68 new of 223 responses total.
There have been some reports of connection and application issues since we brought Grex back up. The web site and ssh should be working again and so should mutt and mc. The RT help desk app doesn't seem to be working right now so I'm unable to reply to validation and help requests even though I can, when I find the time, work on them.
resp:156 What exactly is not working? Any error messages?
Right now, it is a case of Firefox can't connect, but earlier it said to contact the administrator (and that was all).
Hmm. It seems some file permissions were wrong; probably due to me upgrading the web server. Are you still having problems? I'm able to get into RT, but didn't try to do anything....
It's working for me now. Thanks!
E-mail may not be working for you if it requires a SSL certificate to be up to date. Grex's SSL certs expired today and that seems to be one reason. Another reason is that grex tends to be blacklisted on some popular sites including gmail. My iphone was complaining about every 15 seconds that grex.org was not verified and it said the SSL cert had expired.
SSH is quite laggy, I'm logged in to a handful of other systems for work and have no issues there, so I'm pretty sure it's not me. Seems that the SSL cert has expired for Backtalk. Since we're on OpenBSD 6.3 here, we've got acmetool (a client for LetsEncrypt) right in the base OS -- not only are the certs free, but the update process can (and should!) be automated with a cron job or /etc/daily.local entry. Ping me for help, I run OpenBSD servers for $day_job :) Finally, it seems /var/mail/glitch is gone and I can't get email here at the moment.
Email was moved to your home directory and is no longer in /var/mail.
We should definitely setup letsencrypt for our ssl certs. I think I started looking into it and then got busy with my own $day_job. :) In other news, we were offline for the better part of 3 days due to a storm on Monday. Multiple lightning strikes were reported by my equipment, the closest being 0.3 miles away. It took out my internet router, a video card, one of my STB's and caused some really weird shit with multiple other computer components on my network. AT&T came out this evening and got the internet back online. The graphics card for my main pc was the biggest issue for me. :( Luckily I'll get that Friday...but in the meantime, Grex is back....
Thanks, tonster. Condolences on the graphics card.
re #164 What was the STB? (Roku?) Thanks for getting it back online
resp:166: U-Verse receivers. My Roku devices are all still working fine. I was rather surprised to see the U-Verse receiver dead. My network gear all had to be rebooted after the strike, as they weren't passing traffic. One of the switches I had to reboot twice before it finally started working properly. All in all really weird shit I haven't seen in storms up to now. All of the equipment was behind UPS' too, although I suspect the surge that took out the AT&T RG probably came through the phone line which is unprotected.
re #167 Zoinks. Must have been right in your backyard
resp:168: Indeed. Annoying how much equipment I've lost this summer! I'm still upset at having the UPS taken out a couple months ago. :( I've now configured acme-client on grex and enabled/installed an SSL certificate from letsencrypt. Still need to automate this so that it renews automatically every 3 months, but at least it's now as simple as running acme-client to generate a new ssl certificate, and then restart nginx.
ssl certificates should now auto-renew as well, and restart nginx when it does...we'll see in December!
Yee hah! letsencrypt ...i have higher hopes than Thawte
Thanks for fixing up the ssl certs, Tony. That will help a lot.
Time on Grex is almost 2 hours off. It's not the TZ setting we use. For some reason the clock has wandered. Perhaps ntpd stopped running or never got restarted? Or maybe a reboot knocked the clock out of whack.
Grex is futuristic
Retro-futuristic
Interesting. Thanks for the report; I sync'ed it manually (doas rdate -n pool.ntp.org) and it's now sync'ed as a stratum 3 server. I've found that the NTP server in OpenBSD tends to drift occasionally, sometimes substantially; particularly on a virtualized machine.
Wouldn't surprise me if I needed to correct the time on the hypervisor. I'll have to take a look sometime.
User 'romania' is running psybnc for a while now.
In order to adjust the Grex time module, an OASIS avatar must defeat Acererak the Demi-Lich in a best-of-three match of Joust.
re #179 The copper key cannot be obtained without a vulcan mind meld with m-net
re #180 I did the vulcan mind meld with arbornet and it told me that the deep state often white-washes real crimes from cabal allies. https://www.newsweek.com/what-fbi-found-emails-anthony-weiner-laptop-5176 52
re #181 https://www.courthousenews.com/ex-newsweek-owners-arraigned-on-10m-fraud/
We have to trust the just judges will prevail against the injustices of the world.
Looks like my script to auto-renew ssl certs worked in that it did automatically renew (in November), but I had used a different filename than the one that was created when it was renewed, so when it bounced nginx it didn't pick up the new cert. I changed the nginx config to reference the correct file, so in Jan when it renews it should work as intended.
That's good news. Thanks for looking into this.
:)
Looks like my script is now working again. It renewed automatically about a month ago. Grex has been recently unavailable due to another bad modem. I had a power outage about 2 weeks ago, which I believe likely contributed to/caused this. Wednesday I called in to schedule a service tech and they attempted to update the firmware to resolve it. It worked for an hour or so after that, at which point the modem bricked. It came back online Friday evening but for some reason nginx wouldn't serve pages (or some other OS issue was blocking requests). I rebooted this morning and things seem fine now.
Thanks for getting Grex back on-line, Tony. I know it must take a lot of time and frustration.
Okay, so Grex was out of commission for several days last week. I'm told it was due to a power outage, which I can believe given all the storms and outages we've had in SE Michigan this year. Thanks to Tony for getting it all back up and running again!
resp:189 Yes, big thanks to Tony. Long live Grex!
One thing that is not currently working is our RT help desk web application. At least when I try to access it, it never loads the page and times out. So, something isn't quite right there yet. It seems the other parts of RT are working, such as assigning ticket numbers. Thus, while I still get help desk e-mails and can act on them (such as do password resets and validations), I can't respond except through a personal account. I'd rather not do that.
I was able to log in on the RT web application yesterday and do some clean up. So it appears to be working now.
Okay, you probably noticed that grex was not found for a few weeks. This is something going on with some hardware and Tony finally had the time to look into it. Thanks, Tony! Not sure what we could've done. Hardware sometimes causes issues, and like most of us, the time to look into might be enough to getting done it up immediately. We have been lucky that Tony has been able to give Grex a home for years. So please thank Tony for looking into it! Welcome back, Grex! (I had 87 emails when I logged in, so it must have been doing something part of the time, we just couldn't access it).
Thank you, Tony! Glad to have Grex back! And also thanks to Tony for all the unsung work he has done for years keeping Grex running. Does Grex collect enough donations that running the server is at least not a financial burden?
The grex hardware was virtualized several years back when it failed the last time, so it now runs on a VMware server with many other machines I use for work. So it's really not a financial burden on me, as I'd have the hardware either way. Having it virtualized, though, does present somewhat of a challenge as hosting it elsewhere would involve some complexities. We've discussed a bit about finding a hosted solution, but bsd (any dirivitive, but openbsd I've never seen) is a very uncommon supported virtualization OS.
I have mostly CentOS VMs. Good job, Tony
resp:195 Thanks for explaining Grex's current configuration, Tony.
#196 How do you like using yum and RPM vs apt-get? I have been using Ubuntu for 15 years? I am curious about jumping ship for something new.
re #198 It's all the same, imo. I am nostalgic about yum, tho
resp:195 There are hosting providers out there. For instance, I'm running some OpenBSD VMs on both Vultr and Digital Island. But hopefully we'll ditch OpenBSD when moving Grex into the cloud. The issue is just time and, frankly, money.
Why does alpine 2.21 give an error "can't open folder /var/mail/lar : no such folder BUT alpine 2.21 opens my mail fine when accessed from the menu shell?
resp:201 Probably because you didn't set the $MAIL environment variable to $HOME/Mailbox ?
mutt vs alpine discuss
resp:203 On principle, I prefer mutt because it is structurally simpler and more straight-forward. alpine's menus and on-screen help are a distraction and waste of space. However, for some reason I have ended up using alpine on Grex.
re#202 Hi cross, What is the syntax for that? I was running the C shell (tcsh) and tried using the "setenv" command. I have switched shells over to what you are using now (bash) How would I do it in that?
..not that we even have an outgoing smtp server that I can see.
re #204 Agreed about mutt
I've used mh, nmh, pine, alpine, and now mutt. Mutt isn't hard to learn and seems to work okay for me so I've stuck with it.
I like alpine and use in almost everywhere. The menus aren't a distraction, I operate efficiently via muscle memory. IMO it's easier to navigate through my many folders dedicated to various email lists, and setting up new filters is easy using the setup menu. I've used mutt in the past, it's ok, and I like the vim-like key bindings. MM on TOPS-20 is nice too.
MM is like a fine wine and requires a VT52 for full appreciation.
resp:205 `export MAIL=$HOME/Mailbox`
re#211 thanks! How can I validate my account?
#200, cross, what would Grex use instead of OpenBSD?
Re 212: I think you might mean "verify" your account. Your account is already validated. To verify an account on Grex, you need to provide acceptable identification. This can, for example, be a copy of a state-issued valid ID like a driver's license or by using a validated PayPal account to purchase a minimal membership (e.g. $1). Validated PayPal accounts are determined by PayPal. As you might expect that generally means they know your real identity and there is a bank account or credit card connected with the PayPal account. Since verified users have more access to the internet, verification allows Grex to identify people who cause problems, if an agency, like the FBI, come calling (and believe me they have contactd grex before about particular users).
resp:213 Probably FreeBSD.
I noted today that one of my computers wouldn't connect to grex via ssh while another would. They are different versions of FreeBSD (11.4 worked, 12.1 didn't). Same setups of ssh_config. Anyway changing the MTU for 12.1 fixed it, which is a bit weird. I had to edit /etc/dhclient.conf and supersede the interface-mtu setting that normally is set to 1500 by DHCP and setting it to 1400 helped. Probably this is due to the ciphers that get picked in the ssh connection. Each computer picks a different one (using the same setup). So more investigations to do. I had noted someone else had seen something similar in the past couple weeks.
resp:216 I've posted more details on the trouble here: item:garage:60
Thanks, papa.
My guess is that it might have to do with the method now used for accessing Grex. I recently canceled my AT&T service, which allowed me to have static IP's at home. With that now gone, I've established a VPN between my servers in Azure and home, and am routing grex (and m-net) via static IP's I've got in Azure and home over that VPN tunnel. Exactly why this is working without incident for some ssh clients and not others I'm unsure, but that is the change that was made in the past week when this started.
re #219 This is excellent - curious how that is setup. I have a nat behind a nat at my office and want the pi there available for sshd from home and elsewhere. Not sure how to go about it.
resp:220: What I did was created a vm at home to route the tunnel, and established a strongswan tunnel between the two sites. I then created an iptables rule to create a route to my network via the tunnel: -A POSTROUTING -s 10.0.0.0/24 -d 192.168.0.0/20 -j MASQUERADE and the opposite on the other end of the tunnel: -A POSTROUTING -s 192.168.0.0/20 -d 10.0.0.0/24 -j MASQUERADE For the Azure side, I also route the additional bound IP's over the tunnel back home via: -A PREROUTING -d 10.0.0.9/32 -j DNAT --to-destination 192.168.0.110 -A POSTROUTING -d 192.168.0.110/32 -j SNAT --to-source 10.0.0.9 strongswan starts on boot, and I've put the iptables rules in the appropriate file for the OS (ubuntu/centos), so everything comes up on boot and strongswan monitors the tunnel so it automatically restarts should it drop. It ended up working out quite well, and it was much easier to get it running than I'd expected.
re #221 Very tidy, indeed. Thanks for the rundown!
The machine grex is running on had more disk space added yesterday. That took it offline and made it appear the SSH security info had changed. It's back up now and everything should be back the way it was before the changes. Thanks go to Tony for keeping grex going.
You have several choices: