On Mon, November 21, 2016 12:20, Mike Zanker wrote:
> On 21 Nov 2016, at 11:49, Chris Dennis <cgdennis(a)btinternet.com> wrote:
>
>> Here's a question: is BitFolk an 'ISP' for the purposes of the bill? --
>> does it collect metadata about traffic in and out of my VPS?
>>
>> If not, would it make sense to use my BitFolk VPS as a VPN, so that it
>> proxies my home internet connection? I've been toying with the idea of
>> using software such as OpenVPN for this, and the bill (very nearly an
>> Act now) gives me another reason for getting on with it.
<snip>
> I must admit that I've been thinking along the same lines, although my
> ISP (Andrews & Arnold) is vehemently opposed to the bill and is making
> their own plans. I think the IP Bill allows for DPI of the backhauls,
> though, so the monitoring and logging could be done before your packets
> even get to your ISP, hence the need for VPN.
I'd been thinking of setting up a VPN to my Bitfolk box for a while (but
had trouble getting it set up then configured my home router to provide
one instead).
Originally my reason was in order to bypass restrictions on our Eduroam
network (for instance I really wanted to SSH to a non-standard port on my
server rather than having to open port 22 to the whole IP range used by
our University), but now I'm unhappy about letting the state decide what
is or is not suitable for me to view (and the slippery slope that
represents), so the answer to this would be interesting for me too.
> I'm not sure what the throughput would be on our VPS, though - it's
> pretty CPU-intensive. Would it be likely to cause issues to the hosting
> servers?
I hadn't considered that. Is a single user VPN more CPU intensive than
I'd imagine?
Gavin
Hi,
I had a query about full disk encryption and given the way things
are going in the world, perhaps it is more likely that people would
want storage that BitFolk can't read¹.
So, although support for FDE is pretty good in installers these
days, I wrote up some notes about using it at BitFolk which you may
find useful:
https://tools.bitfolk.com/wiki/Full_disk_encryption
Cheers,
Andy
¹ Note though that it is easy to dump an image of a running VM's
memory. That would probably allow someone to extract the LUKS keys
and use them against a snapshot of the storage to unlock it. So
not proof against a skilled, determined attacker with root access
to BitFolk's infrastructure. You will have to trust that it is
beyond me, though.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi all,
I've been running into some random, very intermittent, network packet loss issues for a while. I'm am not convinced what I describe below is related to those problems, but I found some surprising results with my bitfolk vm: It seems to reliably fail to respond to some percentage of pings. It doesn't seem to be a network connectivity issue, as the VM host machine doesn't show the issue. It doesn't seem to be specific to my VM (as I got a friend to try against his bitfolk VM with similar results). It is not a new problem (it shows every day in the last 30 days, which seem to be as far back as the graphs go).
I know routers are infamous for sticking pings in low priority queues and losing them, but didn't think this applied to VMs.
Here's the graphs for my VM:
http://www.thinkbroadband.com/ping/share/0ff742f2b1289b899300ba7896b098fe-2…
The red spikes from the top are packet loss.
Here's (assuming I found the right machine) a graph for the host:
http://www.thinkbroadband.com/ping/share/42212bbd72df894fe1eb72881ce38f57-2…
No ping loss shown there.
Anyone any insight?
Cheers,
Joseph
Just some quick feedback on the do-release-update to Ubuntu 16.04.1.
I thought my install of 14.04 was pretty standard, and it turns out I was
wrong. Nothing went so bad that I had to nuke it from orbit, but it's been
a couple of hours of repair work spread over a couple of days.
Firstly, immediately after the update (and restart) systemd hosed pid 1 so
the server wouldn't easily restart - I began to suspect something was up
when systemctl wasn't controlling services, but service <blah> restart (et
al) was still working so things didn't twig immediately. This only really
came to light when I tried to restart the server after restoring everything
else (see below) and that wasn't having it. Google came to the rescue,
there's a way to forcibly reboot using systemctl even when pid 1 is hosed,
and what was basically restart #2 got things happy again.
Not everything PHP 5 was automatically upgraded to PHP 7.0 (didn't have
that much extra over -common, but enough that my website was down for 15
minutes or so). I had been tracking Nginx HEAD via their PPA, so it was a
(very) minor downgrade to track the Ubuntu version (to avoid future
problems, hopefully). The fly in the ointment turned out to be mysql; I had
been using percona 5.6 (via PPA), but knew I wanted to track "stock" 5.7
(which the do--update did for me), but it zapped the config back to
defaults, causing me two days to wondering why Codeguard couldn't back up
my database - turns out that the default config only listens on 127.0.0.1
now... You learn as you go in my world.
Otherwise, a nice enough experience, and I'm loving the speed of PHP 7.0.
Kind regards
Murray Crane
Hi,
Being able to store multiple contacts has been a long-requested
feature:
https://tools.bitfolk.com/redmine/issues/22
The first phase of this work has now been deployed to the panel web
site. That's just the ability to store and edit multiple contact
records.
If you visit:
https://panel.bitfolk.com/account/contacts/#toc-address-book
you'll be able to add/change/remove contact records.
These aren't very useful though until the other parts of BitFolk's
infrastructure can make use of them, and most of that work is still
to come.
The most common use of a different contact is for
monitoring/alerting, so that has been implemented first. You can
control who gets alerts by creating contact records and assigning
them to the "Alerting" role.
For those of you who have monitoring set up:
- If you have no contacts assigned to the "Alerting" role then
alerts will go to your main customer record.
- If you have at least one contact in the "Alerting" role then
alerts will go there instead. Each contact will get a copy.
- Everyone who already had a different email address set in our
monitoring has had a contact created and assigned to the
"Alerting" role for this purpose, so no action needs to be taken
to keep things behaving the same as they did before.
Other common requests for alternate contact details were for billing
and data transfer reports. These roles will be added as soon as the
relevant BitFolk systems are made to support them.
In the mean time I would suggest one useful thing to do is for
people who care about being contacted in an emergency to add at
least one contact to the "emergency" role, with a mobile phone
number and/or email address that is not hosted on your VPS. We would
only use those details to contact you if we really needed to, when
your main email address does not seem to be working.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
Hi,
TL;DR version:
A few customers will see new bandwidth graphs appearing in their
Cacti, which can be found at https://tools.bitfolk.com/cacti/
The already-existing graphs will continue to run for a while and
then will cease to be updated. The new graph will become your
primary bandwidth graph.
This is because some high-bandwidth users need to have graphs based
on 64-bit counters, not 32-bit, in order to accurately measure
bandwidth use.
It may result in slightly higher values being reported in Cacti, but
this is merely correcting previous under-reporting. Monthly totals
as presented in our emailed data transfer reports were/are correct.
Longer version:
While investigating some recent discrepancies between the different
systems we have for accounting for customer data transfer, I
discovered that all of our bandwidth graphs were using 32-bit SNMP
counters.
A 32-bit unsigned counter has a maximum value of 4,294,967,295. With
5 minute sampling, that means that an interface seeing around
114Megabit/sec of traffic will reach 4,294,967,295 and wrap around
to zero again before the counter can be read.
As a result, a few customers who routinely use large amounts of
bandwidth have Cacti graphs that are under-reporting their usage.
Here is an example of a graph based on 32-bit counters:
http://tools.bitfolk.com/cacti/graph_5062.html
Here is the same interface graphed from 64-bit counters:
http://tools.bitfolk.com/cacti/graph_5617.html
You can see that the first daily graph has several drop-outs around
high bandwidth periods, and that the total data transferred in the
last 24 hours is under-reported in the first daily graphs.
I will not go through and replace every bandwidth graph with new
ones, only those of customers who are seen to be transferring more
than ~4.2GB in 5 minutes. So if you see a new graph appearing, this
is why.
Measuring 32-bit counters on a 2x 1 gigabit interface was of course
a very silly oversight, and it is now apparent that even the virtual
network device in an individual VPS has no problem exceeding
~114Mbit/s.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
Hi,
By now you should have all received notification of the scheduled
maintenance that will be taking place in the early hours of the
morning (UK time) on 2016-09-02, 03 and 05.
This is the result of an embargoed security update that we have been
made aware of today.
If you have not seen the notification which was sent directly to the
email address we have for you at:
https://panel.bitfolk.com/account/contacts/
please first check your spam folders, etc., and failing that please
do let us know.
Also if you have any questions I am happy to answer these either on
the users mailing list or directly in a private ticket at
support(a)bitfolk.com.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
