Hi,
A bug sneaked into the upstream Linux kernel and was included in the
latest Debian stable kernel release. As the point release to Debian
12.3 happened yesterday, if you upgrade to that kernel and boot into it
you will be exposed to a data corruption bug in ext4.
So do not install linux-image-6.1.0-14-amd64 version 6.1.64-1. Wait
for 6.1.66-1 which contains the fix.
https://micronews.debian.org/2023/1702150551.html
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Does anyone else use Docker on their VPS and if so what spec is it running on? I'm migrating to a new one to upgrade to 64bit and decided to try Docker. It has worked pretty well on my local servers, none massively powerful, but in spite of being told the overhead of multiple copies of things isn't much of an impact it seems I have obliterated the capability of my VPS barely half way through the process, with htop registering both swap and physical memory maxed out.
I've migrated 8 WordPress sites and had to disable 3 to regain some level of stability (these using the official WordPress Docker image, which admittedly spins up Apache and MariaDB for each one). I've decommissioned 2 WordPress sites, but have 7 more to move (4 of those being in 2 multisite setups) as well as 3 phpBB, 3 Piwigo and a Roundcube, not to mention email and mailman.
These are low traffic and experimental sites in many cases, but at the moment I'm debating between reverting to the old setup (possibly an issue as my phpBB sites are planned to migrate to Discourse which started the Docker idea), or moving the databases into a single container, and possibly the WordPress sites into a single Apache (which also part defeats the object of Docker I guess).
I was expecting more load, but not this much. Part way through is not an ideal time, particularly when I'm still battling COVID two and a half weeks on from catching it (which isn't helping my thought processes!).
Any thoughts from the collective wisdom here?
Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
Hi,
I'm currently investigating problems with host "macallan" which
started having issues around 12:57 as far as I can see. I will keep
you updated when I know more,
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
I've just installed a new VPS using the ubuntu-jammy image, and with the
new (likely not that new, but last VPS was pretty old) cloud-init
install it creates a default user of ubuntu. I want to change that to
something else, but haven't needed to do that before, so thought I'd
check if there are any gotchas that will come back to bite me down the
line. As far as I can tell the best way to do it is to use:
usermod -l newusernam -m -d /home/newusername oldusername
Clearly from a different account, and with this being a clean new
install there shouldn't be anything in terms of cron files to mess with.
There will be a group name to change too though. Is there anything else,
or a better way to do this?
--
Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
Hello all,
Would any of you know if the following scenario is "doable"?
We run an old Exchange 2010 infrastructure at my work, and there is no way
they are going to spring for newer: getting them to go from 2003 to 2010
was an ordeal...
Could I set up an Ubuntu Postfix "relay" server between Exchange and the
Internet, that also permits one particular mailbox to be accessible from a
Dovecot install on the same server (as well as relaying the mail for that
mailbox to Exchange)?
Yes/no and pointers most welcomed.
Kind regards
Murray Crane
Hello,
I was reading about this incident of alleged lawful intercept used
on Hetzner and Linode in Germany in order to successfully MitM
TLS-encrypted traffic for a period of months:
https://notes.valdikss.org.ru/jabber.ru-mitm/
The link at the bottom on some ideas to detect and mitigate is also
worth a read:
https://www.devever.net/~hl/xmpp-incident
I am still left wondering why the attacker did not use a block
device and/or memory snapshot of the Linode VM in order to extract
the real TLS key material and avoid having to issue new ones, which
appeared in CT logs.
At the moment my best guess is that perhaps the filesystem was
protected by LUKS and the skills to extract key material from a
memory dump, while existing, were in short supply. Meanwhile, the
procedure to MitM network traffic through their own hardware on
Hetzner and Linode is probably very well documented and tested, so
maybe could be done straight away, and it was perhaps considered
expedient to just risk the new certs being noticed.
DNSSEC+CAA start to seem like very good ideas.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
After a recent update of the cloud-init package on Ubuntu 22.04
something appears to be going wrong and cloud-init is being run at
every boot - WHICH WILL LEAD TO YOUR NETWORKING CONFIG BEING
DELETED.
In addition, the password of the "ubuntu" user is locked and the SSH
host keys are regenerated.
I do not yet know whether this is the result of some misuse of
cloud-init on our part, or some bug in cloud-init. The outcome is so
bad that I have to warn you about this as soon as possible, before
I've fully understood the issue.
It is safe — and at this stage recommended — to simply remove the
cloud-init package which serves no purpose at BitFolk after first
boot.
$ sudo apt remove cloud-init
If it is too late for you and you already did reboot and are now
wondering why your VM has no network and is trying to DHCP for one,
here's how to fix things.
1. Connect to your Xen Shell with
ssh accountname(a)accountname.console.bitfolk.com
More info: https://tools.bitfolk.com/wiki/Xen_Shell
1. Work out how you're going to get root access from a console log
in prompt. If you have a user other than the initial "ubuntu" one,
you'll use that. If you don't, you'll need to reset the password for
"ubuntu" as it has now been locked.
If you have a login already, use "console" command and log in to
your VM at its console.
If you need to reset the "ubuntu" password:
a) Make sure VM is shut down
xen shell> shutdown
b) Follow these instructions substituting "ubuntu" for "root":
https://tools.bitfolk.com/wiki/Resetting_root_password
then "boot" your VM again and log in as "ubuntu".
2. At this point you're logged in as "ubuntu" on a VM with no
network.
Put /etc/netplan/50-cloud-init.yaml back to how it was. Here is
an example file:
https://tools.bitfolk.com/wiki/Ubuntu#Migrate_to_netplan
The "gateway" statements are deprecated but will still work.
Make sure to "chmod go= /etc/netplan/50-cloud-init.yaml" so it
has correct permissions
$ sudo netplan generate
$ sudo netplan apply
Your networking should now work again
3. sudo apt remove cloud-init
It will now be safe to reboot in future.
As I say I am still looking into where the problem lies here and the
best way to fix it.
The example netplan config linked above has some deprecated
statements in it which I will also fix (if it doesn't have
"gateway4" etc in it any more then I did already by the time you
read this), but it does (still) work.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
I'm thinking about running a small web & email server at home. We have a fixed IP address (only IPv4, we don't have an IPv6 address).
I'm wondering if anyone knows of any issues we might come across. For instance, will people like spamhaus recognise it as a residential IP and blacklist it because of that?
Robin
Hi,
This email only of interest to users of Ubuntu 22.04 and beyond.
I'm just dealing with a support ticket where an Ubuntu 22.04 VM was
rebooted and lost its networking configuration.
For Ubuntu 22.04, initial networking (and other) configuration is
baked into a "seed image" which is mounted as /dev/xvdz at first
boot. cloud-init then uses that information to create a netplan
config file in /etc/netplan/. This VM was found to no longer have
that config, but instead only have some sort of default config that
tried to use DHCP.
I don't yet know how this happened. I would like to.
If this happens to you, you will need to log in by the Xen Shell
console and configure your networking again. Here is an example of a
netplan config for BitFolk:
https://tools.bitfolk.com/wiki/Ubuntu#Migrate_to_netplan
After generating and applying that (with your correct details) I
would expect things to be fine.
If this does happen to you I would very much like to know and also
if you have any insight into how your working configuration got
deleted.
I've only sent this to the users list (not announce@) at this stage
because I have no idea what caused it or if it's likely to happen
again to anyone else.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
Apologies for exposing my ignorance in public like this, but can somebody tell me how I'd know if my Debian Bookworm system has been patched to ensure it's no longer vulnerable to the "Looney Tunables" privilege escalation (https://www.debian.org/security/2023/dsa-5514)?
The fix is apparently in the most recent glibc source package. I don't seem to have that glibc package installed (and it's a source package, not a binary?), but I read that stock installs of Debian (and most linuxes) are vulnerable. Which actual binary packages need to be updated to fix the vulnerability in the dynamic loader, and how does this relate to the source package?
Cheers,
jmi
--
Jamie MacIsaac
jamie(a)macisa.ac
