Hello,
A long time ago I used to have a script that made a stacked graph of
which Linux distros customers chose over time. It was fun but the
script was horrible and hard to keep up to date, so I stopped in
2013:
https://ibin.co/5rTylhYv24am.png
I made a new one now in Grafana:
https://bitfolk.com/techspec.html#toc_3_Distro_Toothpaste
It's not very interesting yet because there's only 1 day of data in
it, but now seems like a good time to remind you that you can change
what distribution you report at:
https://panel.bitfolk.com/account/
I recently added Slackware since I know there's a few of those now.
Also if you reinstalled with something else then it might be out of
date.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
I'm planning to install software on my VPS, which requires incoming UDP
on port 10000.
My iptables is set to allow incoming udp on that port, but it remains
closed to the outside world.
I've set up a simple listener on port 10000, then tested using a web
service for port checking, and I've tested using telnet from two other
locations.
"Unable to connect to remote host: Connection time out", says telnet.
Have I omitted to do something I should have done?
Ian.
Hi,
==TL;DR: version==
You can now perform a mostly-automated install of CentOS 8.x from
our Xen Shell:
https://tools.bitfolk.com/wiki/Using_the_self-serve_net_installer
xen shell> install centos_8
==Full version==
Installing CentOS 8 at BitFolk has previously only been possible by
booting the Rescue VM and doing it in a chroot:
https://tools.bitfolk.com/wiki/Installing_CentOS_8
This is because as of CentOS 8, Red Hat decided to disable support
for PV and PVH mode Xen guests in all their kernels, even though the
upstream Linux kernel does have that supported by default.
Thanks to some work by Jon Fautley¹ in hacking together a modified
installer kernel and initrd for CentOS and RHEL we were able to
boot the installer anyway, so now a more normal install experience
is possible.
It is still necessary for CentOS users to switch to the kernel-ml
kernel package from ElRepo, so our installer does that for you.
===But isn't CentOS 8 dead?===
Red Hat recently moved the EOL date for CentOS 8 forward from 2029
to 31 December 2021. After that point, existing CentOS 8 users would
need to switch to CentOS Stream or some other distribution.
We would like to support CentOS Stream, as well as RHEL and perhaps
one of the more popular CentOS replacements (e.g. Rocky Linux)
should they ever make a release. This work was necessary for that.
===Should I install CentOS 8?===
Probably not given its short remaining lifespan, unless you want to
switch it to CentOS 8 Stream or RHEL8 later.
If you do we'd like to know how you get on with our installer. It's
only received light testing so far.
CentOS 7 is still security supported by the CentOS Linux project
until 30 June 2024.
===What is CentOS Stream?===
I'm not going to try to explain what Red Hat's product lineup is. As
far as I understand it's a rolling release, i.e. constantly updated,
with packages that are about to go into the corresponding RHEL
release. Red Hat does not recommend it for production use.
Red Hat's announcement is here:
https://www.redhat.com/en/blog/faq-centos-stream-updates
===Why are you considering offering RHEL?===
As of 1 February 2021 Red Hat is allowing its free Red Hat Developer
subscription to have up to 16 active servers:
https://www.redhat.com/en/blog/new-year-new-red-hat-enterprise-linux-progra…
It should be possible for us to support this soon, though with the
same caveat that it will likely be necessary to use the kernel-ml
EPEL package.
===Other questions?===
Please do ask if there's anything else.
Cheers,
Andy
¹ https://guv.cloud/
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
Hi all,
I run Debian Bullseye on my VPS. Overnight, Bind9 updated to version
9.11.1-1 and promptly crashed.
The fault is already known:
https://gitlab.isc.org/isc-projects/bind9/-/issues/2413
and appears to relate to the use of a named ACL for "allow-update" in the
config. This matches my setup.
I've just downgraded back to 9.16.8-1 for now and that fixed things for
me. Thought I'd mention it, just in case anyone else runs into problems.
If you're on Bullseye and use ACLs in your Bind config, it might be
worth putting a hold on updates to bind9 for a little while.
Cheers,
Alun.
Hi all,
If you are running your own email server and you are using SpamCop
(spamcop[.]net) somewhere in your spam filtering set-up, this is
important.
The service has had its DNS registration lapse and now points to a
domain parking service. More importantly, any lookup against the
SpamCop blocklist will return a positive response, which spam filters
take to mean the domain is listed.
While it would not be difficult for a DNSBL client to distinguish
between these responses and proper DNSBL responses (which usually are
in 127.0.0.0/8), but in practice most don't.
So if you are using SpamCop, it is strongly advised you remove it from
your DNSBL client until the domain starts working again.
Martijn
Hello,
On:
https://bitfolk.com/techspec.html#toc_2_Available_Linux_distributions
I am listing Ubuntu EOL dates as found at:
https://wiki.ubuntu.com/Releases
However, it seems that the EOL dates from the Ubuntu wiki refer to
Extended Security Maintenance:
https://ubuntu.com/security/esm
If I understand things correctly, this:
- covers only a small subset of the archive
- requires an Ubuntu Advantage account
- entitlement to ESM updates is only available for free for
personal use on up to 3 machines
So, for example, the recent "sudo" security issue is not available
for 14.04 LTS users unless they meet the above requirements.
If I have misunderstood things can someone correct me?
If not, I don't think it is particularly clear of us to list those
EOL dates on BitFolk's page and instead we should list the "End of
Standard Support" ones.
Thoughts?
And if we do list "End of Standard Support" dates, should that be
matched with "end of stable support" dates for Debian? The situation
for Debian is not straightforward either:
https://wiki.debian.org/DebianReleases#Production_Releases
While LTS and ELTS are available free to everyone (BitFolk is one of
monetary sponsors that makes that possible), they do only cover a
subset of what was in Debian stable.
A summary of what each thing means for Debian is something like:
Stable Security:
- Supported until release end of life
- Package maintainers and security team are supposed to provide
security fixes for every package in the stable release
- buster EOL: some time in 2022
Long Term Support:
- Dedicated team of paid developers provide security fixes on a
best effort basis; sometimes package maintainers help.
- Known to only cover a subset of the archive; most important
packages do get updates.
- buster LTS EOL: likely some time in 2024
Extended LTS:
- Even smaller team of paid developers provide security fixes
- buster ELTS EOL: likely some time in 2026
Which is these things is fair to call a supported Debian release?
Really I'd just like to keep some consistency.
(Personal controversial interjection: I'm no CentOS fan but this is
exactly what people will miss about CentOS. It was a straightforward
10 year support commitment. Which was a massive commitment. It
wasn't always timely, but you knew that RHEL would get an update and
then CentOS would. For 10 years. That has value.)
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi there,
I'm trying to troubleshoot an issue on my home network, using my Bitfolk VPN. I'm pretty sure the issue is with my ISP's network, but to be sure, is there any thing on Bitfolk's network that would be filtering incoming UDP packets to port 500?
That's my question, but for the sake of clarity, this is the issue I'm actually trying to solve.
I can't get WiFi calling to work on my home network. It used to work, but around the time I got a new router from the ISP (hyperoptic), it stopped working. I am pretty ignorant about how WiFi calling actually works, but it seems like it needs to send to UDP 500 to establish a tunnel into the telco network.
I used netcat to try sending packets to my BitFolk host, and netcat on said bitfolk host to receive them. It seems I can send and recieve to port 499 and 501, but not port 500.
My conclusion is that my ISP is somehow filtering out 500/UDP, but I need to know that it definitely isn't something at the bitfolk end, before I start wading through Hyperoptic's support tiers.
I am aware that Hyperoptic use Carrier Grade NAT, but I pay extra for a static IPv4 so that *shouldn't* be an issue.
Also, here's the Layer Four Traceroute for one of the EE WiFi calling gateways:
sudo lft -z -u -d 500 109.249.190.48
Tracing ......**********
TTL LFT trace to 109.249.190.48:500-516/udp
1 _gateway (192.168.0.1) 0.5ms
2 141.xxx.xxx.xxx.bcube.co.uk (141.xxx.xxx.xxx) 8.0ms # (redacted, my IP)
3 172.16.23.244 2.3ms
4 172.16.16.77 2.0ms
5 172.17.12.16 1.9ms
6 172.17.10.148 7.0ms
** [500-516/udp no reply from target] Use -VV to see packets.
If anyone can assure me that it should be possible to recieve port 500 UDP packets at Bitfolk, that would be great, but happy to hear if anyone has any other insights into why WiFi Calling doesn't work for me, that would also be great.
Thanks,
--
Misha Gale
PGP Public Key: 0x1986B8E1 https://mishagale.co.uk/pubkey.asc
Hello,
If you are using the CBL DNSBL in your mail filtering setup (I was)
or for any other purpose, please note that it has shut down:
https://www.abuseat.org/cutover.html
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
Most (all?) versions of sudo have a bug where local unprivileged user
can get root access:
https://www.openwall.com/lists/oss-security/2021/01/26/3
Updates are already out for most distributions that are still
receiving security updates. If yours isn't then you might want to
remove sudo (and think about an upgrade).
This is CVE-2021-3156.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi all,
I have had a VPS with Bitfolk for the past twelve years and before
that was able to use HantsLUG to host my genealogy related website.
Things have moved on and my wife and I are no longer doing family
history research, my wife's co-researcher who I was keeping my website
on line for recently died.
So I no longer need a VPS so as it is due for renewal shortly so
decided time to call it a day.
I am grateful to Andy for providing the service and to all those Hants
Luggers who helped me over the years. I have never regretted moving my
loyalty from RedHat to Debian and even managed to persuade my wife to
dump Win7 last year and let me install Debian Bullseye on her
computer.
i will be 90 years old next year but have let that hold me back and
until lockdown closed gyms was doing resistance training 3 times a week
and still workout at home to programs my Personal Trainer send me every
two weeks making full use of the small amount of gym kit I have.
I am also planning ahead and intend having a flying lesson in a
gyrocopter for my 90th birthday and doing a skydive on my 100th.
Wishing you all a prosperous and covid free 2021
John Lewis
