Time Waits for No One

It is true: Time waits for no one.

Synology DSs211j

Synology DS211j

My old Synology DS211j that I bought back in 2011 finally showed that it is in its not-so-golden years. With every firmware upgrade the DS211j was becoming slower and slower. File shares were taking minutes to populate, DNS was slow responding – or not at all, logins to the web page were slow – or did not complete. Even ssh connections would time out. The old Marvell Kirkwood 88F6281 at 1.2 GHz. It only has 128 MB of RAM. That is not a lot of horsepower to run the latest Synology DSM 6.1 firmware. In fact, I seem to recall that at 6.0 (or one of the subminor versions) there was a warning that it might cause slowness. Well, there is slowness and then there is s l o w n e s s.

Something had to be done. Both my loving wife and son were not so understanding when they could not connect to Netflix or Youtube (DNS lookups were timing out) and my wife was justifiably concerned when she could not access almost 7 years of digital photos. Quickly (well, not so quick – it took forever) backups to external USB hard disks and to a FreeNAS VM I had set up on my ESXi server were executed.

I have a QNAP NAS that I use for streaming digital media – it seems to do that better than the DS211j, but that might be a result of being a few years younger – but QNAP does not have all of the packages that Synology has; namely: BIND (DNS), etc. Some may suggest looking at other vendors but, in my opinion, Synology’s DSM is one of the best for SOHO (or geek-minded) solutions.

But which Synology model?

Remember, this was basically an “emergency” purchase so it was not like funds had been squirrelled away. I also needed new disks as the 1 TB are somewhat small) even though the “big” stuff like movies and music are on the QNAP) and a few years old. So this was not only the replacement of the NAS but the storage as well.

Synology DS216+II

Synology DS216+II

After doing a few days of reviews and looking at prices the DS216+II was my choice with two new WD Red 2TB drives. Some will ask why not 3 or 4 TB drives but remember: this was not a planned purchase so the budget was tight.

The 216+II has much more horsepower. It has an Intel Celeron N3060 64-bit dual-core at 1.6 GHz with burst up to 2.48 GHz. It as 1 GB of RAM. The RAM is technically non-upgradeable but there are sites that document the process of how to upgrade the RAM to 4 GB. It is not that the RAM is soldered to the motherboard, it is standard laptop RAM, but it is buried under everything so that entails a more-or-less full disassembly of the NAS. NOTE: This will void your warranty!

I can also use an external drive array such as the DX513 using the eSATA port to increase space if I need it. Some would say that the DS716+II would be a better option as it would let me span the RAID array across the external enclosure (more RAM, faster CPU, too). But, in thinking about it, this is an eSATA connection and I would not want to trust that to spanning the array. Lose the connection and bad things can happen.

Okay, that was decided. Orders placed. Now, how to migrate the data?

Google is not always your friend; the search results kept returning how to migrate for DSM 5.x. DSM 6.x is the current version. After some searches on Synology’s site I found the information. (It is here if anyone is looking: How to migrate between Synology NAS (DSM 6.0 and later)). The interesting thing is that it allows you to migrate architectures by swapping the drives to the new NAS – ARM-to-x64. However, after thinking about it that is not the way I decided to go.

Why?

  • The DS211j has had firmware updates for the last six years; what “junk” was lying around is a big question
  • I have modified the configuration files over the past six years so there could be some “strange” things happening during the migration
  • I had new disks – so why would I want to migrate then upgrade the volumes?
  • I wanted to use the new Btrfs file system and I could not apparently do that with a migration
  • I wanted to have the DS211j available in case something went wrong (despite backups to USB hard drives and the FreeNAS storage – which was (is still) taking up VMware VM space

How?

I had a couple of options:

  • File copy – this likely would have been not only slow but there is not enough checking of file integrity that I was willing to chance
  • Backup and restore – Synology’s HyperBackup is a pretty good product and, obviously, is able backup between Synology NASes. Plus, it adds checksums.

Backup and restore it was. It took over 30 hours for the backup (from the DS211j to the DS216+II). This is likely because of the older hardware encryption chip on the DS211j and that it just could not pump the data quickly enough through the gigabit Enternet port. Restore, on the other hand, took all of 50 minutes.

Once that was done I re-created the shares and permissions, shutdown the DS211j, changed the server name and IP on the DS216+II to the old DS211j’s, and restarted…

And everything seems to work! And it is fast. The best example I can give (for us “old folks”) is the performance increase we saw when moving from a Pentium 166 to a Pentium II 350. Simply amazing!

The next steps are to let the DS211j sit on the shelf for a couple of weeks to make sure that nothing is missed, set up the backups again, etc.

What to do with the DS211j? I am not sure a this point. I am considering flattening the drives and do a fresh install of DSM 6.1 and only have the DNS server running on it. (Why an internal DNS not to mention two? Well, once you start counting up the number of network devices – I have over 40 devices – that is what DNS (and DHCP) are for!)

 

Posted in Uncategorized | Leave a comment

Oh, its the 24th of May….

And I’m glad that I’m indoors for the day…

Not the first 24th of May Weekend with snow but that still doesn’t sugar coat it…

When the snow first started to stay…

Snow Starting on May 20, 8:35 PM

Snow Starting on May 20, 8:35 PM

 

And we woke up to this:

Snow on May 21st at 9:45 AM

Snow on May 21st at 9:45 AM

Posted in Uncategorized | Leave a comment

Let’s Encrypt – Doing Dumb Things…

Problem:

I moved servers – copying the Apache configuration and /etc/letsencrypt to the new server. Everything went well but now when I have to renew I cannot. I get all types of errors. (Yes, I KNOW that I did a really dumb thing forgetting to copy my backups as well :cry:)

Solution:

Here is what I had to do – much of it is similar to getting the “starter” Apache 2 SSL set up

  • You need to create the self-signed certificates first (e.g. “sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt”)
  • Once that is done, you need to create the SSL vhost files (assuming you are using virtual hosts – I am) using the self-signed certificates. You can (I did, at least) use the same self-signed certificate for each vhost. The important thing to note here is that letsencrypt must have apache running ssl already. It will not work if apache is not up and/or there are no ssl sites. (This drove me mad for a couple of hours!)
  • Once this is done you can back up your /etc/letsencrypt directory (you could probably blow it away but you are probably paranoid now :slight_smile: )
  • Restart apache (e.g., apache2ctl restart – by this time I will terminate with extreme prejustice :imp: )
  • Check to see if your sites are up and running. Your web browser probably will give you an insecure warning. That is okay – we will be putting real certificates in place; you just need to ensure that apache is working with ssl.
  • Run letsencrypt –apache ya-da, ya-da, ya-da
  • You might have to restart apache manually after it finishes but that’s okay

Now, don’t forget to:
1. Back up you letsencrypt directory (I am really paranoid now :confounded:)
2. Back up your apache config files (Yes, I am really paranoid now)

One more thing:

  • Make sure that the renewals are working (e.g., letsencrypt renew)
  • Put that in your cron jobs so that it renews each month

 

Posted in Uncategorized | Leave a comment

Short Post – Thoughtful Tattoo

I was at a local takeout restaurant and one of the servers had a tattoo that read:

You are not your mistakes

Likely, the owner of the tat has some stories that could be told and may have had some unpleasant, even life-changing, experiences.

That said, it is a good reminder for everyone! Everyone stubs their toes every now and then. Not only yourself but others too. So, keep that in mind for yourself and others…

Posted in Uncategorized | Leave a comment

Merry Christmas and and Happy, Safe and Prosperous New Year!

Thinking about this past year over the holiday season there seems to have been far too many tragic events that go against the “Peace and goodwill towards men” that Christmas season is supposed to take on. That being said, remembering as a kid seeing the announcements on television that NORAD was tracking Santa and he was soon to be arriving was a wonderful thing. Time to get in bed before Jolly Old Saint Nick showed up!

In thinking about all of this it reminds me that even at the height of bad times good still rises above it all – NORAD was tracking Santa and making sure that everything would be okay. Most (likely all) of us are far too young to remember the early days of the Cold War; however, many
of us do remember the U.S. bases in Newfoundland and Labrador. Even in the most stressful of time the good rises to the top. So, here is the story…

On Dec. 24, 1955, a call was made to the Continental Air Defense Command (CONAD) Operations Center in Colorado Springs, Colo. However, this call was not from the president or a general. It was from a young child in Colorado Springs who was following the directions in an advertisement printed in the local paper – the youngster wanted to know the whereabouts of Santa Claus.

The ad said “Hey, Kiddies! Call me direct and be sure and dial the correct number.” However, the number was printed incorrectly in the advertisement and rang into the CONAD operations center.

On duty that night was Colonel Harry Shoup, who has come to be known as the “Santa Colonel.” Colonel Shoup received numerous calls that night and rather than hanging up, he had his operators find the location of Santa Claus and reported it to every child who phoned in that night.

Thus began a tradition carried on by the North American Aerospace Defense Command (NORAD) when it was formed in 1958. Today, through satellite systems, high-powered radars and jet fighters, NORAD tracks Santa Claus as he makes his Yuletide journey around the world.

Every year on December 24, fifteen hundred volunteers staff telephones and computers to answer calls and e-mails from children (and adults) from around the world. Live updates are provided through the NORAD Tracks Santa Web site (in seven languages), over telephone lines, and by e-mail to keep curious children and their families informed about Santa’s whereabouts and if it’s time to get to bed.

Each year, the NORAD Tracks Santa Web Site receives nearly nine million unique visitors from more than 200 countries and territories around the world. Volunteers receive more than 140,000 calls to the NORAD Tracks Santa hotline from children around the globe.

This year, children and the young-at-heart are able to track Santa through Facebook, Twitter and YouTube.  To follow us on any of these Web sites, type in @noradsanta into the search engine and start tracking.

NORAD Tracks Santa has become a magical and global phenomenon, delighting generations of families everywhere.

For more information about NORAD Tracks Santa, please visit www.noradsanta.org

So those of us who have young kids who still have the wonder of Santa Claus (and the older of us who still do!) we can still follow the Jolly Old Elf as he makes his trek around the world. (And, maybe, just maybe, get the kids in bed early!)

Posted in Uncategorized | Leave a comment

Getting Ready for a New Year…

Yeah, yeah, yeah… I’ve posted more this month in, like, for’ever… It’s like tubular, dude…

Yes, channeling my inner 80’… Did I ever talk about how 1984 seems to have the best albums ever:

  • Iron Maiden – Powerslave (not quite as good as Piece of Mind though) for Aces High and 2 Minutes to Midnight (Cold War teen)
  • Judas Priest – Defenders of the Faith for Some Heads are Gonna Roll
  • Dio – The Last in Line for The Last in Line
  • Ratt – Out of the Cellar for Wanted Man and Round and Round
  • Mercyful Fate – Don’t Break the Oath; well, this is because I still remember one of my good buddies, Dwayne (“Spike”), trying his hand at poetry and ending up with “Me mother likes Mercyful Fate, After me quarter ounce she did ate”
  • Dokken – Tooth and Nail for Into the Fire
  • Scorpions- Love at First Sting for Rock you Like a Hurricane and Still Loving You
  • Helix – Walkin’ the Razor’s Edge for Rock You and Gimme Gimme Good Lovin’ – And one of my buddies older brother’s off-the-air recording that included the Q104 (Halifix, Canada – I think) readout to the beat of “Give me a Q, Give me a 1…” like the actual beginning of the song “Give me a R…”
  • Van Halen – 1984 for Panama (I liked that cut the best), Panama and Hot for Teacher (although for a 16-year-old this video was better than Panama)
  • Bruce Springsteen – Born in the U.S.A. for the entire album. Kinda cool how far that unknown girl went from the Dancing in the Dark video. Personally my melancoly-side liked Downbound Train and My Hometown.
  • U2 – The Unforgettable Fire – Pride (In the Name of Love) really hooked me
  • Prince – Purple Rain for When Doves Cry (my favorite), Let’s Go Crazy, Darling Nikki (funny as hell) – damn, pretty well all the cuts
  • Don Henley – Building the Perfect Beast for The Boys of Summer (I could see the scene in my mind’s eye) and All She Wants to Do Is Dance (can you say Iran-Contra fellow Cold War teeens?)
  • The Cars – Heartbeat City for Hello Again, You Might Think (what the frack was it with that freaking fly?)
  • Alphaville – Forever Young (gotta put that one in – Hi skool grad song)
  • The Icicle Works – The Icicle Works for Birds Fly (Whisper to a Scream)
  • Nena – 99 Luftballoons (gotta be a Cold War teen to understand it…) (Years later thanks to this Internet thing I checked out the actual German words. Same sentiment but I think that the German is a better expression. Unfortunately I don’t think that you could get it to rhyme correctly in English.) (No, she is not dead… Damn, there should be some QA/QC for it. Don’t you think so Facebook?)

Anyway, I digress – again. I do say I wonder about this and that. Maybe it should be wander about this and that.

My old web server was getting a little long in the tooth. Not from a horsepower perspective but from supportability. My previous post on the Let’s Encrypt TLS web server encryption smacked me in the head with warning that with CentOS 6.8 (Final) Python was no longer supported. Likely (from Red Hat experience) CentOS would have kept Python 2.6 patched (at least I think it was 2.6, I blew away the VM) would have meant going outside the normal repositories. Also PHP was getting a little dated and, frankly, the Apache config files were a freakin’ mess after being migrated from different servers and versions of CentOS four-or-five times (think: PHP upgrades, Apache upgrades).

So, what to do…

Plan an migration to a new, mainstream supported server keeping in mind:

  1. Let’s Encrypt certificates needed to be moved
  2. Apache config files had to be rewritten to be current (and keep the Let’s Encrypt certificates)
  3. WordPress Blog (this thing) had not only to be moved but the MySQL database upgraded
  4. General crap such as securing the OS, PKI keys and the like
  5. Oh year, make sure that wx.pelleys.com kept working (which has about 10 times the Twitter followers than yours truly does :-()

Anyway, it took about 10 days in calendar time. Effort time? About 10-12 hours. Biggest hangup: Moving WordPress and upgrading. Thing not to worry much about: Move the Let’s Encrypt certificates (which will be much easier of you have clean Apache config files).

Why WordPress being a pain in the arse? Part if it seems to be from WordPress 4.7 and the security lockdown.

Issues:

  • Plugins want to be ftp uploaded. Who the frack uses ftp? Need to change the config files to allow upload.
    • Need to add to
      • wp-config.conf
      • "define('FS_METHOD','direct');"
    • See http://www.hongkiat.com/blog/update-wordpress-without-ftp/
  • Directory permissions did not want to allow uploads (grumble, grumble, pain-in-the-arse)

Good thinminiOrange Logog: Added two factor authentication miniOrange two-factor to WordPress with Google Authenticator.

Colo-Serve Communications

Colo-Serve Communications

I have to give my VPS hoster, Colo-Serv Communications in Montreal a two tumbs up for helping my migration. Not only are these folks very cost effective but the support is number one. For example: in this exercise I decided to ask if I could have two VPSes running (the current and the new one) as I migrated. I was thinking two-or-three days before I got a yes-or-no and then another couple of days as the new VPS was stood up.

Nope, about 30 minutes after my request I got my answer: no problem.

About 5 minutes after that: your VPS is provisioned, here is your access information. Fill your boots.

That, folks, is what I call good customer service. Credit where credit is due!

Posted in Uncategorized | Leave a comment

Moving Pelleys.com to TLS Connections

Well, I have most of the Pelleys.com web sites migrated to TLS certificates. (I want to say SSL but “SSL” is obsolete.) I have actually wanted to do this for some time but I did not want to pay for the privilege. However, on October 8, 2016, Google announced on the Google Security Blog that “(b)eginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure” and that “(e)ventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.” So, I decided to get my arse into gear and do something about it.

Let's Encrypt Logo

A quick web search led me to Let’s Encrypt which is a “free, automated, and open” certificate authority.  The list of current sponsors for Let’s Encrypt is quite impressive including Mozilla, Akamai, Cisco, Chrome and (of course) the EFF. The documentation is pretty good but, as Let’s Encrypt notes, this is beta so…

The biggest problem I had is likely related to the fact that www.pelleys.com, blog.pelleys.com and wx.pelleys.com have been migrated one to many times between various versions of CentOS and Apache and my config files are, to be charitable, a mess. After some messing around I determined that when using VirtualHost what seems to work for me was for each individual VirtualHost I had to use:

<path>/certbot-auto -d full_fqdn_virtualhost -d full_fqdn_virtualhost

Maybe (likely?) I missed that in the many examples but if someone finds this useful – Great!

The only thing that I that Let’s Encrypt is lacking, from my perspective, is that:

  1. It is *nix-centric – not a big issues since I use Ubuntu and CentOS; and
  2. I have yet to determine how to put the Let’s Encrypt certificates on a firewall (e.g., for SSL-VPN connections). This may be likely, in my opinion, that those using SSL-VPN connections are businesses not home geeks like me 🙂 I will keep digging. If I find out something I will post it.

The other bit is that if you are using WordPress – you likely noted that I do since you are reading this post 🙂 – that once you upgrade the at the web server level (e.g., Apache) the site will still be “broken” since the inpage links to graphics, etc., are listed as HTTP instead of HTTPS. To fix this install the Really Simple SSL plugin for WordPress and follow the instructions.

Posted in Uncategorized | Leave a comment

ESA Rosetta Mission Ends

The ESA’s (European Space Agency) Rosetta mission to comet 67P/Churyumov–Gerasimenko was completed today.

From the ESA:

Confirmation of the end of the mission arrived at ESA’s control centre in Darmstadt, Germany at 11:19 GMT (13:19 CEST) with the loss of Rosetta’s signal upon impact.

Rosetta carried out its final manoeuvre last night at 20:50 GMT (22:50 CEST), setting it on a collision course with the comet from an altitude of about 19 km. Rosetta had targeted a region on the small lobe of Comet 67P/Churyumov–Gerasimenko, close to a region of active pits in the Ma’at region.

More information can be found here: http://www.esa.int/Our_Activities/Space_Science/Rosetta/Mission_complete_Rosetta_s_journey_ends_in_daring_descent_to_comet

I liked the Twitter picture: (https://goo.gl/Z8wwYX)

ctmzyi7wiaeynvh

Posted in Uncategorized | Leave a comment

So, what happened since January?

I noted in my first post that (a) I was not a diarist and (b) posts would be irregular. Now, even I will be first to admit that eight months (more or less) between posts is a little more than irregular.

I do have some excuses, though…

  1. Arma3_ApexOne of our team at work, let’s call him Sgt. Hurtz to protect the guilty, kept telling me about a game called ArmA 3. I eventually gave in and bought the game. Of course, after a very short introduction Hurtz buggered off to play a different game. And, of course, I was hooked. Usually play lone wolf and focus on AI missions. I get killed by other players much more that I kill them but its just a game. Since the Apex expansion came out I started playing, from scratch, the Tanoa map. I play the Exile mod on the Exile Yorkshire servers out of, obviously, Yorkshire in the U.K. The most important thing about an online server is the admins and, while nowhere experienced in online gaming, the Exile Yorkshire admins are always top notch. The have a nice Facebook page you can join where they listen to suggestions, deal with hackers/cheats, etc. And this game is far too good at allowing your to waste your time.
  2. DL360G7_frontI have written about how I used VMware ESXi in past posts. Since the latest version of ESXi came out (6.0.0) my old server, an HP ML310 G5, is not supported because of the built-in RAID controller. This was annoying but not such a bad thing as I was limited by the amount of RAM (8GB total and my work experience has shown that VMware wants RAM not CPU) and, frankly, the CPU was getting a little long in the tooth. It was time for an upgrade. I like HP servers so I wanted another Proliant. I looked on eBay and for a great price I saw an HP DL360 G7 with a 6 core Xeon at 2.93GHz, 3 x 300GB SAS drives and 72 GB of RAM. It also has four built in GigE ports. For under CDN$1,000. Perfect. I also decided to move storage to one of my NASes, the QNAP, via NFS. The only potential problem is that the QNAP NAS only has one GigE network port but so far no problems. I also moved to boot from USB thumb drive. Network-based storage also makes it easy to move from one VMware host to another :-).
  3. $_103Just before I went on vacation my old video IP server (Aviosys 9100A Plus Video Server) died. It was over four years old and only cost about $35 so no big deal. I found another good deal on eBay for a used Axis 2401+ professional grade video IP server. It was good deal (except for th2401_fronte fact that shipping from the US was more than just the price of the server). Since I had to mess with the code to get it working I saw no harm in working on something that I had been thinking about for some time: Take the 5-minute weather camera snapshots located on my weather page and compile them into a 24-hour time lapse video. The previously day’s video is located on extweb.pelleys.com. It isn’t posted on as a link but at http://extweb.pelleys.com/webcamtimelapse/ there is an index of the previous days’ videos. There is a problem with the time stamps so I haven’t put up the link. (Playing too much ArmA…)
  4. My son decided that he wanted to start taking notes at school on a laptop. Since they no longer teach how to write – how to print does not seem to be much better – typing his notes might be a great idea. (NOTE: I am not directing this at teachers. I do quesSurfacePro4-DarkBlueKeyboardtion those who are setting up the school curriculum and I am not the first one to question it. See questions on math…) So, off to Best Buy and Staples we went since the back-to-school sales were on. Microsoft had $300 off on the Surface Pro 4. (No more plain Surface – it seems the Pro has replaced the plain surface and the Surface Book is the new “pro”.) Since we demo’ed the Surface Pro 4 at work and I had one for almost a month I thought that it would be a great deal. The Surface Pro 4 is the tablet that I would like to have at work when the time comes. I use OneNote for all my meeting notes, etc. and the Pro 4 is a great combination. Light, removable keyboard, great stylus (my HP Revolve 810 G1’s styles defies description it is that bad…).
Posted in Uncategorized | Leave a comment

'Nuf Said…

Never Underestimage an Old Man

Posted in Uncategorized | Leave a comment