18-Oct-2017

Blog problems
A few days ago I noticed that neither blog was accessible: I got non-CGI-conformant reponses which caused WASD to signal an error. As it turned out, this was caused by different errors that occurred out-of-the-blue on the 6th of October:

%HTTPD-W-NOTICED, 06-OCT-2017 06:01:44, CGI:2215, not a strict CGI response
-NOTICED-I-SERVICE, http://www.grootersnet.nl:80
-NOTICED-I-CLIENT, 8.29.198.27
-NOTICED-I-URI, GET (19 bytes) /sysblog/?feed=atom
-NOTICED-I-SCRIPT, /sysblog/index.php sysblog:[000000]index.php (phpwasd:) SYSBLOG:[000000]index.php
-NOTICED-I-CGI, 2553595354454D2D462D53544B4F56462C20737461636B20 (66 bytes) %SYSTEM-F-STKOVF, stack overflow, PC=FFFFFFFF80C3B42C, PS=0000001B
-NOTICED-I-RXTX, err:0/0 raw:286/0 net:286/0

and occasionally

%HTTPD-W-NOTICED, 06-OCT-2017 13:04:30, CGI:2215, not a strict CGI response
-NOTICED-I-SERVICE, http://www.grootersnet.nl:80
-NOTICED-I-CLIENT, 164.132.161.58
-NOTICED-I-URI, GET (20 bytes) /sysblog/?m=20080721
-NOTICED-I-SCRIPT, /sysblog/index.php sysblog:[000000]index.php (phpwasd:) SYSBLOG:[000000]index.php
-NOTICED-I-CGI, 2553595354454D2D462D41434356494F2C20616363657373 (118 bytes) %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=000000003B706870, PC=FFFFFFFF80C3B42C, PS=0000001B
-NOTICED-I-RXTX, err:0/0 raw:188/0 net:188/0

It made no difference whether I restarted the server, of MySQL (since that causes time-outs in PHP 5.4 causing similar problems here).
Unaware of any change in the environment, I consulted Mark Daniel but even he couldn’t locate something…

However, tried again today with WATCH enabled, i DID get a response I could work with: accessing SYSBLOG not just gave me the output I was familiar with, but also a clue on what may have been the cause: WAS was able to capture the output of the PHP engine before it was overwritten (?) by the error (that also showed up) which is returned to the browser – causing the Server error (and hence, non-conformant response). And that lead to the memory blink: I renamed one of the files in the WordPress environment, assuming it was one of those blog-specific files. It isn’t….

So I revered that error – and the blogs are accessible again.

This is the WATCH result that suddenly showed the case: When accessing this blog, once the stack trace was found. The Trips, Tracks and Travels blog, accessed a few minutes later, shows just the result; without the warning – and this is what I normally would see when WATCHing this.

01-Oct-2017

Maintenance and required updates
Last night’s maintenance run had no surprises:

PMAS statistics for September
Total messages    :   4064 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :    374 =   9.2 o/o (Files: 30)
Accepted by PMAS  :   3690 =  90.7 o/o (Files: 30)
  Handled by explicit rule
         Rejected :   2873 =  77.8 o/o (processed),  70.6 o/o (all)
         Accepted :    160 =   4.3 o/o (processed),   3.9 o/o (all)
  Handled by content
        Discarded :    380 =  10.2 o/o (processed),   9.3 o/o (all)
     Quarantained :    262 =   7.1 o/o (processed),   6.4 o/o (all)
        Delivered :     15 =    .4 o/o (processed),    .3 o/o (all)

A peak on relay attempts was on 05-Sep-2017: 350 times from address 187.188.81.84, using sender “root@www.grootersnet.nl” trying to reach “tester@auteam.com.mx”, between 17:23:10.21 and 23:32:56.63. Except for one message, using sender address “root@82.161.236.244″ (does this one use DNS translation to get the domain name? Looks like it).
Anyway, this host is located in Mexico:

Hostname = fixed-187-188-81-84.totalplay.net
City = Naucalpan, Estado de Mexico MX
Latitude/Longitude = 19.4794,-99.2383
Postal Code = 53370

and WHOIS gave me:

Description:TOTAL PLAY TELECOMUNICACIONES SA DE CV
Netname:MX-TPTE-LACNIC
inetnum:187.188/15
status:allocated
aut-num:N/A
owner:TOTAL PLAY TELECOMUNICACIONES SA DE CV
ownerid:MX-TPTE-LACNIC
responsible:Alejandro Enrique Rodriguez Sanchez
address:PERIFERICO SUR, 4119, FUENTES DEL PEDREGAL
address:14140 – TLALPAN – CX
country:MX
phone:+52 xxxxxxxx []
owner-c:CIT12
tech-c:CIT12
abuse-c:CIT12
inetrev:187.188/15

just that period, no more.
The address is listed in a number of blacklists as spammer. No wonder if your relay is open…
But why try 350 times and in rather shorty bursts when every attempt does not succeed? Perhaps trying to cause mail service on a Linux server to fail. But PMAS has done a good job by refusing”grootersnet.nl” from outside my LAN.

No Sir:

  • “root”?
  • “grootersnet.nl” from outside ?
  • Not on this box.

    Licenses
    But before I could check the log, I had trouble logging in: username and password returned to the password prompt without message. The Powerterm session that is the actual Alpha console was not responsive – hadn’t been whole week. As it turned out, there was no physical connection: there is a pair of connectors in between and I probably stumbled into the cable and caused the to come loose, as well as the USB-based RS232-interface. Got that working again, and since I was logged in on this terminal, I could access the machine – and try a $ Telnet 0 session. That failed: License expired. This makes sense since the expiration date of this license-2017 set was 30-Sep-2017. I thought I had installed the licens-2018 set (that came with the Itanium licenses) but it turned out I didn’t load the 2018 set, which is valid up to March next year. However, the file was already present on Diana so running it solved that problem.

    A similar thing has happened on Daphne – the Personal Workstation – that I started up. The scripts didn’t exist there so I had to be somewhat creative:

  • Prepare FileZille to connect and copy the right file
  • $ Set time=yesterday
  • $ @license2017
  • $ @sys$startup:TCPIP$STARTUP
  • Connect to Daphne and copy the file using FileZilla
  • $ @license2018
  • $ reboot ! (since the box is in a cluster, that will set time correctly)
  • Now I can get on on that machine to set up NxtWare (Samba needs to be installed with the older version)

    WordPress update
    Before entering this post, I updated WordPress to the latest version (4.8.2) and Akismet (4.0), changed the blog logicals accordingly – also in the startup script that sets them on boot. No issues.

    17-Sep-2017

    Certificates
    The job checking whether certificates need to be renewed does it job: No issues on the secured sites, but still on the main one. Will have top ask, because otherwise the expected https-connection will not work properly… It is weird because it has worked before, but it may be related to changes in eiter WASD_ONFIG_AUTH or WASD_CONFIG_MAP – but these have been minimal. Or WASD_CONFIG_SERVICE ma have a bad spec? It seems Ok, though…

    CIFS
    Required for the new development environment using NXTWARE: The old PWS (Daphne) is set up to be the scapegoat for testing, and Java and GNV are now both installed – but the product requires Samba (CIFS) as well to access the files to handle. IO have versions 1.1 in my store, but the latest I know of to be available is version 1.2 – ECO1. To locate the download site proved a search for several hours, and once found, it leads to a location of which the browsers tell me it does not exist. Or is unreachable. asked at on forum at HPE but got no reply (yet).
    Asked on the OpenVMS SIG and got a reply within minutes: ftp://ftp.hp.com/pub/openvms/private/CIFS/. Use that URL in Chrome, because Edge won’t find it:

    Hmmm…can’t reach this page
    Try this

  • Make sure you’ve got the right web address: ftp://ftp.hp.com
  • Search for “ftp://ftp.hp.com” on Bing
  • Refresh the page
  • Details

    Error Code: INET_E_OBJECT_NOT_FOUND

    and using a tool like FileZille won’t find this CIFS folder on the site.

    Anyway, got the files now, for both Alpha and Itanium. so I’ll install then somewhere this week.

    14-Sep-2017

    Certificates expired
    This morning, when accessing the webmail site, I got a message before login that there was an issue with the certificate. Chrome at least showed me what: the certificate was expired”. Which is well possible since Mark Daniel had installed certificates half June, which is now 3 months ago.
    But the system should have taken care of that, since the tool he has created is installed and configured conform the documents supplied. So I looked at the log files and found two things:

  • It hasn’t been running before last reboot (Duh. No need since that certificate was fine)
  • Now it runs, it encounters an error on the main site and stops.
  • I’ve done a few things to find out what caused the problem, didn’t succeed. It wasn’t possible to create a mail using the web-application due to the certificate problems. Finally, I created new certificates as it were initialization, changed the configuration file referring the new certificates (which are now site-specific) and that solved the problem for the secures sites. However, checking the main site still gives a problem, so be sorted out.

    11-Sep-2017

    New development environment in the making
    Over a year ago, I had the opportunity to attend a workshop by ECube showing their Eclipse plugins so you can use a normal PC to do development om VMS. It requires some installation on the VMA side: Java, GNV, Samba and NxtWare server (their product).
    I chose my old PWS (now at 512 Mb memory) as a server – small, too small to run the NetBeans solution of HP (tried that several years ago: no success), but according Kevin Barnes of ECube, big enough to handle the load on Nxtware-remote; It would take some time to startup, but otherwise, it would be fine.

    Well, I tried at that time but I didn’t get Java to run at all.

    Yesterday, I found out why: Installation wasn’t complete. Well, installation was, but the environment needs to be started as well – and that part was missing.
    GNV was already installed (may need an update).

    Today I installed the client side: Java and Eclipse. The newest version (Oxygen) offers specific environments, getting a base setup however is put behind “Advanced” option. Guessing that’s what I need, I installed just the base version; and next the Nxtware plugins. These do not yet show up but it might be caused by a missing client license.

    Yet, I need some more software on the VMS side: CIFS (AKA Sambe). It may already be installed but not yet configured, I do have the installation files but I’m not sure of their version – I need to get the latest from the HPE side. Looking around there for quite a while, found the location but the links to download the .ZIPEXE files (self-extracting zip-files…) refer to ftp-HP.COM sites – no longer available.
    Pushed a question on the HP support forum to get an answer. Until I get that answer, I’m stuck..

    07-Sep-2017

    A bit later
    I examined the logfiles last Saturday but I’ve been too busy with other things that needed to be done at home, so the results of the maintenance job could only now be published.
    PMAS statistics for August
    Total messages    :   4346 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :    244 =   5.6 o/o (Files: 30)
    Accepted by PMAS  :   4102 =  94.3 o/o (Files: 31)
      Handled by explicit rule
             Rejected :   3234 =  78.8 o/o (processed),  74.4 o/o (all)
             Accepted :    205 =   4.9 o/o (processed),   4.7 o/o (all)
      Handled by content
            Discarded :    387 =   9.4 o/o (processed),   8.9 o/o (all)
         Quarantained :    262 =   6.3 o/o (processed),   6.0 o/o (all)
            Delivered :     14 =    .3 o/o (processed),    .3 o/o (all)

    Relay attempts were low as well: 178 on 09-Aug, 40 on 20-Aug, All the same: Address 23.254.215.227, using a fake addresss, to the same recepinet 1029mandaditos@gmail.com. The originating addrees’s WHOIS:

    Description: Hostwinds LLC
    Netname: futbolito Network
    %rwhois V-1.5: 003fff:00 rwhois.hostwinds.com (by Network Solutions, Inc. V-1.5.9.5)

    (There is more info but I don’t want to publish it here)

    located in the US (Tulsa), but according WHOIS some Mexican organisation (or user?) is involved as well.
    Of course, the abuse address has been notified.

    This morning, there has been a short network problem in the area so all traffic (Internet and everything that runs over the Internet (inclusing TV and phone) have been off for about an hour and a half. I noticed it because no access could be made at all, not even with the router. But after it was restored, I found out that the automated certificate-renewal doesn’t run. Ths should be fixed before the OpenVMS bootcamp (within a few weeks) – so there is another job to be done…

    05-Aug-2017

    Business as usual
    As might be expected, the monthly maintenance job showed nothing unusual:

    PMAS statistics for July
    Total messages    :   4159 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :    521 =  12.5 o/o (Files: 28)
    Accepted by PMAS  :   3638 =  87.4 o/o (Files: 31)
      Handled by explicit rule
             Rejected :   2848 =  78.2 o/o (processed),  68.4 o/o (all)
             Accepted :    225 =   6.1 o/o (processed),   5.4 o/o (all)
      Handled by content
            Discarded :    351 =   9.6 o/o (processed),   8.4 o/o (all)
         Quarantained :    201 =   5.5 o/o (processed),   4.8 o/o (all)
            Delivered :     13 =    .3 o/o (processed),    .3 o/o (all)

    relay attempts were concentrated on three days: 9th (162, between 05:45 and 06:02, from 23.254.215.195), 16th (162, between 09:05 and 09:22, from 23.254.215.20) and 29th (166, between 06:33 and 07:29, from 104.168.147.10); All used bogus senders using my domain, and recipient was the same on gmail.com. both networks (23.254.128.0/17 and 104.168.128.0/17 refer to hosting company hostwinds.com, based in the US. They have been notified.

    ok, that on maintenance.
    There is not news on mariaDB. Mark berrymann was not able to reproduce the problem but may have found something. As soon as he has a new version, I’;; give it another try.
    However, it may not really be an issue with MariaDB. the MySQL version I’m running now isn’t the fastest either, and when running PHP 5.4, I get failing connections as well, and the log shows timeouts on MySQL. So it might well be a matter of the database – WordPress in particular. Multiple blogs in one database might be a bad idea ?? Something to discuss with Mark – and WordPress The problem is how to get performance data frem MySQL..
    And on Diana, I imported the MySQL database into MariaDB using the script provided. So if there is something rotten in the WordPress database, it will be rotten under MaraiaDB as well…
    But there IS something Mark will have to look into: On the Itanium system MariaDB cannot be started with a new database: it may create one but runs into errors when starting. This is to be executed using a telnet session to catch all data. One thing is needed anyway – but it seems unrelated to MariaDB, more to SSL: when creating the (self-signed) certificates SSLROOT: is requested, but that is not present; SSL$ROOT is. So to get around it, define SSLROOT before attempting to start MySQL or the installation script:
    $ DEFINE/SYSTEM SSLROOT SSL$ROOT:/TRANSLATION=CONCEALED
    (you can also use the full definition of SSL$ROOT but this works as well).

    That way, the certificate is created, the my.cnf file is created but starting MariaDB fails: This signals a number of errors and aborts….

    Just done: WP updated (4.8.1)

    17-Jul-2017

    To https or not to https…
    Mark Daniel has created some tools (well, ported them from Linux) to enable modern key-constructs on WASD – a requirement to run WASD 11.1 because HP’s latest version cannot be installed properly unless you are able to patch your system – which requires a support contract that I cannot afford |(and more with me). One more reason to do so is the increasing complaints of browsers about self-signed certificates…
    Mark had set things up beginning of this month and all works fine now, but since these keys have a lifetime of 90 days, you need to refresh them regularly.
    Well, that is what this product does – for free.

    So I installed it, and since I haven’t changed the current keys, all is still working, But the product requires a plain-text key for the generation of the new ones, and this is missing in both Webmail and operator sites. And I had some other questions.
    Mark supplied answers and I changed my system accordingly, but I still have to do some checks before I can state it all works properly.

    One thing I could do is move all webmail and operator stuff to the main form. Of course you would need to login before you can access them (or even if possible, see the links on the page), but here I ran into mapping problems I could not solve that simple. For instance, the home page contains a CSS that is taken explicitly from the non-secure site; so I needed to change a text file to accommodate both flavours.
    However; I ran in to the inaccessibility of anything beyond the home page – including the blog, so I had to revert most of that.

    So this is a matter that will take some more time, but eventually it will be there.

    02-July-2017

    Maintenance report
    Remarkable: just two or three anti-relay log files that are non-ze4re (and those only 4 blocks in size):
    PMAS statistics for June
    Total messages    :   3031 = 100.0 o/o
    DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
    Relay attempts    :     15 =    .4 o/o (Files: 30)
    Accepted by PMAS  :   3016 =  99.5 o/o (Files: 30)
      Handled by explicit rule
             Rejected :   2180 =  72.2 o/o (processed),  71.9 o/o (all)
             Accepted :    176 =   5.8 o/o (processed),   5.8 o/o (all)
      Handled by content
            Discarded :    367 =  12.1 o/o (processed),  12.1 o/o (all)
         Quarantained :    277 =   9.1 o/o (processed),   9.1 o/o (all)
            Delivered :     16 =    .5 o/o (processed),    .5 o/o (all)

    That was all to be mentioned…

    Checking what Autogen has defines so far: some adjustions that have to do with global pages, areas and pool (both paged and non-paged). Requires a reboot…. And, of course, a required change in the startup files was missed so MySQL didn’t start up…easy fix.

    Now it’s a matter of rechecking for a few weeks whether this keeps working Performance is constantly monitored.

    MariaBD test – once more
    Now my system parameters should be set high enough to have this running, I started this server as well, and did some requests. Most go fine but at times, the server is suddenly gone. According Mark Berryman this is likely caused by too little working space. But the system (and user-environment of this server) are the same as for MySQL051 – as suggested in the installation guide. But with some tweaking with mysqladmin, I got at least some data in the log: Stack overflow…

    16-Jun-2017

    WASD 11.1 running!
    Contacted mark Daniel directly on the issue and offered him access to the server to have a look at the live environment. As it turned out, there were a few things.
    First, the SSL kit installed (1.4) is still based om 0.8.8, where WASD 11.1 requires 1.0.2. Actually, 11.0 ran TLS as well but that one is less restrictive. Than, I remembered why the later version (named SSL!) wasn;t installed – I downloaded the kit and it explicitly stated that this one is incompatibel with the 1.4 version (installed) and would require patches on a number of products – and I canbnot get them – so that’s why I didn’t. (having said that: it’s clear why this kit has a different profix (SSL1 in stead of the expected SSL).
    Mark had a diffeernt approach: Het got the certificates I need from Lets’s Encrypt and installed them. Now the secure sites were accessable. Heft left 11.1 running so I could get on.
    Well, that was this morning. When I found out that both Firefox and Chrome will access the first secure site acessed, and keep that site at hand when you access another. For isntance: accessing webmail (and login), next access the operator pages, you will have to login on webmail again (it will do so directly since you already did). Otherwise: first login at the operator pages will use that loigin for webmail as well – and you’ll end up in the opertaor page, even when the URL states webmail….

    This happpened when HTTP/2 enabled. Without, it seemed fine. Se we left it that way – for the time being.
    Not until a few hours later, when Mark notices a missing bit in the HTTP/2 processing on secure sites – a bit hidden in the specs. That has been fixed now, and so |I’m a bit ahead of other WASD users :). And HTTP/2 enabled.