I recently noticed a strange phenomenon on a Debian Stretch server running as a paravirtualized guest on a Xen host: top showed the CPU either be 100% idle or 100% stolen. User, system, nice and waiting times were stuck at 0%. I cross-checked with vmstat and it showed 0% for all cpu time counters. Both tools are getting their information from /proc/stat which looked like the following:
cpu 5322 0 4376 12720669 37879 0 59 1198368772563 0 0
cpu0 5322 0 4376 12720669 37879 0 59 1198368772563 0 0
The third to last value is the steal time, denoting “stolen time, which is the time spent in other operating systems when running in a virtualized environment” [procfs(5)]. This value looked way too high and, in particular, it was counting backwards. So, if I wanted to put this system into production, some debugging was required before…
When running a mail server, some basic rules have to be followed, e.g. ensuring that the server does not operate as an open relay. These rules are nowadays well known and the default configuration provided with MTA software typically avoids these “big no-nos”. Still, there are many pitfalls when configuring a mail server. In this post I want to share some of those pitfalls that I stumbled across in the last years myself.
If you are stuck with PHP 5.4 (e.g. because you are still running Debian Wheezy) and want to migrate from ownCloud to Nextcloud, you are probably facing a minor issue. Nextcloud 11 and newer require PHP 5.6 so you have to stick to version 10 instead. Nextcloud 10 reached its end-of-life with version 10.0.5, which internally corresponds to ownCloud version 9.1.5. The most recent version of ownCloud 9 is version 9.1.6 though, so when trying to migrate to Nextcloud you will face the following error:
Downgrading is not supported and is likely to cause unpredictable issues (from 220.127.116.11 to 18.104.22.168)
Looking at the git commits between ownCloud 9.1.5 and 9.1.6 shows that there were no changes to the database layout. So, as a workaround, you can just edit your config/config.php and set version to 22.214.171.124 or lower. Afterwards, you should be able to run the normal upgrade procedure.
Recently a quite serious vulnerability (CVE-2016-9920) in Roundcube was reported. Until now (7th Dec) this vulnerability is unfixed in Debian’s roundcube packages (see the corresponding entry in the Debian Security Tracker).
The upstream patch is not directly applicable to version 0.7 which is used in Debian Wheezy but with a little modification it is. Following you find a corresponding patch*.
A few years ago I migrated some German websites to a new server and took the opportunity to make them accessible via IPv6. Later I wondered how many people actually access these websites over IPv6 and started collecting some data. Now, 15 months later, it’s time to have a look at it:
For some time now I run a small ownCloud instance to synchronize my contacts and calendars across different devices. When another person tried to migrate his Google calendars to this instance there was an issue though. The .ics files exported from Google contained invalid entries that were copied into ownCloud’s database and broke synchronization with 3rd party applications like Thunderbird’s Lightning extension.
This night we get another leap second, meaning that the last second of today is not 23:59:59 but 23:59:60 instead. The last time this happened was on June 30, 2012 and lead to issues on several servers due to bugs in the Linux kernel. Since then these bugs were fixed and also methods of hiding the leap second altogether were implemented. Here you can find a good overview over different configurations of kernel, ntpd and tzdata and how a leap second will be handled using these configurations. What is missing here is how a setup using systemd-timesyncd instead of ntpd will handle this situation.
With raspbian there is a ready-to-use Debian variant available for the Raspberry Pi 2. But since Debian itself already has great support for the armhf architecture, it is perfectly possible to run stock Debian on the Raspberry Pi 2. Here is how a bootable image of Jessie can be created.