BitFolk Users April 2016

users@mailman.bitfolk.com

12 participants
8 discussions

Dear Entropy service users, what software uses /dev/random?

by Andy Smith

Hi, If you do not use BitFolk's Entropy service and have no interest in doing so then this email will be of little interest to you can be safely ignored. If you haven't heard about the Entropy service before, please see: https://tools.bitfolk.com/wiki/Entropy If you *do* use the Entropy service though, I'm interested to know what software you have that actually uses /dev/random (and not /dev/urandom). Some background to this question: To provide the Entropy service we use hardware entropy generators, currently exclusively a pair of EntropyKeys manufactured by a UK company called Simtec Electronics Ltd. Despite the fact that these were extremely popular little devices (compared to other fairly niche little gadgets), Simtec always had a supply problem and then Simtec imploded as a company, so as far as I know these are now impossible to obtain, the IP is lost forever etc. Although I have one spare EntropyKey ready to put in service should one of the two in service ever die (I've not experienced that yet), that left me slightly worried as to what I'd do if I needed to get more. Then I saw the OneRNG kickstarter, and decided to pledge. So now I have 5 of (the internal USB version of) these: http://onerng.info/ I've not yet gone any further than verifying that they keep the entropy pool full on the machine they're plugged into, but that's good enough for now. Could be a decade before one of my existing EntropyKeys dies. I have since heard that this device proved far more popular than its manufacturer expected (sense a theme?) and they're now extremely difficult to get hold of because they need to get a new batch made in China. I've had multiple people contacting me on the basis of a tweet I did about getting these, asking me to sell them mine (which I would, but they didn't want internal USB). The point I'm trying to make here is that the world of hardware random number generators is not one with reliable supply lines, unless you want to spend a fortune on some black box. So when I came across: http://www.2uo.de/myths-about-urandom/ I was sad that the nerdery that is the Entropy service may be misguided, but also happy with the possibility that I might never have to source a hardware RNG again. Let's just take the argument posited by the article, that all (Linux) software should just learn to love /dev/urandom¹, as true. If you don't agree with this claim, you are disagreeing with some pretty big names in crypto. The Hacker News commentary on the article may also prove of interest: https://news.ycombinator.com/item?id=10149019 At the very least, I feel the Entropy article on the BitFolk Wiki needs an update in light of this. To justify the service's existence, if nothing else. Going further, the question becomes, well, what software is there in existence that forces use of /dev/random with no configuration that would allow otherwise? Because even if we agree that all software *should* be using urandom, if some popular software *refuses* to without recompile, then we're still going to have to provide an Entropy service, because doing so is easier than running non-packaged software. So Entropy service users, what have you got that uses /dev/random? Cheers, Andy ¹ A more correct summary of it is probably, "urandom is fine all the time except for on initial boot when a small amount of entropy from outside the CSPRNG is desirable." On shutdown all fairly modern Linuxes save the current entropy pool to the filesystem and load it up from there on boot, so it's only essential on first boot. -- http://bitfolk.com/ -- No-nonsense VPS hosting

6 years, 10 months

routing problems, or is it me?

by Michael Stevens

Hi, Anyone else having routing problems? I'm unsure if it's me, as my ISP has been having issues today so it could very easily be my end, but I can't get to bitfolk from some locations, my packets seem to be getting lost somewhere in zayo.com: mstevens@mstevens-Vostro-460:~ % traceroute etla.org traceroute to etla.org (85.119.82.193), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 0.294 ms 0.398 ms 0.510 ms 2 192.168.10.85 (192.168.10.85) 2.576 ms 2.606 ms 2.637 ms 3 172.30.4.135 (172.30.4.135) 10.433 ms 11.886 ms 14.330 ms 4 mai.b2.edge.as200876.rs.uk.evolving.net.uk (82.145.32.89) 16.494 ms 16.926 ms 11.980 ms 5 1717.net1.north.dc5.as20860.net (87.117.210.25) 35.128 ms 34.351 ms 35.158 ms 6 be3.asr01.thn.as20860.net (62.233.127.173) 18.842 ms 19.629 ms 19.581 ms 7 ae6.mpr1.lhr15.uk.zip.zayo.com (94.31.48.85) 19.650 ms 11.177 ms 10.736 ms 8 ae5.mpr2.lhr2.uk.zip.zayo.com (64.125.21.9) 12.184 ms 12.775 ms 13.125 ms 9 ae10.mpr1.lhr1.uk.zip.zayo.com (64.125.31.193) 16.533 ms 16.117 ms 16.703 ms 10 * * * It works from other places, which is how I'm sending this email... Michael

8 years, 7 months

Re: [bitfolk] routing problems, or is it me?

by Samuel Bächler

Dear All Below you will find the output of my playing around - using my mobile phone with EE sim card (EE mobile) to access the internet. $ tracert bitfolk.com Routenverfolgung zu bitfolk.com [85.119.80.223] ▒ber maximal 30 Abschnitte: 1 <1 ms <1 ms <1 ms 192.168.42.129 2 * * * Zeit▒berschreitung der Anforderung. 3 50 ms 49 ms 49 ms 10.248.28.225 4 1220 ms 409 ms 479 ms 10.247.86.25 5 52 ms 50 ms 48 ms 10.247.86.6 6 946 ms 459 ms 469 ms 10.247.86.9 7 54 ms 50 ms 51 ms 10.247.86.18 8 1101 ms 1429 ms 47 ms 87.237.20.232 9 1900 ms 539 ms 499 ms 87.237.20.81 10 2173 ms 376 ms 431 ms 80.150.171.93 11 160 ms 155 ms 149 ms 80.150.170.106 12 149 ms 150 ms 155 ms ae-1.r00.londen10.uk.bb.gin.ntt.net [129.250.3.31] 13 * * * Zeit▒berschreitung der Anforderung. 14 411 ms 631 ms 1155 ms jack.bitfolk.com [85.119.80.20] 15 59 ms 59 ms 59 ms bitfolk.com [85.119.80.223] Ablaufverfolgung beendet. And $ tracert boeser.ch Routenverfolgung zu boeser.ch [85.119.84.22] ▒ber maximal 30 Abschnitte: 1 <1 ms <1 ms <1 ms 192.168.42.129 2 * * * Zeit▒berschreitung der Anforderung. 3 54 ms 61 ms 56 ms 10.248.28.233 4 58 ms 61 ms 57 ms 10.247.86.27 5 48 ms 49 ms 99 ms 10.247.86.6 6 1656 ms 58 ms 49 ms 10.247.86.9 7 1037 ms 1008 ms 467 ms 10.247.86.18 8 102 ms 49 ms 49 ms 87.237.20.232 9 1078 ms 499 ms 1227 ms 87.237.20.81 10 59 ms 71 ms 85 ms 80.157.131.33 11 147 ms 163 ms 149 ms 80.150.170.106 12 153 ms 155 ms 151 ms ae-1.r00.londen10.uk.bb.gin.ntt.net [129.250.3.31] 13 * * * Zeit▒berschreitung der Anforderung. 14 963 ms 806 ms 59 ms macallan.bitfolk.com [85.119.80.25] 15 * * * Zeit▒berschreitung der Anforderung. 16 * * * Zeit▒berschreitung der Anforderung. 17 * * * Zeit▒berschreitung der Anforderung. 18 * * * Zeit▒berschreitung der Anforderung. 19 * * * Zeit▒berschreitung der Anforderung. 20 * * * Zeit▒berschreitung der Anforderung. 21 * * * Zeit▒berschreitung der Anforderung. 22 * * * Zeit▒berschreitung der Anforderung. 23 * * * Zeit▒berschreitung der Anforderung. 24 * * * Zeit▒berschreitung der Anforderung. 25 * * * Zeit▒berschreitung der Anforderung. 26 * * * Zeit▒berschreitung der Anforderung. 27 * * * Zeit▒berschreitung der Anforderung. 28 * * * Zeit▒berschreitung der Anforderung. 29 * * * Zeit▒berschreitung der Anforderung. 30 * * * Zeit▒berschreitung der Anforderung. Ablaufverfolgung beendet. Regards, Sam

8 years, 7 months

Ubuntu 16.04 LTS (Xenial Xerus) installer now available

by Andy Smith

Hi, I've now added support for installing Ubuntu 16.04 to the Xen Shell. Your instance of the Xen Shell will need to be version 1.48bitfolk36. If you have an old copy hanging around, log out of it completely and SSH to it again. I would not recommend attempting to use ZFS unless you have a lot more than the default 1GiB memory (and then you'll still need a separate ext4 /boot). Here's an Asciinema of me installing a 64-bit encrypted storage version of it in real time. I skipped the swap device for speed but you may not necessarily want to do that. https://asciinema.org/a/8n7onshwzaziqhz7ewqmxcbcv Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

8 years, 8 months

ekey-egd-linux messages

by Andy Smith

Hi, Between about 06:46 and 07:09 UTC today I was doing some work to move the entropy service behind a VRRP IP and so users of it will have seen some messages like: ekey-egd-linux: Reconnecting to EGD server in their logs. As long as they do not continue in past 07:09 there is nothing to be concerned about. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

8 years, 8 months

Planned maintenance for snaps.bitfolk.com on Saturday 16th April, ~30 mins between 12:00Z and 16:00Z

by Andy Smith

Hi, If your VPS lives on snaps.bitfolk.com then you should have by now received direct email notifying you of planned maintenance on this server on Saturday 16th April. If you don't know what host your VPS is on, please see: https://panel.bitfolk.com/account/ which lists it. If it's on snaps.bitfolk.com and you haven't received the notification you should check your spam folders etc. If your VPS is not on snaps.bitfolk.com then you will be unaffected and should not notice any disruption. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

8 years, 8 months

Base data transfer quota increased to 1TB

by Andy Smith

Hi, Effective immediately the monthly data transfer quota has been increased to 1,000GB. For those of you on 95th percentile it's been increased to 2Mbps. Those of you that pay for additional monthly data transfer may not now need to do so. If that is the case please contact support(a)bitfolk.com about dropping back down to the new default. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

8 years, 8 months

Hardware upgrades complete, on to other improvements

by Andy Smith

Hello, I'm pleased to say that the hardware upgrades were completed on 1st April 2016. That means every single BitFolk customer was moved from an older piece of hardware to a new one, and in the process gained some extra memory and an extra virtual CPU core. The swap provision was standardised to a 1GiB xvdb device with a single swap partition on it. If you previously had a smaller swap device (480M customers had 480M swap) or no swap device at all (older accounts had a swap *file* on their root filesystem) then you may wish to check if there is some extra swap space you could be using: https://tools.bitfolk.com/wiki/Hardware_refresh,_2015-2016#Making_use_of_th… The higher specs of the new hardware allowed the total server count to reduce to 64% of what it was. Also, more importantly, the power usage is now at approximately 24% of what it was before. This should result in a big saving in hosting fees which are entirely scaled by power consumption, and represent BitFolk's biggest outgoing. I will be taking a couple of months to see how things balance out financially and to allow for some other developments out of my control¹, but then I will be seeing if I can reduce prices a little and/or introduce a cheaper 512M memory VPS package. I am now able to focus on some other areas that need attention. Those of you who have experienced refused connections to the apt-cacher² will be pleased to know that this has now been put behind a high availability proxy so those should be a thing of the past. Additionally I have moved the spamd³ service behind there and will soon do the same with the entropy⁴ service. These services had previously either not been redundant at all (apt-cacher) or had merely been multiple hosts behind one proxy (spamd, entropy) thus having the proxy as a single point of failure. I've put some work into deploying a new pair of proxies with a VRRP floating IP (and IPv6) so these services should also now withstand the loss of one of the proxies. As a side benefit that now means that we could sell you a floating IP service, where you could run a command (or, more realistically, have keepalived or some other monitoring software run a command) to float an IPv4 and an IPv6 /64 between two or more of your VPSes. Let me know if you would be interested in that. Other areas I know are desperately in need of attention: - Need to look into moving to pvgrub as a booting method. Current use of pygrub really mandates GRUB 1.x-style /boot/grub/menu.lst while most distributions are moving to GRUB 2.x /boot/grub/grub.cfg. The lengths we need to go to in order to force support of older GRUB are getting to be too much, but I would rather skip over pygrub enhancements that support GRUB 2.x and move straight to pvgrub. For those unaware of the difference, pygrub is a Python script that runs as root in BitFolk's host machines in order to parse boot instructions from your block devices. This has security implications as you can probably imagine. pvgrub on the other hand is a Xen-compatible build of the actual GRUB that is booted as a virtual machine as you, and then that tries to boot. This is much safer, and much more reliable since it actually *is* the real GRUB bootloader rather than a script that tries to mimim its behaviour. - Need to modernise Nagios monitoring. BitFolk's Nagios is now really too long in the tooth, is starting to have problems doing modern TLS connections for example. I am looking at replacing it with Icinga, and also hope for slightly more customer control over what is monitored (i.e. giving you access to some form of interface that can make changes, instead of requesting all changes by support ticket). Initially it just has to work though, because I rely on it for my own monitoring. - Support for European bank accounts in GoCardless (Direct Debit). I know there are few customers with Euro bank accounts who are grudgingly using PayPal subscription only because BitFolk's GoCardless integration doesn't yet support them, event hough GoCardless itself does. - Support for recurring payments with Stripe (credit/debit cards). BitFolk payments through Stripe are currently only possible as one-off payments and I know there are some who would prefer to have Stripe store their card details and let BitFolk just take a regular scheduled payment. - Everything else that is in https://tools.bitfolk.com/tracker/ :) There's far more things to work on than there is time to do it in, but there should be some progress at least. Thanks for your patience! Comments and insight on future direction are welcome. Cheers, Andy ¹ Our colo provider is soon going to be changing their method of power monitoring and will likely put prices up at the same time ² https://tools.bitfolk.com/wiki/Apt-cacher ³ https://bitfolk.com/customer_information.html#toc_2_SpamAssassin ⁴ https://tools.bitfolk.com/wiki/Entropy#BitFolk.27s_entropy_service -- http://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ announce mailing list announce(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/announce

8 years, 8 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

BitFolk Users April 2016