29 January 2018, 14:32 UTCThe most current Microsoft advice on configuration documentation:
Please ignore that documentation for now: it will be changed to reflect the reality of the scenario.
25 January 2018, 17:10 UTCApple calls it (mostly) quits on the Server App...
Looks like the writing is on the wall for Apple Server.
Dumping many services, and suggesting replacements.
As always, here is a cut and paste of some of the details in case it goes away.
Prepare for changes to macOS Server Learn about changes coming to macOS Server in spring 2018 macOS Server is changing to focus more on management of computers, devices, and storage on your network. As a result, some changes are coming in how Server works. A number of services will be deprecated, and will be hidden on new installations of an update to macOS Server coming in spring 2018. If you've already configured one of these services, you'll still be able to use it in the spring 2018 macOS Server update. These deprecated services will be removed in a future release of macOS Server, so those depending on them should consider alternatives, including hosted services. Deprecated services are listed below. Links to potential replacements are provided underneath each deprecated service. Calendar Calendar and Contacts Server DavMail Radicale Contacts Calendar and Contacts Server DavMail Citadel DHCP Kea Dnsmasq FreeRADIUS DNS BIND Unbound KnotDNS Mail KerioConnect dovecot/Postfix Courier Messages ejabberd Openfire Prosody NetInstall NetSUS BSDPy VPN OpenVPN SoftEther VPN Tcpcrypt Websites Apache HTTP Server Nginx Lighttpd Wiki MediaWiki PmWiki XWiki
20 January 2018, 4:00 UTCI wonder...
If kids today save the downloaded QR coded file that has their concert ticket, the same way we saved the old paper ones.
3 January 2018, 21:32 UTCNobody ever got fired for going with Intel/AMD/ARM (ha). - (Meltdown / Spectre)
Some workloads just took a hit on many Intel processors made in the last 10 years.
- stop the presses - looks like Intel might patch 90% of the processors less than 5 years old:
Guess that would not be most folks anyway.
TLDR: Looks like kernel memory can probably be read by user space without a patch in kernel code.
Problem is, you pay a penalty for the patch in performance for some workloads.
Meltdown - side channel timing attack to learn kernel memory space secrets.
Spectre - predictive out of order CPU execution to work around slow memory fetches by malicious code to use timing differences from sequential and out-of-order executions - attacks memory from victim process.
Forcefully Unmap Complete Kernel With Interrupt Trampolines
Might want to enable some protection in your browsers:
Light reading before you consider any of this below this line:
Here is some code to check for the Windows - won't update without the new reg key:
import _winreg import sys # replace None with \computer-name for remote... rem_reg = _winreg.ConnectRegistry(None, _winreg.HKEY_LOCAL_MACHINE) try: # change _winreg.KEY_WOW64_64KEY with _winreg.KEY_WOW64_32KEY for 32 bit systems... akey = _winreg.OpenKey(rem_reg, r'SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat', 0, _winreg.KEY_READ | _winreg.KEY_WOW64_64KEY) except WindowsError: print "Key not found or is WIN32" sys.exit(128) for i in range(0,_winreg.QueryInfoKey(akey)): n, v, t = _winreg.EnumValue(akey, i) print i, n, v, t
Here is the same above as an exe:
Checker for 64 bit Windows -
reg key to add if not added by your non-existent Anti Virus software :-)
13 December 2017, 15:55 UTCNOC, NOC?
Vasilyev Ivan Ivanovich
All your "big" routes are belong to us:
... Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System. Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia. ...
5 December 2017, 15:13 UTCAndroid 8.1 Oreo
Now even more invasive!
15 November 2017, 18:23 UTCTimedRotatingFileHandler - don't be stupid.
So you are using the fine Python TimedRotatingFileHandler,
and you want rotation after a minute.
Make sure your process does not finish in less time than that :-\
14 November 2017, 5:46 UTCSystemd (resolv.conf and dnsmasq)
If you run dnsmasq and are having some trouble with occasional dns drops:
give this a try:
ls -alh /etc/resolv.conf you should record where that Systemd points to in the future... mine points to /run/resolvconf/resolv.conf If you cat that, you find: # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1 search lan That does not include the lie of 220.127.116.11 and 18.104.22.168, so just remove that link rm /etc/resolv.conf b.t.w. that link lives in /etc/systemd/resolved.conf - silly D, tricks are for google... (what else is going on that is non-apparent in that seemingly PID 1 process?) And add back in the truth via a simple; nameserver 127.0.0.1 Of course if you believe in dnssec, you probably believe in not butter...
Not butter constitutional siginatures
Not sure how they would sign so everybody in the world would agree and trust it...
A keysigining party on that scale would be interesting...
7 November 2017, 14:23 UTCCorporate 'the buck stops here' at CenturyLink / Level3
Key bit here:
"Corrective Actions: ... The individual responsible for this policy change has been identified."
I feel for that worker bee. Sounds like they need a scapegoat for bad process.
Root Cause: A configuration issue impacted IP services in various markets across the United States. Fix Action: The IP NOC reverted a policy change to restore services to a stable state. Summary: The IP NOC was informed of a significant client impact which seemed to originate on the east coast. The IP NOC began investigating, and soon discovered that the service impact was occurring in various markets across the United States. The issue was isolated to a policy change that was implemented to a single router in error while trying to configure an individual customer BGP. This policy change affected a major public peering session. The IP NOC reverted the policy change to restore services to a stable state. Corrective Actions: An extensive post analysis review will be conducted to evaluate preventative measures and corrective actions that can be implemented to prevent network impact of this magnitude. The individual responsible for this policy change has been identified. This service impact has concluded; if additional issues are experienced, please contact the CenturyLink Technical Service Center. There may be additional analysis and discovery that occurs as the incident is reviewed by NOC management. Any available updates will be relayed upon event ticket closure. At that time, a customer satisfaction survey link may be available. We strive to provide thorough communications containing the available information during a service disruption. Please let us know if the updates you received during this event were satisfactory.
More light reading:
When that link breaks:
Even more on complex systems and root cause:
4 November 2017, 6:44 UTCFilesystems, files, and inodes, oh my!
Raymond Hettinger - Glad to have him as a core Python contributer.
- A thinker that has an ability to simplify the complex!
Raymond Hettinger @raymondh #python insight of the day: Directories are a namespace and behave like dictionaries where the key is a filename and the value is an inode.
11 October 2017, 16:21 UTCData just wants to be free!
26 September 2017, 19:41 UTCGoogle / Chrome - Breaking the functionality of the web to save users from themselves.
18 September 2017, 18:52 UTCOptionsbleed - ask / search for it today :-)
15 September 2017, 17:07 UTCOld Python 2.7 install on Windows need pip / setuptools help?
24 July 2017, 17:45 UTCGoogle - how about "no".
20 June 2017, 18:49 UTCSo, in 2017, Grub2 still can't boot md raid 1.2 with on lvm top of it?
6 June 2017, 20:14 UTCWhere does that module live in the Python install?
31 May 2017, 18:38 UTCWindows 10 - Updates stopped and error: 0x8024401c?
30 May 2017, 13:34 UTCGoogle, where is your head? Not Secure. Is that the best wording you could come up with?
30 May 2017, 4:48 UTCO.K. Google, where are you getting your TZ data?
26 May 2017, 20:45 UTCBye
19 April 2017, 14:48 UTCSegfault error codes:
12 April 2017, 14:34 UTCTruly international experiences today.
5 April 2017, 16:54 UTCDocumentation is the only defense against tribal knowledge.
21 March 2017, 13:07 UTCHow not to serve a web page:
8 March 2017, 16:07 UTCDeployStudio - Inappropriate repository error
3 March 2017, 15:21 UTCGmail - get your smtp replies fixed - 4.7.0 is not a rejection.
10 February 2017, 19:28 UTCCheck your mail servers cert using a tls connection:
1 November 2016, 3:37 UTCWeb programming and n-tier programming:
11 October 2016, 19:09 UTCGood old telnet