A number of users complained about the introduction of Dashboard a while back.  It is an app now and could be disabled.  Given that nobody had anything good to say about it and it was slow as molasses in liquid helium, I have disabled it.

     https://nextcloud.eskimo.com/ is restored to service.  The automatic updater just would not work.  After about a dozen retries and it hanging in various spots during the upgrade, I manually upgraded which was successful.  There are a number of older applications that are no longer supported and a number of new available that I’ve yet to install but those apps that were installed that remain compatible are operational.

     Nextcloud is down tonight.  An update blew up and left it in an unusable state.  I’ve been working at it for about eight hours but need to get some sleep.

     At approximately 11:30PM Friday December 10th, Pacific Time, I will be rebooting the physical hosts which in turn will reboot all the virtual machines.  This is necessary because some system library updates that have been recently applied require a system restart to utilize the new code which addresses some Linux security concerns.  This should take about ten minutes for all hosts to complete.

     This will affect all shell servers, web service, mail service, and https://friendica.eskimo.com/, https://hubzilla.eskimo.com/, and https://nextcloud.eskimo.com/.

One other detail, if you give it a pass phrase then it will ask for that pass phrase every time you use ssh-copyid.  This is just an extra layer of security if your originating machine is not secure.

If ssh-copyid gives you this error:

ssh-copy-id user@ubuntu.eskimo.com
/usr/bin/ssh-copy-id: ERROR: No identities found

It means that you have never created ssh keys on your ssh client.  To do so:

type:

ssh-keygen

It will respond with something like:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):[Enter key]
Enter passphrase (empty for no passphrase): [Press enter key]
Enter same passphrase again: [Pess enter key]
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
22:d4:fe:cd:ab:93:1f:33:f2:e3:ac:32:3c:c5:7a:ac user@your machine

After which sshd-copyid will work.

     Mxlinux is now upgraded to Mxlinux-21.

     The following describes what I am working on to address slow web response.  If you like tech details read on, else just know I’m working on a solution.

     I am in the process of acquiring components for a new web server.  The existing server is no longer able to handle the peak loads.  This came about rather suddenly and is a combination of increased traffic and a larger mix of applications verses flat-files being served.  Applications require CPU to execute something to create a page or possibly an interactive situation such as connecting to a shell server via the web.  In particular the popularity of friendica and nextcloud has increased, and nextcloud has become ever more bloated with each new version.

     There is a big plus to this, it has generated new customer interest and with that the money is available for new hardware.  But we were already running some fairly high performance hardware so now really reaching for stratospheric performance.  It’s easy to get a lot of threads at a low CPU speed or a few threads at a high speed but both at once are a challenge.

     The existing web server is on an i7-6850k based system which is a 6-core 12-thread CPU, and it is maxed out at 128GB of RAM, that’s as much as that platform can support.  Only the database is on SSD which means any fork/exec that isn’t cached involves disk access.  When the machine gets busy everything gets blown out of cache because there isn’t enough RAM and that’s when performance really suffers.  The machine is shared with Mint, Debian, and Ubuntu shell servers, those and the web server are all virtual machines on the same physical box.

     To address this I am building a new server that will be based on an i9-10940x which is a 14 core 28 thread CPU, most importantly it is capable of addressing 256GB of RAM.  The shell servers will remain on the existing machine and the web server will be on bare metal on the new server so it will have 4x the RAM available as the existing machine.  Additionally, not only the database but also system programs will be on SSD in a RAID-1 configuration so that fork/exec operations will be much faster.  The i9-10940x is rated at 3.6 Ghz but can be clocked at 5Ghz IF the heat can be adequately removed, so finding an adequate cooling solution is the main challenge.  I’m going to start with a Noctua 15 dual fan and replace the fans with some noisy but very high CFM.  The co-lo already sounds like you’re standing behind a 747 during take-off so noisy fans not a huge concern.  If that does not suffice may have to go liquid but I really prefer to avoid that since maintenance of liquid cooled systems tends to be a major headache.  So we’ll have more than twice the CPU cycles, 4x the memory, and much faster disk infrastructure.

     One thing making this take longer is I have to get rid of two old Sparc machines in order to make the power budget this will require available.  At the co-lo facility I have one 20 AMP circuit and converting the old antique free radius to the new version is some learning curve that is straining my 63 year old brain but making slow progress.

     You can login to any of our shell servers without a password by setting up ssh keys.  To do this, from a terminal on your machine type:

     ssh-copyid username@host.eskimo.com

     Where username is your login, and host is the shell server you want to connect to, for example, if I wanted to set them up for ubuntu I would type:

     ssh-copyid nanook@ubuntu.eskimo.com

     It will then prompt for your password.  After you type it you can then ssh username@ubuntu.eskimo.com or whichever host(s) you set up, and you should never need to type a password again.

     This prevents two potential issues, one it will prevent someone who installs a keyboard logger on your machine from obtaining authentication information for your accounts here.  Two, it will prevent you from getting locked out from too many mistyped passwords.

     Second bit of news, I will be attempting an upgrade of mxlinux from 19 to 21 this evening.  The dpkg program in mxlinux 19 is so old it will no longer install a modern kernel.  The machine will need to be rebooted during this procedure and may be unavailable for some time if things go wrong.  Since mxlinux does not include an updater program, this is, like debian, a very manual process fraught with potential errors.

     Our client mail server is having some issues with NFS connectivity to Ubuntu.  I am going to reboot it in hopes of clearing this problem however, NFS reconnecting is not 100% after a reboot in Linux so I will have to manually check all the shell servers which may take about twenty minutes after the reboot.

     A while back vnc and rdp no longer functioned on the various Redhat based servers, centos7, centos8, centos-stream, fedora, and scientific7.

     This was caused by an update the xrdp that required a newer version of openssl but they did not provider a corresponding upgraded openssl.

     That has since been resolved and these remote access protocols are now available on all of these machines.

     In addition, I have installed mosh on all of these machines.  Mosh is a remote access protocol designed to work around intermittent connectivity such as that provided by a cell phone.