Because of the severity of the Sequoia security bug, kernel upgrades for shell servers and the web and mail servers, basically anything exposed to the public, will happen tonight instead of Friday as originally planned, and non-active servers will be upgraded sooner than 11pm.  The downtime for these will only be about 1 minute each.  The file servers that do not have public exposure will still be upgraded tomorrow.  VPS’s may or may not get  upgraded this evening.

     There are some worthwhile fixes to the kernel and as a result will be doing a kernel upgrade on July 20th, 11PM-Midnight.  Most services will experience an outage of about ten minutes during this interval.

     I am going to upgrade the router firmware shortly after 5pm tonight.  This will result in a brief interruption of Internet connectivity, usually lasting 1-2 minutes.  Usually this is brief enough that ssh sessions will not be knocked down but no guarantees.

     The reason that there have been no kernel upgrades for the last two weeks or this week is that 5.12.x has reached the point where it has been stable on our platform and I’ve been monitoring the progress and have not seen any changes that fix bugs that impact us, provide security improvements, or provide performance improvements.

     I do not anticipate going to 5.13 kernels because they don’t offer anything new that is of any benefit here.  5.14 when it reaches stable, we will try because they are replacing the E1000 Ethernet driver with a new copyless driver that will provide more efficient network I/O and hopefully also address the hardware offloading bug with this chip.  I do not expect this until sometime in August.

     VNC on Mint is fixed.

     VNC is currently broken on mint, it will produce only a small fixed-size screen.  I am working to resolve.

     In the meantime, either use a different shell server, or a different protocol such as web based, or x2go, or rdp.

     Mail issue has been resolved.  An update altered the permission on the mail spool directory in a way that, while more secure, (using a mail group rather than setuid mail programs) breaks it’s compatibility with many applications which are not setgid.  Permissions have been reset.

     An update today seems to have broken dovecot resulting in webmail and external imap and pop-3 mail clients failing.  Shell mail clients that read the mail spool directly will still work.  I am working to resolve this issue.

     I am working on some additional security measures, and there is the potential I may break things at least temporarily in the process.  If you noticing anything broken, please submit a ticket or e-mail support@eskimo.com.

     Kernel upgrades are completed, all NFS mounts and NIS binds are working.  Everything should be in service.