We’ve got a denial of service attack aimed at our name servers right now. It has actually been going on for more than 24 hours.
The server being hit the hardest is 204.122.16.8, therefore you may wish to use one of the others, 204.122.16.9, 204.122.16.3, and 204.122.16.7 as your first choice for a while.
I am endeavoring to determine all the sources the attack is originating from and block them however there are many so this may take a while.
While gcc 7.3 is the default on Ubuntu, gcc 8.1 is available. To use 8.1 put the following in your .bashrc file or otherwise set the variable CC = gcc-8:
export CC=”gcc-8″
This will cause gcc-8 to automatically be used by most compile scripts.
There are those who say 8.1 is still experimental, this may be but I compiled apache with it and it has been running stable for months. Apache is a pretty good compiler stress test.
The code that gcc-8 generates is significantly smaller and faster than gcc 7.3 which is the default.
At present this is available on ubuntu.eskimo.com only.
With the exception of eskimo.com which is an old Sparc box with 64MB running SunOS 4.1.4, I checked all shell servers to make sure x2go and the xfce Desktop were working properly.
I found several machines where x2go was not going full screen because of the wrong version of xrandr and corrected those. They were Fedora, Scientific7, and OpenSuse.
I found several machines with broken installations of xfce and corrected those, these were centos7, debian, and mxlinux.
I received an e-mail asking why Ubuntu was mounting NFS file systems with version 4.0 instead of 4.1, I responded I did not know and would need to research it.
What I found was that actually version 4.2 is supported by most modern systems, and according to the manual the NFS client is supposed to negotiate the highest version mutually supported by the client and server but for some reason it will not do this.
I found that if I added vers=4.2 to the mount options on machines which support it (the old centos6 machine does not with the stock kernel and is using 4.1 instead), then when the machine boots it will use that version. This should not be necessary if things worked as documented but that is not the case. Performance of version 4.2 is significantly better so changing this substantially improved the web server performance because it accesses it’s content via NFS.
All have been fixed.
Reboots have been completed. Often after a reboot of all servers there will be a handful that do not properly remount NFS partitions or bind to NIS servers properly. Checking for these issues presently is a manual operation. I am checking the machines for these issues now, otherwise things should be basically operational.
Shortly after midnight tonight I am going to reboot servers for a kernel upgrade. I keep hoping they’ll fix the Ethernet drivers but not exactly holding my breath.
The issues with SSL on the mail server have been fixed. It was caused by the new certificate ca-bundle file only having the intermediate files in it while last years had our site certificate followed by the intermediates. I had to cat both files together into a third which made dovecot and postfix happy. The web server was unaffected by this because it’s configuration includes both files so all of the necessary certificates were available to it.
I am having problems with our new Comodo certificate. It works fine with Apache web server but with the Dovecot mail server it is telling me the key does not match the cert but it does, I have verified this.
I am thinking the software is too outdated and I am trying to build the new openssl and dovecot for this machine. To put it mildly it is giving me fits. If mail does not work, please try to use webmail https://www.eskimo.com/mail or login to a shell server and use alpine configured to talk to local spool.
I am working hard to resolve this but running into numerous problems. I want to get the latest openssl in place which has support for elliptical curve cryptography, this will become important as quantum computers become more robust and we learn how to program them. But it will not find one of the shared libraries even though it is there and included in the path. Argh!
Anyway I’m working hard to resolve.
I’m going to be working on mail for a little bit to replace encryption certificates because the old is expiring today. There may be times when encryption does not work temporarily.