. This is a step on
the way to allow mod_ssl taking full advantage of the event MPM.
[Graham Leggett]

*) Makefile.win: Install proper pcre DLL file during debug build install.
PR 55235. [Ben Reser ]

*) mod_ldap: Fix a potential memory leak or corruption. PR 54936.
[Zhenbo Xu ]

*) ab: Fix potential buffer overflows when processing the T and X
command-line options. PR 55360.
[Mike Rumph ]

*) fcgistarter: Specify SO_REUSEADDR to allow starting a server
with old connections in TIME_WAIT. [Jeff Trawick]

*) core: Add open_htaccess hook which, in conjunction with dirwalk_stat
and post_perdir_config (introduced in 2.4.5), allows mpm-itk to be
used without patches to httpd core. [Stefan Fritsch]

*) support/htdbm: fix processing of -t command line switch. Regression
introduced in 2.4.4
PR 55264 [Jo Rhett ]

Because I managed to secure the file server so well that even I couldn’t get into it, I was forced to take the server down ungracefully last night.

After we finished working on it (Carl and Raymond, my sons, were there with me), I thought everything was up, however, due to the unclean shutdown, MySQL did not start.

I corrected this just after noon today.  My apologies.  I’m still working on correcting some configuration issues so this won’t happen again however these corrections should not be service affecting.

We will be taking down the main file server in order to properly attach a loose heat-sink tonight just after midnight.  The outage should last approximately 1/2 hour.  During that time pretty much anything that depends on access to files will be unavailable.

First, I’d like to wish everyone a Merry Christmas.

On Christmas, I won’t be at the phones all day, but I will probably be within earshot of the phone between about 12 noon and 4pm and I’ll periodically check for voice mail and make sure things are up and running.

So, if you need to talk to me live, please call between noon and 4pm, otherwise, leave a voice mail and I’ll call you back.

There is someone sending e-mails alleging to be from PayPal stating that your account is limited and telling you to click on a link and fill out a form to get it reinstated.  These are bogus.  They are trying to get your PayPal credentials so they can raid your account.  Never click on a link in e-mail that alleges to be your bank, etc.  If you are seriously concerned, put the bank URL in your browser and go there directly, NOT from an e-mail link.