Hard to be current! PDF Print E-mail
Written by Michael Felt   

Just saw a retweet - and followed it to see that IBM is being more serious about having opensource "more" current. But it is hard to be current - as I know from what I do on my own - for myself mainly. So, when I saw the IBM httpd package was newer than mine - I thought - time to get updated.

As an example, mine packaging is at level 2.4.20 and IBM's is at 2.4.23 - and the current level is 2.4.25. Hard to be current. Example 2: my curl is at 7.52.1(the current level) and IBM's is at 7.51.0. Again - Hard to be current.

Read more...
 
A bit of maintenance - downtime explained PDF Print E-mail
Written by Michael Felt   

You may have noticed a bit of downtime today - my apologies, but I needed to get some updates finally applied.

Soon I will write about configuring pop3ds and imapds - as this is something I have wanted to have working, but have always missed one or two bits. With the update I seem to have it configured so that it will work with TLS1.2 and not with SSLv3 or SSLv2. And, after a few more tests on some "undocumented" behaviors I will have a short blog on SecuringAIX and a longer tutorial on rootvg.net

 
mksysb - yes, something new! PDF Print E-mail
Written by Michael Felt   

We have always known that backups using mksysb could be done on a live system - except it may be necessary to stop certain applications that keep meta information in rootvg. That time has been - massively - shortened. And, fortunately, this is "so old" we should all have it by now.

Basically, before generating a list of files to makeup AIX is making a "LVM snapshop" of the rootvg - and then backing up that list of files. So, to be safe - still stop your vital applications BUT! once you see this:

 

Last Updated ( Monday, 19 December 2016 )
Read more...
 
Feels like cheating - Part 2a - OpenSSL and AIX PDF Print E-mail
Written by Michael Felt   

OpenSSL - there is "suddenly" a lot happening. The sudden is that sites and portals are now really enforcing TLS1.2 connections (some so far to not even support "not-encrypted" aka port 80 connections).

And so, the things I was thinking about back when I started "part 1 " over a year ago (i.e., lot really so sudden - there was lots of time to prepare) have now come to be the status quo.

In short, I got bit by my own predictitions - in part because of a typo (thinking I was looking for /var/ssl/cacert.pem when I had "hard-coded" /var/ssl/capert.pem.

In any case - I had to get to work with my AIXTOOLS packaging.

The short story: you need at least openssl.base.1.0.1.515  (currently latest version is openssl.base.1.0.1.516) via IBM AIX Web Download Programs.

So - the message to take with you today: get the latest OpenSSL for AIX from  IBM AIX Web Download Programs. Additionally, take a look at some packages that rely on OpenSSL that I have repackaged for AIX - e.g., python , git , and curl. If you have any questions or issues with the packages - leave a note at the forum for AIXTOOLS.

Last Updated ( Friday, 21 October 2016 )
 
Another warning from my NAS PDF Print E-mail
Written by Michael Felt   

I am learning there are key differences in NAS disks - lots of reading the last month after the last scare when a RAID array went into "degraded" mode.

And again this week when "the other" array went offline (and took my server down with it).

So, as I look to buy new disks I am considering "lower performance" (5400 rather than 7200 rpm) - and also making sure the disks are rated for 6+ bay NAS - vibration in parallel.

Compared to old SCSI (limited to 150-600G) that seemed to be indestrucible (had a few at 35G and 70G) running 7x24 for over 10 years with never a problem - versus "NAS" SATA disks - 7 disks, 7 failures (with 5 replacements! under warrenty).

The 5-year versus 3-year warrenty is looking more important too!

 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>