The server maintenance of Triton (SSH) is done for now. If you want updates about when we’ll have update (and when it’s done) make sure to follow Blinkenshell on Twitter and hang around in the IRC-channel.
As you might have guessed this is in response to the Meltdown and Spectre attacks. I was not able to successfully run any Meltdown attacks on Triton before the patch because of some other hardening, but I’m sure it was theoretically vulnerable anyway so we definitely needed to patch.
Patching was delayed a bit because I also needed to rip out the old hardening/RBAC system based on Grsecurity and replace it with SElinux. Grsecurity has decided to not provide any free versions of their software and only provide updates to their paying enterprise customers. They’ve previously talked about still providing an option for non-commercial, use but they failed to get anything out even though it’s almost a year since they announced this. It doesn’t even seem like they will provide the community with patches for the very serious bugs Meltdown and Spectre, and they also removed all the old software archives. Basically they have abandoned their old community users which is a pity, but fortunately there are other alternatives out there. These mailing list messages might shed some light on the “conflict”.
Some of the kernel-hardening work has been included in mainline, and more will hopefully come via some kernel hardening projects. As for the RBAC Blinkenshell will move to SElinux which is also included in mainline Linux and fully supported. This might result in a lot of weird problems and errors in the beginning, but we’re starting out pretty light on the policy. Please report any issues to independence.
I also want to say this is probably not the last patch for Meltdown/Spectre, and we will probably have to patch again in the not too distant future so expect more downtimes coming up. In the meantime enjoy updated versions of irssi (1.0.6), weechat (2.0.1) and a lot of other updates!
I’ve evaluated the changes to the vouching system in the signup system that was made a few months back and I’m mostly happy with the changes, but as you might have guessed from the title there are a few things that I felt had to change. It seems like it’s gotten a bit too hard to pass the vouching step since we started requiring three vouches, therefore I’m going to change it back to two vouches to pass the step. I still want the community to be able to grow with new members. It should be hard to get an account, but not too hard 🙂
I’ve also changed negative vouches so they give -1 point instead of -2. Some people get very discouraged by a negative vouch, and it required a lot to get past a -2 vouch. Also it seems fair that each vouch is worth the same, negative or positive.
Lastly, you can no longer vouch users directly from IRC. You have to make an effort and log in to the signup program and actually give a short comment/reason for your vouch. This is to make sure that you actually considered the vouched before giving it.
I hope you think the changes are good, feedback is always welcome! Comment on the blog, send an email or discuss on IRC (main chat or pm is fine)
Okay, it’s finally time to have a vote on the best shirt motif design. There was only two valid submissions emailed to me, so I’ve included the original design that I made as well. Go and check out the designs!
When you have made up your mind go and vote for your favorite design (Google account required, if you don’t have a Google account E-mail me your vote).
The winning design will be put up at the Blinkenshell T-shirt Shop at Spreadshirt: http://blinkenshell.spreadshirt.net/
Someone asked me if it’s possible to buy a Blinkenshell T-shirt earlier today, this has not been available earlier but I think it’s a great idea. I’m not the best with graphical design however so I might need some help with creating a nice motif for the shirts (a cool tagline would also be nice!). If you have an idea and know your way around vector graphics please give it a try!
The graphic has to be in vector format (preferrably SVG), and there are some limitations on how small the lines etc can be: Spreadshirt Vector Graphics Recommendations
If you want you can use the Blinkenshell logotype (modified to have thicker lines) in the graphics
Email me your submissions before the 10th of August (23.59 CET) and then we will let the community vote on the best design. I’ll buy one T-shirt and send it to the winner for free! 🙂
The Blinkenshell merch shop will look something like this (you can see what T-shirt models, colors and sizes are available in the shop now or on Spreadshirt.com)
Update1: The contest deadline has been pushed forward to the 25th of August
There has been some discussions on IRC on how to change the vouching system to make it more fair and to minimize abuse. I’ve implemented some initial changes to take care of the most immediate problems that I see, but we might need to make more changes in the near future. Please join the discussion on IRC if you have any input regarding this 🙂
Changes as of 2014-06-27:
- No more “IRL-vouch” (+2 point vouch)
- You will need three vouches instead of two to pass step 4. Since the community has grown and there are more people who can vouch, and it’s easier to get vouched than before. This change makes it a bit harder to pass step 4 again.
- You will not receive vouch tokens if you don’t have a score of at least +2 vouch points yourself. This means that old-timers and people who pays to get past step 4 will not be able to vouch others until they get +2 points themselves.
- You can easily change your vouch from negative to positive or the other way around in the signup program.
I’m also planning a place where you can easily see who vouched for whom, possibly via the signup list webpage.
Thanks to everyone for bringing this to my attention and suggesting changes!
It’s time for Blinkenshells second Top vouchers giveaway where where the three users who has vouched most new members since the last giveaway are awarded with some extras for their Blinkenshell account. Vouching is very important too keeping the community alive. I want to show my appreciation to the people who spend some time on getting to know the new users. The rewards are the same as last time, you can choose one of the following:
The winners are:
- lmca (tidalwaters)
Thank you and everyone else who vouches newcomers! The winners can contact me via IRC or email to receive their award.
The maintenance went very well I think, but it did take a long time. Triton was back online at around 23.00 on Friday, and Web and Mailservices was not online until Saturday. I’ve been at the computer all waking hours for the last two days, not stepping outside my appartment until today (apparently it started snowing some time during the weekend, who knew…), but it has been a lot of fun! It’s been a long time since sat down to do some serious work on Blinkenshell, it’s mostly been the day-to-day stuff since last spring basically (200 days uptime). I think I’ve missed getting my hands dirty with the details of the Linux kernel configuration options and such 🙂
So, what has actually changed then? I guess most of the stuff is not very visible to the end user. Some programs on Triton are running new versions, there is a new kernel witch has the new reworked OOM-killer which might affect how/which programs gets killed when you run out of memory, but most of the things are behind-the-scene things. I’ve upgraded the hypervisor, the fileserver, I’ve replaced 4 harddrives and a CPU fan. I’ve installed a UPS and changed some logging and monitoring stuff. I’ve upgraded the web and mail servers, including anti-spam settings and some security things. One of the changes I’m personally most excited about is the new server-side mail filtering options via Sieve. You can for example automatically move spam messages to the Junk folder serverside or filter senders to specific folders etc. Previously I’ve had to do this in my Email client, and that is not very neat if you run a lot of different clients (Alpine/textmode, Webmail, standalone client, smartphone etc).
I’ve also cleared out a few bugs, but there’s probably a few new bugs in there somewhere as well. I’ve also updated some wiki pages, and I’ve created Bitcoin wallet if you want to donate something 😉
Yesterday there was some unexpected downtime on Triton during the afternoon, this was because someone actually hijacked the IP-space that Triton and a lot of other servers use. Someone on AS62196 started announcing a /21 prefix containing Tritons public IP, which caused all the traffic to get routed towards Iran. This also happened to Youtube a few years back, but I didn’t think it was anything common to occur. It was sorted in a few hours though 🙂
Okay, I think that’s all for now (well, maybe we’re going to upgrade the IRCd soon also). Thanks for using Blinkenshell, see you on IRC!
I’m planning on taking the system down for maintenance, Triton has an uptime of almost 200 days and it’s time for a new kernel as well as some other updates. I will also take this opportunity to upgrade/replace some hard drives in the server.
I will take down Triton/SSH, web and mail services. Since it’s some hardware replacement and upgrade of Triton (compiling stuff on Gentoo) this will probably take almost a full day. I’m planning on starting at 10.00 CET on Friday January the 10th. I’m going to try and post some updates as I’m going along on the Blinkenshell twitter account if you’re interested in following the progress/see when the services are going to be back up again.
Please make a (mental) note about this so you won’t be surprised when you can’t log in on Friday or when your screen session has been killed when you get back 🙂
I wanted to show my appreciation for the awesome Blinkenshell members who take their time to get to know newcomers and vouch for them so they so we can grow our great community, and therefore I’m arranging this little giveaway. I’ve looked up the three members who vouched the most new users during the last 6 months (I’ll exclude anyone who vouched for a users who got banned, thankfully none of the top three vouched for someone who got banned this time!)
The three most active vouchers are:
Thank you! You can contact me (via IRC or email) to get one of the following bonuses:
I want to make this a recurring thing so there will most likely be a similar announcement during the fall. 🙂
If you’ve been having problems compiling programs on Triton you’ll be glad to know that there is now a new server where you can compile things with more relaxed resource/memory limits. The idea is that you can use much more memory than on Triton, but only for a short while. The server does not allow any outgoing network connections, and you can’t have any long-running or background processes. There are also more debugging tools installed, like Valgrind.
Try it out by connecting via SSH from Triton: ssh buildserver
More info on the wiki: Info/Compiling