The problem isn’t limited to the redhat machines, it seems EVERYONE pushed out a new version of rdp without bothering to test and the new version expects a newer version of openssl than that which is supplied. So to get it working again I’m going to have to recompile openssl on all the machines. May be down for a while.
Category Archives: Uncategorized
Last Night’s Maintenance Mint and Mail
I fell asleep while still working on system maintenance which resulted in some problems with sending mail, incoming mail, and mint. I apologize, went past what caffeine could do.
rdp / vnc on Centos7/8/Stream/Fedora Unavailable
RDP and VNC (which depends upon RDP) is unavailable on Centos7, Centos8, CentosStream, and Fedora.
The reason for this is that they sent an upgrade to the RDP package that was built against openssl that is newer that the version that exists in the repository so it fails.
Maintenance Work Tonight
Later this evening, possibly after midnight, I will be taking a number of servers down for a short time to audit packages.
One of our customers private virtual server crashed today and after rebooting was consuming excessive CPU. An audit of the package system showed there were many missing and obsolete packages even though it had been updated regularly. After fixing this CPU usage returned to normal.
This prompted me to look at two other private virtual servers that had high CPU usage and I found the same corruption. And again fixing it, brought CPU utilization down to normal levels.
Because most of the system servers are also based upon Ubuntu 20.04, the same operating system that these were running, and because I loaded the system machines from the same ISO, I am going to take various ubuntu based system servers down to check for similar corruption. This check only takes about five minutes per server if there is nothing wrong and up to half an hour if there is, but NFS and NIS relationships may also take some time to restore afterwards.
Maintenance Completed
Tonight’s maintenance is complete.
Reboot Wednesday 11pm PST
I am planning a server reboot on Wednesday January 27th at 11pm. I expect all services will be restored by 11:30pm.
This is for a kernel upgrade from 5.10.4 to 5.10.10. It fixes a number of bugs that are minor and thus far haven’t affected us and probably won’t but prefer to have infrastructure be as clean as it can.
pam-abl used for DoS attack.
Pam_abl or libpam-abl is a pam module used to black list users or IP addresses that repeatedly fail authentication. It serves the same function as fail2ban but has a flaw that it can be used to deny service to a user by repeatedly trying passwords for that user from different IP addresses. It was used to deny a number of customers from using webmail and in the process of troubleshooting I also broke the mount point for mail used by ubuntu, so both webmail and ubuntu were inaccessible for a while. This module has been disabled since it can be abused this way and is redundant as it serves the same function as fail2ban.
Mail and other Login Difficulties
We are being hit with such heavy brute force password guessing attempts that it has triggered pam_abl module on a number of hosts, a situation I have not previously encountered, and I am trying to figure out how to reset it and set it high enough that fail2ban will trigger first.
Eskimo North’s History
When I was around five or six years old, I visited a cousin and he had a low powered AM radio transmitter that would allow him to broadcast to radios nearby. I was fascinated.
A few years later, around 4th grade, I took a real interest in electronics and proceeded to read everything I could get my hands on related.
In 5th grade, I took a 5-tube all American table radio and converted it into a transmitter. It was crude but generated a few hundred milliwatts and could be heard for half a block or so away.
Through Jr. high and high school I ran a bootleg radio station, for most of that time around 100 watts and much of it 24 hours / day filling the wee morning hours with pre-taped programming. Occasionally, I ran a much larger transmitter that put out about 1000 watts but not for more than a few hours at a time.
I felt then and still feel today the monopoly the broadcast industry had on the airwaves was unfair and a blatant violation of the 1st amendment.
In 1981, now four years out of high school, several of my friends got busted by the FCC, and by this time I had my first class radio telephone license and was doing some work in commercial broadcast as well as working for Pacific Northwest Bell / US West, the regional telco, and decided it was not wise to continue so myself and friends decided perhaps since it was no longer safe for us to participate in pirate broadcasting that instead we would write about it and enable others in this pursuit of freedom.
At first we typed up articles on a manual type writer, literally cut and pasted them and then photo-copied them at a 7-11.
It occurred to me that a computer, word processor, and printer would be a more productive way to put a news letter together, so I bought a trash-80 model III with 48kbytes of RAM, two 180k floppies, and an Rs-232 port and a shitty dot matrix printer.
My friends wanted remote access so I obtained a modem and as there were no built in device drivers for the Rs-232 port, I wrote a primitive host program that enabled the screen and keyboard to be accessed via modem at a whopping 300 bps.
In 1981 there were a handful of home microcomputers you could buy, The Trs-80 model III was one of them, also Commodore Pet, Apple I, and a few others. There were enough of them out there and enough board teenagers that war dialing became a common thing and people discovering my word processor sitting on a modem became problematic with them fucking around with our word processing files.
So I wrote a primitive BBS front end that had e-mail, file transfer, some online games, and with the right login and password a drop into the command prompt so legitimate people could get to the word processing files.
Then a fellow I worked with who had a surplus electronics business on the side had some floppy drives that “didn’t work”, but he only wanted $20 each for them so I bought two and hooked them up and with tracksess found they in fact worked just fine but they were 80tk and double sided which is why he hadn’t been able to get them to work. Tandy’s operating system, TRS-DOS didn’t know double sided or 80tk drives, but NewDOS the OS I was using at the time, did.
So then bought two more, these actually did have defects, one had a bad preamp chip that I replaced, cost me a whole of $4 or so for a replacement chip and the other a bad head select diode. So then equipped with four good drives that could hold 720k each I had almost 3MB which in 1981 was an enormous amount of space for a home computer.
I turned my basic host program into a full featured programming language geared towards writing BBS’s which resembled BASIC in syntax but with a different set of keywords geared towards BBS programming. It ran about 40% faster than Microsoft BASIC even though it had more functionality and didn’t have some of MS-Basic’s bugs like val(“%something) causing a crash. I also wrote a secondary tasks that was serviced by timer interrupts that ran into the background that basically maintained a sanity check and rebooted if something was amiss.
It was probably the earliest example of multi-tasking on a Z-80.
I added more functionality to the BBS, an e-mail system, about 100 online games that had save files customized to the user so each user could play a game independent of others.
When Hayes came out with a 1200 baud modem, I upgraded. By 1985 it was so popular that a single line was taking around 300 calls / day. It had also merged with Minibin at this time, taking on Minibin’s room oriented message system with the message formatting re-written as part of ComBASIC for speed (all assembly much faster than BASIC). Because Minibin, written by Glenn Gorman, was originally written to use a Microperipherals Bus Decoding modem which was not ported the same as a standard RS-232, and he wanted to sell it commercially but couldn’t because the Microperipherals host program was copyrighted, we agreed to adapt each others software to work together and sell it commercially.
By 1985 it was so popular that I decided to go multi-line and so bought a Trs-80 model 16B with Microsoft Xenix as a platform that natively supported multi-tasking. I modified the 16B into the equivalent of a model 6000 and then beyond a 6000 by modifying the CPU board, adding an additional offset and limit register and a patch to the Xenix kernel that a friend back east had worked out. This allowed the CPU board to access up to 7MB of RAM instead of the 1MB it was designed to access.
Then I modified the memory cards from 256k to 1MB by removing the 4116’s and adding 4164’s and removing the +12V line not required by the 4164’s and running an extra address line with blue wire. It wasn’t pretty but it worked and allowed me to stuff 4MB into the machine and three serial cards for a total of 11 lines.
In order to cover the cost of lines I started to charge for access. I also bought a couple of 70MB drives, the largest you could get in the interface format supported by the Tandy, so I had a total of 140MB to work with. Added Usenet News and a Telebit modem to support the news feed.
By 1991 the 11 lines were not sufficient for the usage so I bought a Used Sun 3/160 with 16MB of RAM and two Super Eagle 575MB drives. It came with one 16 line MUX, I ordered two more for a total of 48 lines. This soon was not enough. So I bought Annex-3 comm servers and had a total of 256 lines by 1995. By this time I had also added two Sun 4/670MP’s with Ross RTK-625 CPUs (125 Mhz Quad Sparc) and a Sun 4/330MP which the telco parted with when they upgraded. The 4/330 became dedicated to processing Usenet News, the 4/670MP one was the mail server, the other shell server.
In 1992 when the Stockton CIX was formed I ordered T1s from Sprint and got on the Internet within about two weeks. Since I already had a local LAN the conversion to Internet was easy, just switch mail to directly talk across the Internet instead of using the Usenet smart routing that it previously was. Back then almost everything was text, text based games were super popular.
Over the years we migrated to Linux, initially on 386 hardware, today mostly overclocked i7 chips. We offer commercial e-mail, web hosting, virtual private servers, and Linux shell access including full remote desktop access to a number of Linux distributions.
Because I have always been an advocate of free speech, in Broadcast or on the Internet where I actually have some opportunity to do something about it, I recently put up a friendica node, this is a node on a federated network known as the fediverse, or the hubzilla network, and there are almost 10,000 nodes and 4 million users. My node talks to other nodes directly so no node can censor traffic for the entire network. As policy I do not censor as long as the material is legal, i.e., no kiddie porn and the like.
I’d like firstly to invite everyone, https://friendica.eskimo.com/, as a place to freely express your opinions without any threat of being “deplatformed”, I am anti-cancel culture here.
Over all these years I’ve developed a very good hosting platform, WordPress and other CMS systems are served faster on my platform than any of the big name hosters and I’ve also modified Apache so that every customers content gets served under their UID so if one customers code is bad it does not compromise other customers.
If you need a stable e-mail address, I’ve had eskimo.com domain since BEFORE the Internet was (previously routed via UUCP Usenet smart routing network) we can help you. If you need fast secure hosting, we’ve got the best, and if you would like access to variety of Linux shell servers complete with full graphical desktop we can help you. Check us out at https://www.eskimo.com/.
Lastly, in the past I have advertised with Google and Facebook and I’ve placed advertisement from Google on my site to generate some advertisement revenue but given that Google’s changed their position from “Do No Evil” to “Do Only Evil” and Facebook has tossed me off four times now, I no longer wish to give either a single cent of my advertisement revenue, and I am looking for conservative friendly ad networks, so if you can recommend same please let me know.
New Kernels
I’ve compiled and placed online the latest mainstream Linux kernels 5.11rc4 and 5.10.9. The 5.11rc4 is only available in client form since it is still a release candidate it is not really suitable for server use yet. When the official release comes out I will place a server version.
The kernels can be obtained from: https://www.eskimo.com/kernel/linux-{version}-tickless/{client|server}/files.deb.
There are three files for each kernel, download them all and install with: dpkg -i *.deb These will work on any debian based distribution such as Debian, Ubuntu, Mint, MxLinux, Zorin, Julinux, etc.
These are all compiled as fully tickless kernels. This is advantageous in situations where not wasting CPU cycles servicing clock interrupts where there is no work to be done is advantages, such as laptops where battery life is a concern or hosts with many virtual machines where each virtual machine wasting CPU totally can end up wasting more than real applications.
The “client” kernels are fully pre-emptive with a 1000Hz clock rate to minimize latency and are the best choice for multi-media, gaming, home desktops and workstations. The “server” kernel is non-pre-emptive with a 100Hz clock to maximize throughput at the expense of latency.
These kernels are all capable of running on bare metal or virtualized environments. They are all capable of hosting KVM/Qemu virtual machines provided you have the proper vt-t/vt-d instructions in your CPU.