Transition Technology: Ticket Query

#645: APC Tuning on Parrot and Penguin

chris — Tue, 10 Dec 2013 10:52:31 GMT

As part of the upgrade from Squeeze to Wheezy, see ticket:535, Munin graphs for APC were added:

There is also more APC info here:

The documentation for the variables which can be set in /etc/php5/mods-available/apc.ini can be found here:

http://php.net/manual/en/apc.configuration.php

This monitoring is generating quite a high volume of warnings about fragmentation and purges and this ticket has been created to try to sort this issue out.

#655: Add social media icons with counters to blogs listings views

ed — Thu, 12 Dec 2013 13:03:11 GMT

Investigate with Rob how to add Social media icons with counters into the /blogs listings views and individual node views.

I suggest starting with just Rob's blogs (/rob-hopkins), separate context for 'Transition Culture section' and then roll it out over other blogs and maybe news content type once the /rob-hopkins has been trialled

Sam to talk with Rob

Also cc-ing Ben as design - theme guy

#676: Alternative to Skype for TTech Meetings

chris — Tue, 14 Jan 2014 13:33:51 GMT

Jim has pointed out that:

Skype costs us 15-30 minutes of grinding pain every time we do this!

So what are the alternatives and what are our requirements?

#898: Fwd: Access to Drupal

ade — Tue, 26 Jan 2016 17:35:05 GMT

Hi Chris,
The web team at the development agency are requesting access to the
webserver so that they can look at the sites make up.
(Please see below)
Would you please set up an account so that they can get root read access?
I guess this would be done via FTP, but your thoughts greatly appreciated.
best regards
Ade
---------- Forwarded message ----------
From: Ainslie Beattie <ainsliebeattie@transitionnetwork.org>
Date: 26 January 2016 at 17:25
Subject: Fwd: Access to Drupal
To: Sam Rossiter <samrossiter@transitionnetwork.org>, Ade Stuart <
adestuart@transitionnetwork.org>, Yvonne Struthers <yvonne@thisisyoke.com>
Hey both, can you please action this urgently so that Yoke can have access.
Cheers
---------- Forwarded message ----------
From: "Yvonne Struthers" <yvonne@thisisyoke.com>
Date: 26 Jan 2016 10:58
Subject: Access to Drupal
To: <ainsliebeattie@transitionnetwork.org>
Cc:
Hi Ainslie,
Just a quick email as I'm out seeing a client today,but just to say,it
looks like you have only given us access to the database. What we need
please is admin access to the Drupal site and to the code base so that we
can get a sense of how it's all set up.
Thanks in advance!
Yvonne
Sent from my iPhone
--
Ade Stuart
Web Manager - Transition network
07595 331877
The Transition Network is a registered charity
address: 43 Fore St, Totnes, Devon, TQ9 5HN, UK
website: www.transitionnetwork.org
TN company no: 6135675 TN charity no: 1128675

#814: Higher that usual loads on PuffinServer since early September

chris — Wed, 03 Dec 2014 17:12:35 GMT

The following load graph from PuffinServer shows that the load increased substantially in early September 2014, does anyone know why?

When I found I went to Drupal 7.33 and all I got was a slow site I thought that perhaps a Drupal 7 site on the server could be the cause but 7.33 came out on 7th November 2014.

Anyone have any ideas?

#881: Site on ParrotServer with a memory leak?

chris — Fri, 23 Oct 2015 11:19:04 GMT

It appears a site, or application, on ParrotServer might have a memory leak.

#758: * Advisory ID: DRUPAL-SA-CORE-2014-003

paul — Wed, 16 Jul 2014 21:55:29 GMT

View online: https://www.drupal.org/SA-CORE-2014-003

Advisory ID: DRUPAL-SA-CORE-2014-003
Project: Drupal core [1]
Version: 6.x, 7.x
Date: 2014-July-16
Security risk: Critical [2]
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.

.... Denial of service with malicious HTTP Host header (Base system - Drupal 6 and 7 - Critical)

Drupal core's multisite feature dynamically determines which configuration file to use based on the HTTP Host header.

The HTTP Host header validation does not sufficiently check maliciously-crafted header values, thereby exposing a denial of service vulnerability.

.... Access bypass (File module - Drupal 7 - Critical)

The File module included in Drupal 7 core allows attaching files to pieces of content. The module doesn't sufficiently check permission to view the attached file when attaching a file that was previously uploaded. This could allow attackers to gain access to private files.

This vulnerability is mitigated by the fact that the attacker must have permission to create or edit content with a file field.

Note: The Drupal 6 FileField? [3] module is affected by a similar issue (see SA-CONTRIB-2014-071 - FileField? - Access bypass [4]) and requires an update to the current security release of Drupal 6 core in order for the fix released there to work correctly. However, Drupal 6 core itself is not directly affected.

.... Cross-site scripting (Form API option groups - Drupal 6 and 7 - Moderately critical)

A cross-site scripting vulnerability was found due to Drupal's form API failing to sanitize option group labels in select elements. This vulnerability affects Drupal 6 core directly, and likely affects Drupal 7 forms provided by contributed or custom modules.

This vulnerability is mitigated by the fact that it requires the "administer taxonomy" permission to exploit in Drupal 6 core, and there is no known exploit within Drupal 7 core itself.

.... Cross-site scripting (Ajax system - Drupal 7 - Moderately critical)

A reflected cross-site scripting vulnerability was found in certain forms containing a combination of an Ajax-enabled textfield (for example, an autocomplete field) and a file field.

This vulnerability is mitigated by the fact that an attacker can only trigger the attack in a limited set of circumstances, usually requiring custom or contributed modules.

/A CVE identifier [5] will be requested, and added upon issuance, in

accordance with Drupal Security Team processes./

Drupal core 6.x versions prior to 6.32.
Drupal core 7.x versions prior to 7.29.

Install the latest version:

If you use Drupal 6.x, upgrade to Drupal core 6.32. [6]
If you use Drupal 7.x, upgrade to Drupal core 7.29. [7]

Also see the Drupal core [8] project page.

The denial of service vulnerability using malicious HTTP Host headers was

reported by Régis Leroy [9].

The access bypass vulnerability in the File module was reported by Ivan

Ch [10].

The cross-site scripting vulnerability with Form API option groups was

reported by Károly Négyesi [11].

The cross-site scripting vulnerability in the Ajax system was reported by

mani22test [12].

The denial of service vulnerability using malicious HTTP Host headers was

fixed by Régis Leroy [13], and by Klaus Purer [14] of the Drupal Security Team.

The access bypass vulnerability in the File module was fixed by Nate Haug

[15] and Ivan Ch [16], and by Drupal Security Team members David Rothstein [17], Heine Deelstra [18] and David Snopek [19].

The cross-site scripting vulnerability with Form API option groups was

fixed by Greg Knaddison [20] of the Drupal Security Team.

The cross-site scripting vulnerability in the Ajax system was fixed by

Neil Drumm [21] of the Drupal Security Team.

The Drupal Security Team [22]

The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [23].

Learn more about the Drupal Security team and their policies [24], writing secure code for Drupal [25], and securing your site [26].

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity [27]

_ Security-news mailing list Security-news@… Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

#596: Captions issue

benj — Mon, 16 Sep 2013 16:58:04 GMT

basically captions are appearing on body inline images and featured images on STG but not PROD and I can't see where the difference is...

The following code addition to the bottom of template.php should be (but isn't) adding the caption class to images such as the one at the top of this page:

https://www.transitionnetwork.org/blogs/ed-mitchell/2013-06/test-blog-test-caption-and-featured-image

Any reason you can think of why not? Or do you know of another easy way of adding the class caption to featured image fields? (I guess the module https://drupal.org/project/semantic_cck - but maybe overkill...)

Adds caption css class to featured images */

function transition2_imagecache_formatter_featured_image_default($element) {

Inside a view $element may contain NULL data. In that case, just return. if (empty($element#item fid?)) {

return ;

}

Extract the preset name from the formatter name. $presetname = substr($element#formatter, 0, strrpos($element#formatter, '_')); $style = 'linked'; $style = 'default';

$item = $element#item; $itemdata?alt? = isset($itemdata?alt?) ? $itemdata?alt? : ; $itemdata?title? = isset($itemdata?title?) ? $itemdata?title? : NULL;

$class = "imagecache imagecache-$presetname imagecache-$style imagecache-{$element#formatter} caption"; return theme('imagecache', $presetname, $itemfilepath?, $itemdata?alt?, $itemdata?title?, array('class' => $class));

}

#727: Change background on block from orange to white

sam — Fri, 16 May 2014 10:02:17 GMT

Hi Ben

Rob wants a list of the themes presented in a block.

I did the block: https://www.transitionnetwork.org/admin/build/block/configure/block/97

But it appears with an orange background. The block is visible towards the bottom of the page (for logged in admins) here: https://www.transitionnetwork.org/blogs/rob-hopkins

If I put the block on other pages it appears with a white background.

I tried to hack it with some inline CSS but failed.

Could you take a look?

Thanks

Sam

#636: Changes to Space.transitionnetwork.org homepage to facilitate user registration

ed — Wed, 27 Nov 2013 17:30:19 GMT

Space currently does not give users who aren't already registered a way in. Anon users can see some of the spaces but when they try to apply for membership, they hit a login page, which they can't complete as they are not registered.

RTFM for OA as to OA best practice - this is billable time. Then leave notes about it in wiki for later developers.

The homepage needs editing to sort this out. Here are some first changes:

2.1. Remove the 'Need the pros' pane (RHS) 2.2 Remove the 'Just getting started' pane (LHS) 2.3 Add a 'Request membership' pane which is basically a user registration form. Make registration 'approval only' for now, approval to be by a site admin (webproject@…)

The /spaces listings view shows the spaces that are publicly viewable, and there is a 'request group membership' button for each of them.

Can you make this into a registration form as well?

#541: Documentation of the WordPress sites

chris — Wed, 01 May 2013 20:25:57 GMT

These pages have been created for the documentation of the wiki:WordPress sites running on wiki:PenguinServer:

So far they only have a listing on the plugins for each site.

Ideally they would document all the plugins, the theme and the steps that need to be taken to upgrade each site and also any other things that need documenting.

Laura is this something you might be able to help with? I'm happy doing some work on it but you know your way around these sites far better than anyone else.

#590: Drupal performance improvements

jim — Fri, 06 Sep 2013 10:27:27 GMT

This ticket is to track the work and changes done within the Drupal sphere in relation to performance enhancements done since #585.

More information is needed and will come when ticket:586 New Relic Monitoring for BOA is completed.

I also note that many of these cleanup operations will also help make the move to D7 smoother and better.

Summary of actions and status

TODO

O) Stop making so many URL aliases for non-relevant pages, clean up url_alias table -- 1/4-1/2 hour, medium reward, only risk is that some already broken links might break... Per chat with Ed, only these will be removed (plus releated tweaks to Pathauto settings):

3,579 entries where src = node/%/feed
1,856 entries where src = user/%/contact
= 5,435 or ~11% of entries in url_alias

L) Review slow query log, explain queries, tweak as necessary/flag poorly behaving modules. 2-4 hours, high reward, low risk... Keep looking at the slow query log and adjust Drupal or find patches as necessary. ALSO related Reduce your server's resource usage by moving MySQL temporary directory to tmpfs... Have opened ticket for this: #591 for Chris.

Done

A) Remove spam taxonomy entries ~~1/2 hour, Low risk, low reward -- See item 8 below. A simple delete from taxo term table where length > 50 is worth doing IMHO, and nothing I saw that would be clobbered is not spam.~~

B) Try a Taxonomy Cleanup: 3 hours, Medium risk, medium reward -- style module to try to merge terms with the same names and clean up the link tables back to nodes. Further, we can remove any taxonomies or relations to certain CTs that don't really add value.

D) Review Views caching ~~1 hour, low risk, high reward -- Utilise Views Content Cache this was done a while back but I think -- done (task 12) in comment 21.~~

F) Force blocks caches to cached appropriately (and be rendered/included only as needed) 1-2 hours, medium reward, low risk -- BOA packages the Block Cache Alter, which makes sure Drupal only renders blocks when needed. Potential small but nice boost quickly in whole site. -- per comment 22, block caching is disabled by other modules so this will have to go on hold for now.

H) Remove CustomError? module all together 1/2 hour, low risk, low reward -- We should take out the PHP code from the 403 section of CustomError? and put it into a simple page entry. See comment 6 below as this has happened for 404s (which need no PHP). We can then remove the CustomError? module all together, saving lots of sessions. I would go ahead and do this but since the 403 page has various displays depending on user type, I wanted to raise it here as it *may* have side effects. Or not...

I) Re-enable block caching. 2-6 hours, high risk, high reward -- Per comment 24, a module (probably Content Access) is stopping Drupal caching blocks, which for some of them means a fair amount of pointless overhead. We need to somehow get around this and get blocks cached if possible. R&D mainly, perhaps with some hacking/patching - but I'd stop short of doing this if so.

K) Add & enable Views Lite Pager on big views. ~~1 hour, low risk, low reward -- Using this module stops a heavy count query on views with pagers -- recommended for large sites.~~

M) Take control of Cron, and maximise time pages are cached for. .25h, high reward, low risk -- Cron is wiping the page cache, so we need to install https://drupal.org/project/elysia_cron so we can clear the page less often, and run other things when we want and the site is quieter. Now need per minute resolution set to get the best, see comment 33 and 34 for more...

N) Replace Admin Menu 1.x with 3.x -- will happen when #590 occurs, marking complete here -- ~~5 mins, high reward, low risk -- done when #582 happens, could be the cause of some load spikes as it occasionally goes made and does 2000-5000 queries~~~~

#701: Emails & Telephone calls

paul — Tue, 18 Mar 2014 09:38:24 GMT

#711: Emails & Telephone calls

paul — Tue, 01 Apr 2014 13:47:56 GMT

#587: Puffin MySQL Tuning

chris — Thu, 05 Sep 2013 12:54:47 GMT

This ticket is to track the tuning we do to MySQL on PuffinServer.

See also previous comments on this issue:

#638: Question about notifications option for content creators

ed — Thu, 28 Nov 2013 12:32:57 GMT

Content creators (news, Rob's blog, social reporters) struggle with the notifications. the problem is that they forget to click the option to 'do not send notifications for this update' and then notifications are sent out. It is easy for us to think this is easy for them, but when you are bashing stuff out in a hurry, it's easy to forget this fiddly bit.

CAN WE set drupal to NOT send notifications out as standard for some of the content types?

And change it so that the content creators (news, Rob's blog, social reporters) choose to SEND notifications out instead (of NOT sending them) ?

#737: SPF / Emails rejected from the website contact form

sam — Thu, 05 Jun 2014 15:46:13 GMT

We had a user report that they could not send a message via our contact form:

"Yesterday I sent a message to you via the contact form on the website. But obviously something went wrong: for I got a failure notice saying my message could not be delivered. Therefore I'm sending it directly via email (see below) hoping that you're receiving my message this way."

<info@…>: host mx1.spamfiltering.com[72.249.150.158] said:

550 81.95.XX.XX is not allowed to send mail from gmx.de. Please see http://www.openspf.net/Why?scope=mfrom;identity=userXX@gmx.de;ip=81.95.XX.XX (in reply to end of DATA command)

(User details edited as this is publicly archived)

I'm not sure I quite understand what's going on here. Chris indicated in email that this would affect other users whose email provider has set this kind of SPF record.

Can we make an educated guess as to what proportion of email providers set this kind of SPF?

How many messages do we never get to see? Is it a problem? Or a small enough number of users that we just don't worry about it?

Thanks

Sam

#662: Subscriptions' links in text emails breaking

ed — Tue, 17 Dec 2013 15:37:13 GMT

for January - to get Sam and Jim talking - in January

The subs sent out to subscribers: are fine in html but the text version is broken and unsatisfactory. I know we've been through this and it's a known bug etc. etc. but I'm wondering if we can switch all subs to html, or if there are any patches to this problem?

Adding as Jim's ticket with Sam cc-ed

#582: TN.org platform and sites

jim — Mon, 02 Sep 2013 09:30:02 GMT

The TN.org platform and Drupal site updates are to be tracked in this ticket.

Current PROD platform build = P009 Current STG platform build = S010

Updates pending:

SECURITY UPDATE - NO RISK: Pressflow core 6.30 is due, but the security holes fixed do not affect us, low priority. Platforms: present in S010, but not in P009.

#772: new TIs not appearing on staging until caches flushed

annesley — Tue, 05 Aug 2014 09:26:32 GMT

i added a new Mulling transition initiative on staging in Afghanistan and it did not appear on the map... i flushed caches and then it started appearing on the main initiatives map. is this intended? is it a known?

#774: * Advisory ID: DRUPAL-SA-CORE-2014-004

paul — Wed, 06 Aug 2014 19:52:54 GMT

View online: https://www.drupal.org/SA-CORE-2014-004

Advisory ID: DRUPAL-SA-CORE-2014-004
Project: Drupal core [1]
Version: 6.x, 7.x
Date: 2014-August-06
Security risk: 13/25 ( Moderately Critical)

AC:None/A:None/CI:None/II:None/E:Proof/TD:100 [2]

Exploitable from: Remote
Vulnerability: Denial of service

Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available (xmlrpc.php). The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site's database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service).

All Drupal sites are vulnerable to this attack whether XML-RPC is used or not.

In addition, a similar vulnerability exists in the core OpenID module (for sites that have this module enabled).

This is a joint release as the XML-RPC vulnerability also affects WordPress (see the announcement [3]).

/A CVE identifier [4] will be requested, and added upon issuance, in

accordance with Drupal Security Team processes./

Drupal core 7.x versions prior to 7.31.
Drupal core 6.x versions prior to 6.33.

Install the latest version:

If you use Drupal 7.x, upgrade to Drupal core 7.31 [5].
If you use Drupal 6.x, upgrade to Drupal core 6.33 [6].

If you are unable to install the latest version of Drupal immediately, you can alternatively remove the xmlrpc.php file from the root of Drupal core (or add a rule to .htaccess to prevent access to xmlrpc.php) and disable the OpenID module. These steps are sufficient to mitigate the vulnerability in Drupal core if your site does not require the use of XML-RPC or OpenID functionality. However, this mitigation will not be effective if you are using a contributed module that exposes Drupal's XML-RPC API at a different URL (for example, the Services module); updating Drupal core is therefore strongly recommended.

Also see the Drupal core [7] project page.

Willis Vandevanter [8]
Nir Goldshlager [9]

Andrew Nacin [10] of the WordPress Security Team
Michael Adams [11] of the WordPress Security Team
Frédéric Marand [12]
David Rothstein [13] of the Drupal Security Team
Damien Tournoud [14] of the Drupal Security Team
Greg Knaddison [15] of the Drupal Security Team
Stéphane Corlosquet [16] of the Drupal Security Team
Dave Reid [17] of the Drupal Security Team

The Drupal Security Team [18] and the WordPress [19] Security Team

The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact [20].

Learn more about the Drupal Security team and their policies [21], writing secure code for Drupal [22], and securing your site [23].

[1] http://drupal.org/project/drupal [2] http://drupal.org/security-team/risk-levels [3] https://wordpress.org/news/2014/08/wordpress-3-9-2/ [4] http://cve.mitre.org/ [5] http://drupal.org/drupal-7.31-release-notes [6] http://drupal.org/drupal-6.33-release-notes [7] http://drupal.org/project/drupal [8] https://www.drupal.org/user/1867894 [9] https://www.drupal.org/user/2891345 [10] http://profiles.wordpress.org/nacin [11] http://profiles.wordpress.org/mdawaffe [12] https://www.drupal.org/user/27985 [13] https://www.drupal.org/user/124982 [14] https://www.drupal.org/user/22211 [15] https://www.drupal.org/u/greggles [16] https://www.drupal.org/user/52142 [17] https://www.drupal.org/user/53892 [18] http://drupal.org/security-team [19] http://wordpress.org [20] http://drupal.org/contact [21] http://drupal.org/security-team [22] http://drupal.org/writing-secure-code [23] http://drupal.org/security/secure-configuration

_ Security-news mailing list Security-news@… Unsubscribe at https://lists.drupal.org/mailman/listinfo/security-news

#820: *.transitionnetwork.org 2015 security certificate

chris — Fri, 26 Dec 2014 09:47:49 GMT

The current wild-card *.transitionnetwork.org cert will run out on 24th Jan, this is a ticket to track the time spent renewing it.

See also ticket:795, SHA1 Deprecation: Regenerate all certs using SHA256.

#569: 403s served to editors, admin very slow

ed — Tue, 09 Jul 2013 07:52:32 GMT

Rob is getting 403s when trying to submit his work. Report from 07:12am this morning (Tuesday)

Ed tried to add a blog post at node add:

https://www.transitionnetwork.org/node/add/blog It took nearly 15 seconds to get this published https://www.transitionnetwork.org/blogs/ed-mitchell/2013-07/eds-test-blog-item-check-403

Running admin functions takes ages.This request took well over 30 seconds:

https://www.transitionnetwork.org/admin/content/node/overview

Please advise?

#563: 503 Errors

chris — Wed, 19 Jun 2013 10:59:54 GMT

Original Description

The site is generating a lot of 503 errors, 83 since 6:30am today and there were around 750 yesterday.

#843: 8.8.8.8 (US/United States/google-public-dns-a.google.com) blocked for port scanning

chris — Tue, 07 Apr 2015 23:05:33 GMT

Never seen this before:

Date: Tue,  7 Apr 2015 23:46:09 +0100 (BST)
From: root@puffin.webarch.net
To: chris@webarchitects.co.uk
Subject: lfd on puffin.webarch.net: 8.8.8.8 (US/United States/google-public-dns-a.google.com) blocked for port scanning
Time:    Tue Apr  7 23:46:09 2015 +0000
IP:      8.8.8.8 (US/United States/google-public-dns-a.google.com)
Hits:    20
Blocked: Temporary Block
Sample of block hits:
Apr  7 23:45:36 puffin kernel: [19823338.636822] Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:16:3e:19:68:02:00:12:1e:13:6c:db:08:00 SRC=8.8.8.8 DST=81.95.52.103 LEN=162 TOS=0x00 PREC=0x00 TTL=45 ID=65064 PROTO=UDP SPT=53 DPT=48825 LEN=142

I thought set the Google DNS servers for the machine via /etc/resolv.conf but that contains:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1

There is /etc/resolvconf/resolv.conf.d/original containing:

nameserver 8.8.8.8
nameserver 8.8.4.4

But I don't know what DNS resolver BOA has installed and the server is using.

#744: Add CSS Injector module to the D6 mix

annesley — Thu, 19 Jun 2014 10:50:03 GMT

CSS Injector module allows admin dynamic adding of CSS in to a live production server without code updates. this is to respond quickly to client needs whilst implementing the requests in the correct place in the themes on the next promotion from dev.

#534: Add accounts for Ben

chris — Fri, 26 Apr 2013 17:16:23 GMT

Ben is a new member of the TTech team and accounts need setting up for him, this is a ticket to track the time taken to do this.

#632: Add accounts for Sam

chris — Mon, 25 Nov 2013 14:41:25 GMT

Following ticket:534

#649: Add commenting to /films/ content type in January

ed — Thu, 12 Dec 2013 10:53:16 GMT

seen here:

https://www.transitionnetwork.org/admin/content/node-type/films

https://www.transitionnetwork.org/films https://www.transitionnetwork.org/films/occupy-love

#643: Add paginator for /films view

ed — Mon, 09 Dec 2013 11:40:08 GMT

Please add pages links for this view: https://www.transitionnetwork.org/admin/build/views/edit/Films?destination=films#views-tab-page_1

10 per page should do it

#684: Adding Paul and Nick to Transition Network on github.org

chris — Thu, 23 Jan 2014 10:42:23 GMT

It looks like Ed and Jim are the only one with permissions to add members to Transition Network on GitHub as they are listed as owners and the rest of us are members.

Paul and Nick can you post you account names to this ticket so you can be added?

Jim could you make me and/or Ben owners as well so we can add people?

#611: Adding Trac Account for Alan

chris — Thu, 17 Oct 2013 12:55:21 GMT

Alan, the other sysadmin at Webarchitects is in a better position than me to help with some of the more complex sysadmin issues so I hope it's OK that I have added an account for him here following the wiki:TracUserAdmin notes.

He is looking at helping with these tickets:

ticket:599 Server time drift
ticket:555 Load spikes causing the TN site to be stopped for 15 min at a time
ticket:593 Migrating Puffin to a ZFS file server

I don't expect he will be recording much time, I hope that is OK, he already has sudo access to all the servers.

#803: Adding a CNAME value to TN.org zone files

ed — Mon, 27 Oct 2014 16:14:09 GMT

I need to add a CNAME value to verify transitionnetwork.org for google apps.

Can I do this on my own using the zone files in gandi or is it better that you do it Chris?

The value will be automatically generated as part of the verification process for setting the apps up, so I'll need to add it promptly

https://support.google.com/a/answer/60216

#888: Adverts on Transition Network Front Page loaded via flickrit.com embedded content

chris — Sun, 06 Dec 2015 12:25:49 GMT

It it intentional or accidental that adverts from https://secureads.bitbillions.com/ are being loaded on the front page of https://www.transitionnetwork.org/ via the embedded content from flickrit.com?

#610: Aegir database intensive (migrate, clone, restore) tasks hang for larger sites

jim — Tue, 15 Oct 2013 10:18:59 GMT

Large sites (TN.org and variants) will simply not complete their migrate, clone or restore tasks in Aegir.

However, smaller sites are fine, and all tasks work for them.

The process largely completes -- codebase installs, database is cloned, symlinks for sites aliases and files created... BUT the process never completes in Aegir, so the final steps of switching a site's served location never occurs.

Useful links/comments in this issue:

#548: All Admin functions broken on TN.org

ed — Tue, 14 May 2013 07:50:15 GMT

Admins, editors, social reporters cannot create content on TN.org. Choosing to create content leads to homepage. Can't do anything on the admin menu.

Emergency.

#779: Annesley locked out of puffin?

chris — Wed, 27 Aug 2014 14:28:12 GMT

Looks like Annesley's IP has been blocked on wiki:PuffinServer.

#630: Archiving Transition Town Totnes site

ed — Mon, 25 Nov 2013 11:54:35 GMT

Please estimate to archive TTT site as per conversation with Ed:

convert to html
host on Penguin (incl. any likely issues for Penguin doing this)
any ongoing maintenance

Then Ed will discuss with Frances at TTT as per agreement with Chris

#702: Attachments not being deleted from Trustees page

ed — Fri, 21 Mar 2014 17:11:14 GMT

I can't remove the attachments from the Trustees page: https://www.transitionnetwork.org/about/people/trustees

please investigate and sort if you can. We need to remove all the attachments apart from those in 2013.

#854: BOA 2.4.3

chris — Tue, 26 May 2015 10:30:41 GMT

BOA 2.4.3 came out 7 days ago (BOA, for an unknown reason, no longer appears to sent out update available emails), from the changelog:

### Stable BOA-2.4.3 Release - Full Edition
### Date: Tue May 19 13:40:40 PDT 2015
### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.3
  @=> Includes Aegir Hostmaster 2.x-head with improvements
  @=> Includes Aegir Provision 3.x-head with improvements
  @=> Includes Drush 7 customized for BOA
# Release Notes:
  This BOA release is focused on Aegir platforms update with latest Drupal core
  included. There are also a few system updates and bug fixes, as listed below.
# Changes:
  * Redis Integration Module: Update to version mod-08-05-2015
  * Use HTTPS intermediate mode to support legacy systems like XP/IE8 - see #718
# System upgrades:
  * Drush mini-7-08-05-2015
  * MariaDB 10.0.19
  * MariaDB Galera Cluster 10.0.19
  * PHP 5.4.41
  * PHP 5.5.25
  * PHP 5.6.9
  * Redis 3.0.1
# Fixes:
  * CiviCRM known bugs and regressions fixed
  * Improve drush aliases cleanup
  * Redis: sync net.core.somaxconn with tcp-backlog
  * sqlmagic: do not escape backslashes and EOL character - fixes #672

The last BOA upgrade, ticket:844 sent a email, ticket:754#comment:26 saying:

Next BOA upgrade (2.4.3) will force PHP 5.5 on all hosted Aegir
instances, unless you will explicitly opt-out *before* that upgrade
using PHP version control files, as explained in our docs at:
  https://omega8.cc/how-to-quickly-switch-php-to-newer-version-330

And we have been discussing if we should test running the site with PHP 5.5 on PuffinServer or if we should create a development server to test with, this upgrade needs to wait till we have agreed a way forward.

#864: BOA 2.4.5

chris — Sun, 12 Jul 2015 08:36:38 GMT

A new version of BOA came out on Friday:

### Stable BOA-2.4.5 Release - Full Edition
### Date: Fri Jul 10 11:25:43 PDT 2015
### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.5
### Latest hotfix added on: Fri Jul 10 14:49:11 PDT 2015
  @=> Includes Aegir Hostmaster 2.x-head with improvements
  @=> Includes Aegir Provision 3.x-head with improvements
  @=> Includes Drush 7 customized for BOA
# Release Notes:
  This BOA release includes PHP security upgrade for versions 5.6, 5.5 and 5.4
  plus security upgrade for Redis server and four updated Octopus platforms.
  Support for Drupal 8 is temporarily removed, because now it would require
  an upgrade to Drush 8, which in turn completely removes support for PHP 5.3,
  while it's still more important to support legacy Pressflow 6 sites, if they
  are not ready to move beyond PHP 5.3 yet, than trying to support some
  (too fast) moving targets like Drupal 8 beta, and Drush 8 head.
# Updated Octopus platforms:
  Commerce 2.26 ---------------- https://drupal.org/project/commerce_kickstart
  Commons 3.28 ----------------- https://drupal.org/project/commons
  OpenAtrium 2.43 -------------- https://drupal.org/project/openatrium
  Panopoly 1.25 ---------------- https://drupal.org/project/panopoly
# Changes:
  * Drupal 8 is not supported until we can switch to Drush 8 and remove PHP 5.3
# System upgrades:
  * Nginx 1.9.2
  * PHP 5.4.43
  * PHP 5.5.27
  * PHP 5.6.11
  * Redis 3.0.2

#872: BOA 2.4.6

chris — Tue, 22 Sep 2015 08:50:36 GMT

The Changelog:

### Stable BOA-2.4.6 Release - Full Edition
### Date: Sat Sep 19 11:09:09 PDT 2015
### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.6
### Latest hotfix added on: Mon Sep 21 05:18:33 PDT 2015
  @=> Includes Aegir Hostmaster 2.x-head with improvements
  @=> Includes Aegir Provision 3.x-head with improvements
  @=> Includes Drush 7 customized for BOA
# Release Notes:
  This BOA release includes several important system upgrades and bug fixes.
  All supported Aegir platforms have been updated with latest Drupal cores.
  @=> Latest Drupal 8.0.0-beta15 works great, but currently only when installed
      as a custom platform in the ~/static directory tree, because it is not
      really symlinks-friendly. We will re-introduce built-in Drupal 8 platforms
      once this situation is improved.
# Changes:
  * Add Twig C extension to PHP - v.1.22.1
  * Allow to customize auto-upgrades mode
  * Disable support for broken OpenScholar and Recruiter
  * Open default Postgres port for outgoing connections
  * Remove support for deprecated Feature Server distro
  * Remove support for deprecated OpenAcademy distro
  * Remove support for deprecated OpenBlog distro
  * Remove support for deprecated OpenChurch v.1 distro
  * Remove support for deprecated OpenDeals distro
  * Use distro specific Drupal core for problematic distros
# System upgrades:
  * cURL 7.44.0 (if installed from sources)
  * Duplicity 0.7.05 (please run 'backboa install' to upgrade)
  * Jetty 7.6.17.v20150415
  * Jetty 8.1.17.v20150415
  * MariaDB 10.0.21
  * MariaDB 5.5.45
  * MariaDB Galera Cluster 10.0.21
  * Nginx 1.9.4
  * OpenSSH 7.1p1 (if installed from sources)
  * PHP 5.6.13, 5.5.29, 5.4.45
  * PHP: ionCube loader 5.0.18
  * Pure-FTPd 1.0.42
  * Redis 3.0.4
  * Ruby 2.2.3, 2.0.0-p647
  * Use pecl-jsmin-1.1.0
# Fixes:
  * Allow to re-install deleted D7/D6 platforms when dev doesn't exist
  * Do not install phpunit -- it adds many PHP tools we don't need
  * Drush requires php-eval to run drush_find_tmp() in sql-sync
  * Fix apache cleanup
  * Fix invalid regex in the INI docs
  * Improve auto-healing for SSHd
  * Improve Nginx DoS an DDoS protection
  * Improve pdnsd auto-healing
  * Improve SSL Docs to add more detail about multidomain certificates #757
  * Issue #766 - Fix for broken boa in-octopus procedure
  * Nginx: Fix support for s3/files/styles (s3fs)
  * Restart PHP-FPM if too many running childs are detected
  * Sync .htaccess with D7 core
  * Sync keywords for exceptions in daily.sh with global.inc
  * Use short sleep on firewall temp blocks cleanup

Previous, un-applied BOA update tickets:

BOA 2.4.5 ticket:864
BOA 2.4.4 ticket:863
BOA 2.4.3 ticket:854

Is there any chance we might be able to discuss what we are going todo regarding the on-going hosting of the Transition Network Drupal site? Some ideas were posted two weeks ago here ticket:754#comment:61

#798: BOA-2.3.5

chris — Thu, 16 Oct 2014 12:40:58 GMT

The changelog:

### Stable BOA-2.3.5 Release - Full Edition
### Date: Wed Oct 15 16:28:25 PDT 2014
### Includes Aegir 2.1 with improvements
### Latest hotfix added on: Wed Oct 15 20:09:52 PDT 2014
# Release Notes:
  This new BOA release includes important updates and bug fixes.
  * All new Drupal 7 platforms received Drupal core security upgrade.
    For details please read: https://www.drupal.org/SA-CORE-2014-005
  * All existing Drupal 7 built-in platforms will receive a hot-fix for
    this known vulnerability: https://www.drupal.org/SA-CORE-2014-005
    once you will run 'barracuda up-stable' command on your server.
    This procedure is automated on hosted and managed Aegir at Omega8.cc
  * Your custom D7 platforms created in the ~/static directory tree
    will be checked in the next 12 hours after the upgrade, and if you
    have not applied this patch yet, it will be applied automatically
    for you - but only if there is at least one active site present
    in the given custom D7 platform. Note that while this procedure is
    automated on hosted and managed Aegir at Omega8.cc, on self-hosted
    BOA systems it will work only if you will set _PERMISSIONS_FIX=YES
    in /root/.barracuda.cnf (default is NO)
  We recommend that you upgrade your D7 sites using safe workflow:
    https://omega8.cc/your-drupal-site-upgrade-safe-workflow-298
# Updated Octopus platforms:
  aGov 1.5 --------------------- https://drupal.org/project/agov
  Commerce 1.31 ---------------- https://drupal.org/project/commerce_kickstart
  Commerce 2.19 ---------------- https://drupal.org/project/commerce_kickstart
  Guardr 1.14 ------------------ https://drupal.org/project/guardr
  Open Atrium 2.22 ------------- https://drupal.org/project/openatrium
  Open Outreach 1.12 ----------- https://drupal.org/project/openoutreach
  OpenPublic 1.2 --------------- https://drupal.org/project/openpublic
  Panopoly 1.12 ---------------- https://drupal.org/project/panopoly
# New features and enhancements in this release:
  * Explain that Solr self-provisioning works only if _MODULES_FIX=YES is set.
  * Reverify all sites daily if /root/.force.sites.verify.cnf ctrl file exists
    and _PERMISSIONS_FIX=YES is set in /root/.barracuda.cnf (default is NO)
# Changes in this release:
  * Security: Remove support for SSLv3 due to POODLE vulnerability.
  * Disable Redis in Hostmaster until we will fix the Views based pages/blocks.
  * Disable site_readonly for non-dev sites by default.
  * Drush: Upgrade command line version 6 to mini-6-04-10-2014
  * Enable AllowUserFXP in Pure-FTPd config by default.
  * Remove support for already deprecated non-LTS Ubuntu versions.
  * Run manage_ip_auth_access only once per minute.
  * The INI variable redis_flush_forced_mode is enabled by default (again).
  * Use sysklogd instead of rsyslog on Ubuntu.
# System upgrades in this release:
  * MariaDB 5.5.40
  * Nginx 1.7.6
  * OpenSSH 6.7p1 (if installed from sources)
  * OpenSSL 1.0.1j (if installed from sources) - security upgrade.
  * PHPRedis: master-03-10-2014
# Fixes in this release:
  * Add auto-detection of Legacy Ruby patch level update on old systems.
  * Add cleanup for ghost/broken sites dirs leftovers.
  * Add missing cleanup for backup_migrate leftovers.
  * Always cleanup pid files on exit/abort.
  * Apply patch for SA-CORE-2014-005 in all shared D7 cores/built-in platforms.
  * Compass Tools: Install 1.9.3 ffi expected by older themes.
  * Fix db_port entry in all vhosts hourly.
  * Fix for broken erpal-7.x-2.0-7.31.1
  * Fix for broken site level drushrc.php file.
  * Fix for false alarm caused by ghost sites leftovers.
  * Fix for incorrect hash filtering on systems with OpenSSL built from sources.
  * Fix locales: Numerous fixes and improvements -- thanks ar-jan!
  * Fix typo in REVISIONS.
  * Force site Verify via frontend if drushrc.php has been fixed.
  * Issue #435 - SQL: Remove deprecated table_cache +update table_open_cache
  * Issue #440 - Improve innodb_buffer_pool_size calculation and add 10%
  * Issue #441 - New Relic is not disabled after removing newrelic.info file.
  * Issue #442 - Skip locked/fpmcheck if /root/.high_traffic.cnf exists.
  * Issue #444 - PHP: Remove useless sed replacement in pool.d/www{*}.conf
  * Issue #445 - Remote Import: update 6.x-2.x branch for Aegir 2.x and Drush 6
  * Issue #447 - Export LANG, LANGUAGE and all LC_ environment variables.
  * Issue #447 - Improve locales consistency.
  * Issue #447 - Set default LC_CTYPE and LC_COLLATE environment variables.
  * Issue #447 - Simplify locales configuration on Ubuntu.
  * Issue #448 - Enforce locale settings by configuring defaults.
  * Issue #452 - PHP build is broken with latest MariaDB 5.5.40
  * Make sure that db_port is never empty and defaults to 3306.
  * Make sure that firewall monitoring scripts never run simultaneously.
  * Make sure that standard caching is enabled in hostmaster.
  * Pause hostmaster tasks when RVM install for any user is running.
  * PHP: Do not run rebuilds if not needed.
  * PHP: Fix for broken upgrade logic on libcurl or libssl packages upgrade.
  * Remove acquia_connector from latest Commons to avoid broken installs.
  * Remove all legacy gems and re-install RVM/Ruby for root from scratch.
  * Remove legacy replacement to avoid converting symlinked includes into files.
  * SQL: Use correct defaults if MySQLTuner test failed.
  * Workaround for Drupal flood using 127.0.0.1 for all requests behind proxy.
### Stable BOA-2.3.4 Release - Full Edition
### Date: Wed Oct 15 09:51:08 PDT 2014
### Includes Aegir 2.1 with improvements
  Release Notes and changelog for BOA-2.3.4 has been merged into BOA-2.3.5
  above after security upgrades related to OpenSSL and SSLv3 have been added
  shortly after 2.3.4 release.

I'm going to run this update tonight.

#863: BOA-2.4.4

chris — Thu, 09 Jul 2015 13:36:20 GMT

Last Friday a new version of BOA came out (for unknown reason(s) the automatic notification of new versions stopped working some months ago):

### Stable BOA-2.4.4 Release - Full Edition
### Date: Fri Jul  3 12:08:29 PDT 2015
### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.4
### Latest hotfix added on: Wed Jul  8 01:28:08 PDT 2015
  @=> Includes Aegir Hostmaster 2.x-head with improvements
  @=> Includes Aegir Provision 3.x-head with improvements
  @=> Includes Drush 7 customized for BOA
# Release Notes:
  This BOA release includes several important system upgrades and bug fixes.
  All supported Aegir platforms have been updated with latest Drupal cores.
  This version automatically switches all hosted sites to PHP 5.5 on systems
  hosted and managed remotely by Omega8.cc support team, unless you have
  explicitly switched your Octopus instance to use PHP version you prefer.
  Using PHP older than 5.5 is strongly discouraged, for security, stability and
  performance reasons.
# Changes:
  * Do not change mysql root password by default -- workaround for #642
  * Enable advagg_async_generation by default
  * Logic update for /root/.high_traffic.cnf
  * Redis Integration Module: Update to version mod-26-06-2015
  * Use modern ssl_ciphers in all templates by default
# System upgrades:
  * cURL 7.43.0 (if installed from sources)
  * Drush mini-7-30-06-2015 -- fixes #734
  * MariaDB 5.5.44
  * MariaDB Galera Cluster 10.0.20
  * Nginx 1.9.1
  * OpenSSH 6.9p1 (if installed from sources)
  * OpenSSL 1.0.1o (if installed from sources)
  * PHP 5.4.42
  * PHP 5.5.26
  * PHP 5.6.10
  * PHPRedis master-27-06-2015
  * Pure-FTPd 1.0.41
  * vnStat 1.14
# Fixes:
  * Add 'grep' to overssh -- a list of commands allowed to execute over SSH
  * Broken pdnsd configuration breaks DNS resolver -- fixes #701
  * Do not force update_agents()
  * Do not modify rkey/debug args in barracuda log/system upgrade mode
  * Don't remove Drupal 6 core themes -- fixes #738
  * Fix for legacy vnStat config
  * Fixed backboa/duobackboa retrieve from remote host -- fixes #741
  * Improve system cron tasks queue
  * Incorrect permissions on /usr/bin/optipng - fixes #722
  * Mitigate LOGJAM - fixes #723
  * Restart Postfix after system DNS update -- #701
  * Skip daily reload on high traffic instances
  * Sync SQL connection limits with _PHP_FPM_WORKERS variable - fixes #699
  * Use _AWS_URL to properly handle us-east-1 exception
  * Use 2048 bit where possible - see #723
  * Use better default value for advagg_cache_level - fixes #726

I no longer know what the Transition Network policy is regarding BOA updates, the last one BOA 2.4.3, on ticket:854 was never applied and as far as I'm aware there is no agreement / policy regarding what to do regarding PHP 5.3, see ticket:754.

#889: BOA-2.4.7

chris — Tue, 08 Dec 2015 17:35:35 GMT

Following is the Changelog, please note this contains:

This BOA release (2.4.7) is the last release which still supports deprecated PHP versions: 5.3 and 5.4

And:

We will support Drupal/Pressflow 6 in all new releases, as long as available PHP versions will allow to use it (we run our own Pressflow 6 based site on PHP 5.6 for many months with zero issues). For more details please check: https://github.com/omega8cc/boa/issues/824

If we are sticking with Drupal 6 and BOA then I would suggest we should test the site on PHP 5.6 and if it is OK then upgrade, perhaps this should be done by spinning up a new virtual server and installing a new version of BOA on it and then copying the site over for testing?

See also the tickets for the previous, un-applied, updates:

BOA 2.4.6 ticket:872
BOA 2.4.5 ticket:864
BOA 2.4.4 ticket:863
BOA 2.4.3 ticket:854

And this ticket on the question of updating PHP: ticket:754

### Stable BOA-2.4.7 Release - Full Edition
### Date: Fri Dec  4 08:09:21 PST 2015
### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.7
### Latest hotfix added on: Mon Dec  7 15:32:44 PST 2015
  @=> Includes Aegir Hostmaster 2.x-head with improvements
  @=> Includes Aegir Provision 3.x-head with improvements
  @=> Includes Drush 7 customized for BOA
# Release Notes:
  This BOA release includes several important system upgrades and bug fixes,
  with most notable features and changes listed below.
  @=> All supported Aegir platforms have been updated with latest Drupal cores
  @=> Drupal 8 support for custom platforms in the ~/static directory tree
      will be included, along with Drush 8 and PHP 7 in the *upcoming*
      BOA-3.0.0 release: https://github.com/omega8cc/boa/milestones/3.0.0
  @=> This BOA release (2.4.7) is the last release which still supports
      deprecated PHP versions: 5.3 and 5.4 -- You should switch to PHP 5.6
      or at least 5.5 as soon as possible, or you will not be able to upgrade
      to newer BOA versions after 2.4.7 -- https://omega8.cc/node/330
  @=> What are BOA plans for Drupal 6 support after February 24th, 2016?
      We will support Drupal/Pressflow 6 in all new releases, as long as
      available PHP versions will allow to use it (we run our own Pressflow 6
      based site on PHP 5.6 for many months with zero issues). For more details
      please check: https://github.com/omega8cc/boa/issues/824
  @=> SSH keys for root are required by newer OpenSSH versions used in BOA
      BOA installs SSH from sources by default (Debian only). This means that
      password based access for root will not work once BOA is installed or
      upgraded to current stable version. It is a result of OpenSSH changes
      in recent releases and not BOA specific change. BOA will deny the initial
      install and Barracuda will refuse to run upgrade if it detects that system
      root has no SSH keys added and only password based access is available.
      You can still modify this behaviour in /usr/etc/sshd_config but future
      OpenSSH versions may still revert such changes, so it is not recommended.
  @=> BOA switched from SPDY to HTTP/2 + PFS on all supported OS versions
# Changes:
  * Allow to disable SQL monitoring with /root/.no.sql.cpu.limit.cnf -- #799
  * Disable page caching on the fly where needed
  * Disable temporarily support for broken Restaurant distro
  * Do not rebuild features and entities on cache clear
  * Document new requirement: SSH keys for root -- fixes #786 #833
  * Make ioncube_loader optional and disable by default with _PHP_IONCUBE=NO
  * Nginx SSL: enable OCSP stapling by default
  * Nginx SSL: enable OCSP stapling for existing HTTPS vhosts
  * Nginx: Add ssl_dhparam to existing vhosts, if needed
  * Nginx: HTTP/2 replaces SPDY -- fixes #624
  * PHP: Add YAML extension with LibYAML
  * Preserve customized /etc/sysctl.conf -- fixes #789
  * Run modules ON/OFF only weekly -- requires _MODULES_FIX=YES (default is NO)
  * Run most of crontab, install and upgrade tasks with low priority using
    nice and ionice -- fixes #780
# System upgrades:
  * cURL 7.45.0 (if installed from sources)
  * GEOS 3.5.0 (requires _PHP_GEOS=YES)
  * Git 2.6.1 (if installed from sources)
  * MariaDB 10.0.22
  * MariaDB 5.5.46
  * MariaDB Galera Cluster 10.0.22
  * Nginx 1.9.7
  * OpenSSL 1.0.2e (used only in custom built Nginx)
  * PHP 5.5.30
  * PHP 5.6.16
  * Redis 3.0.5
# Fixes:
  * Add /root/.skip_cleanup.cnf support
  * Add feature branch testing in HEAD
  * Avoid load spikes caused by long running tasks
  * Avoid race conditions on multi-line sed replacement -- fixes #806
  * Clean up any remaining procs zombies
  * Clean up postfix queue to get rid of bounced emails
  * Disable ioncube and opcache for HHVM
  * Disable Redis for Hostmaster in the backend
  * Do not allow to install non-standard OpenSSH on Ubuntu
  * Do not break /data/all/cpuinfo permissions on Octopus upgrade
  * Do not run 'apt-get autoremove' automatically
  * Do not use wrapper for dot-files cleanup
  * Document better BOA aggressive installation behavior -- fixes #811
  * Document boa in-octopus command -- fixes #817
  * Don't strip $args from $request_uri in redirects
  * Fix cron schedule for upgrades
  * Fix for broken Git on Ubuntu
  * Fix for not working PHP rebuild check
  * Fix for not working syncpass tool
  * Fix PHP deprecated warning in D8 -- fixes #804
  * Ignore 'env COLUMNS' sent by Drush remotely -- fixes #373
  * Ignore daily.sh in clear.sh
  * Improve _SQUEEZE_TO_WHEEZY procedure -- #627
  * Improve cron tasks schedule
  * Improve daily cleanup performance + support for /root/.giant_traffic.cnf
  * Improve devpts check -- fixes #788
  * Improve docs/MIGRATE.txt
  * Improve resolv.conf auto-recovery procedure
  * Improve system check -- fixes #811
  * Move Redis restart procedure to correct script
  * PHP: Add missing path to open_basedir for CLI
  * Remove debug code to not kill the initial install
  * Remove not working /etc/logrotate.d/lshell -- fixes #823
  * Update advagg auto configuration variables -- fixes #792
  * Update boa/lib/functions/helper.sh.inc with current OS -- fixes #787
  * Update FPM workers autoconf logic
  * Update the cache cleanup logic
  * Use better placeholder for solr_integration_module variable
  * Use correct DPkg::Options for dist-upgrade -- fixes #627
  * Use known MySQLTuner version -- fixes #827
  * Use LibYAML 0.1.6
  * Use opcache.restrict_api
  * Use sha256 for self-signed certs

If we are not going to stick with BOA then can we please consider the suggestions in this comment? ticket:754#comment:61

#589: Blocking spammers at a firewall level

chris — Fri, 06 Sep 2013 09:48:59 GMT

At the meeting on 5th September ticket:585 one thing we discussed was that for August 2013:

More data is transferred for /user/register than the front page, 5.1GB compared to 3.6GB.

Most of this will be spam bots trying to register to post spam. Jim suggested that we could look at blocking some of these spam bots at a firewall level to save on resources. This ticket is to follow up on this suggestion.

#565: Blogs breadcrumbs incorrect on listings views

ed — Tue, 25 Jun 2013 13:21:56 GMT

Blogs breadcrumbs are wrong at main all blogs view and one author's full list view: https://www.transitionnetwork.org/blog https://www.transitionnetwork.org/blogs/ed-mitchell

Jim can you sort this in under 15 minutes (which is what you have left)

#544: CSF / LDF false positive blocks on Puffin

chris — Sat, 04 May 2013 11:02:53 GMT

Ticket to keep track of CSF /LDF issues on Puffin, see wiki:PuffinServer#CSFLDF

#605: Can we make the subscriptions management admin view re-order-able?

ed — Thu, 03 Oct 2013 13:35:17 GMT

I use this view when I need to find subscriptions for users who are receiving email alerts to old accounts: https://www.transitionnetwork.org/admin/messaging/subscriptions

I am finding that if a user changes their email address in their user account, it does not update that email address in the subscriptions settings, so they continue to receive alerts to their old address. So I go to this view, dig out the incorrect sub, and kill it.

Which is a PITA.

Can we make it possible to make the 'users' column clickable so I could re-order it alphabetically? That would be really cool.

#754: Can we upgrade from PHP 5.3?

chris — Sat, 05 Jul 2014 20:52:48 GMT

The Transition Network site is running on PHP 5.3 and it's got a very serious security issue which potentially enables a remote attacked to get the servers private SSL key. Would Drupal work OK with PHP 5.4?

#628: Change space notifications email from IJK.co.uk to TN.org

ed — Thu, 21 Nov 2013 16:50:37 GMT

The space notifications are coming from "space.transitionnetwork.org" <jim@…>

can you make them from "space.transitionnetwork.org" and a suitable TN address?

Do I need to set up a suitable TN address? Perhaps

space@…?

Or is there a standard drupal system one in place already?

#621: Check and speed up updates to homepage sections: TC and slideshow

ed — Mon, 18 Nov 2013 09:22:59 GMT

Two bits of the homepage are taking ages to update once Rob has made the changes and it's driving him spare. He's waiting up to 30 mins for them to update.

Please speed up the times that it takes the system to update these two parts of the homepage to *instant* if possible:

Slideshow on homepage (AKA: https://www.transitionnetwork.org/admin/build/views/edit/slideshows?destination=newhome#views-tab-panel_pane_1).

Latest Transition Culture Blog pane on Homepage (AKA https://www.transitionnetwork.org/admin/build/views/edit/tc_latest_blog?destination=newhome#views-tab-block_1)

#658: Check caching on Social Reporters views

ed — Mon, 16 Dec 2013 14:59:38 GMT

The SRs are reporting very slow site updates - is this to do with not switching them over to the new views content caching? please check:

https://www.transitionnetwork.org/admin/build/views/edit/blogs?destination=stories#views-tab-panel_pane_2

https://www.transitionnetwork.org/admin/build/block/configure/views/blogs-block_1?destination=newhome

And elsewhere there may be SR latest views?

#896: Chive access to TN Drupal DB

chris — Mon, 18 Jan 2016 17:56:44 GMT

Ade would like to give the developers of the new Transition Network WordPress site access to the live database via Chive.

#624: Comment handling on pages: particularly Austerity one

ed — Tue, 19 Nov 2013 11:16:02 GMT

Rob is doing an austerity special over 8 days, with a different clip from an interview with NEF every day. I've set up a page here: /austerity-basics

Question:

I know we can handle comments on pages, and I know that I don't get notifications of them. Can we arrange comment notifications for a page - asap - so that commenters get updates?

If not, no problem. I heard about this plan *today* so am not expecting any massive tech leaps.

#578: Comments subscriptions: enable user alerts if a user has made a comment

ed — Mon, 12 Aug 2013 13:33:58 GMT

Can we set the email alerts to auto-subscribe users to comments threads that they have made comments on? ie I make a comment to blog post x, then I get email alerts of the new comments made to blog post x.

#777: Comments to blog post only showing up when logged in

ed — Mon, 25 Aug 2014 09:18:39 GMT

Most of the comments to this blog post are only showing up when you are logged in: https://www.transitionnetwork.org/blogs/rob-hopkins/2014-07/fiona-ward-learning-celebrate-10000-failure#comment-17492

Logged in: 5 comments Not logged in: 1 comment

Handing this to Sam but happy for it to escalate. Presumably this issue won't be on this one post only - and it is important.

#683: Create Aegir account for Paul

sam — Wed, 22 Jan 2014 12:42:48 GMT

Hi Jim

It looks like i@… will be joining us to pick up some of your work.

Could you create an Aegir account for him please?

I was also wondering about the Transition Network Github repo, do we need to do anything to hand that over?

Thanks

Sam

#822: Create TRAC id for Ade

ed — Wed, 07 Jan 2015 09:54:13 GMT

name: ade email: adestuart@…

#682: Create Trac & Wiki account for Paul

sam — Wed, 22 Jan 2014 12:39:18 GMT

Hi it looks like i@… will be joining us to pick up some of Jim's role as he moves on.

Chris could you create a trac & Wiki account for him please?

His email is; i@…

Thanks

Sam

#705: Create a contents page on TransitionCulture.org Wordpress site

ed — Wed, 26 Mar 2014 15:33:43 GMT

Create a contents page on TC.org to see a listing of all the blog posts. Mike suggests: "use category post list widget to pull in the titles and then use widgetise pages to add widget to a standard page.:

Sam to follow up. MAX time: 1 hour.

#829: Creation of web space request

ade — Mon, 02 Feb 2015 10:11:03 GMT

Hi Chris, As discussed, can you please set up some webspace on Penguin? If you could also set up a sub-domain of 'projects' and confirm the FTP access details?

Many thanks Ade

#208: Dblog Issues

chris — Fri, 17 Dec 2010 14:53:29 GMT

"The dblog module monitors your website, capturing system events in a log to be reviewed by an authorized individual at a later time. The dblog log is simply a list of recorded events containing usage data, performance data, errors, warnings and operational information. It is vital to check the dblog report on a regular basis as it is often the only way to tell what is going on."

https://www.transitionnetwork.org/admin/reports/dblog

This is a ticket to be used to flag up issues that are not going to take up enough time that they justify their own ticket -- if an issue is raised in a comment on this ticket that does look like it's going to take some significant time then best start a new ticket for it.

#663: De-commission the PSE

ed — Wed, 18 Dec 2013 17:44:43 GMT

We are wrapping up the PSE to simplify our web traffic, codebase and support requirements before we move to TNv3.

Ed has informed all the PSE alpha triallists twice and asked them to remove their widgets. About half have. Others say they will. So we can remove the service any time from now on.

Ed has UNpublished the following pages:

/pse/create
/pse/about
/pse/faq

Jim - time to de-commission the service in a suitable way. Wrap this puppy up and turn it off. Please outline what you are going to do on this ticket and then do it.

Ed suggests this is work for January 2014.

Sam, Chris, fyi and any other changes needed?

#218: Debian upgrades and updates

chris — Thu, 06 Jan 2011 13:34:16 GMT

This is a ticket to track debian upgrades to the wiki:PuffinServer, wiki:PenguinServer and wiki:ParrotServer the time they take.

See:

These updates are generally done using the wiki:AptitudeUpdateScript and this records all the changes in the /root/Changelog and then the contents of the Changelog are pasted into the ticket to document the upgrade.

This ticket was was originally used for the ~~wiki:DevelopmentServer~~ and the ~~wiki:NewLiveServer~~.

#597: Default owner for tickets

chris — Tue, 17 Sep 2013 08:04:58 GMT

Ben reported that the default owner for tickets is laura and that this should be changed.

#572: Design changes for homepage and TC section

ed — Wed, 17 Jul 2013 14:17:25 GMT

Design changes for TN homepage and TC section done by Ben to be part of maintenance budget.

list here: https://docs.google.com/spreadsheet/ccc?key=0An7ZaZdq6UfJdDhxS0JxbXZLYnhLRkN4X3h5aVV3R1E#gid=0

#667: Development handover process

ed — Wed, 08 Jan 2014 16:40:47 GMT

Work by the Ttech team to share Jim's knowledge and tasks around the team before he leaves in early February 2014. Please use this ticket to log your time spent on this.

#696: Disk space error on parrot for TTT site

chris — Mon, 03 Mar 2014 10:51:46 GMT

Email from Laura:

Message appearing at top of ttt website when I just took a look-

Warning: session_start():
open(/home/ttt/tmp/sess_mnme76d2k5s6vopk5u1it126p5, O_RDWR) failed: No
space left on device (28) in
/home/ttt/sites/default/wp-content/plugins/tt-resource-database/participants-database.php
on line 2534

and something in the sidebar -

Warning: call_user_func_array() expects parameter 1 to be a valid
callback, array must have exactly two members in
/home/ttt/sites/default/wp-includes/plugin.php on line 199

#911: Disk space for /home on Parrot is running out

chris — Mon, 30 May 2016 20:58:53 GMT

Getting this alert from ParrotServer every 5 mins:

transitionnetwork.org :: parrot.transitionnetwork.org :: Disk usage in percent
        WARNINGs: /home is 96.06 (outside range [:96]).
        OKs: /run/shm is 0.00, /run is 0.09, /dev is 0.00, / is 95.94, / is 95.94, /run/lock is 0.00.

#531: Disk usage on puffin

chris — Wed, 10 Apr 2013 13:12:24 GMT

The disk usage on puffing is currently at 85% and it's been going up at around 5% a week, see:

https://penguin.transitionnetwork.org/munin/transitionnetwork.org/puffin.transitionnetwork.org/df.html

This will become a critical issue in a couple of weeks, it would be good to find and address the cause before then.

#574: EFF: How HTTPS Everywhere affects transitionnetwork.org

chris — Thu, 25 Jul 2013 08:09:31 GMT

The following email was sent via the whois contact details for the transitionnetwork.org domain name, see also ticket:571 -- the changes made on ticket:571 has broken the site for anon Firefox users with the EFF HTTPS Everywhere browser extension installed.

Hi,

You're receiving this note because transitionnetwork.org is part of our HTTPS Everywhere browser extension, and an upcoming change to the way Firefox handles HTTPS pages may cause your site to display or function incorrectly. We want to make sure that the nearly 3 million HTTPS Everywhere users have the best possible experience while browsing, so we're asking you to please take a minute and test how your site behaves in Firefox 23. You can find out more about our software at

https://www.eff.org/https-everywhere

To see the rules affecting your site, you can visit the HTTPS Everywhere Atlas at

https://www.eff.org/https-everywhere/atlas/domains/transitionnetwork.org.html

The Atlas shows both rules in the development and stable versions of our extension. Rules in the stable version are used by millions of users, while development rules are used by tens of thousands of users. Development rules are now being tested but will be migrated to the stable version in the future.

An upcoming change (described below) in how the Firefox browser renders HTTPS content makes it especially important that you check that your site is prepared for HTTPS access. We urge you review the rules affecting your site and also to test it using HTTPS Everywhere with the upcoming version of Firefox.

*NEW FIREFOX CONTENT SECURITY POLICY*: In the upcoming Firefox 23 browser release, due out the week of August 6, Firefox will stop loading certain "active" content such as scripts and stylesheets from insecure http:// URLs if they've been included from a secure https:// site. If the HTTPS Everywhere rules send users to the secure version of your site but the secure version includes some content loaded over an insecure connetion, the rendering of your site may become broken for Firefox users with HTTPS Everywhere installed after they upgrade to Firefox 23. You can check this by downloading a preview release of Firefox 23, installing HTTPS Everywhere, and visiting your site. We urge all web site operators to protect their users by making sure that all site content is always loaded over a secure connection. A preview version of Firefox 23 is available now at https://www.mozilla.org/en-US/firefox/beta/ and the HTTPS Everywhere extension is at https://www.eff.org/https-everywhere

HTTPS Everywhere rules instruct browsers to access certain specified resources securely -- over HTTPS -- even if the user typed or followed a non-HTTPS link or even if the resources were included in a page via a non-HTTPS URL. For example, it might automatically rewrite

http://www.transitionnetwork.org/

to

https://www.transitionnetwork.org/

or make some similar change.

The goal of this rewriting is to protect as much as possible of every web site against sniffing and tampering by ensuring that as many site resources as possible are loaded over a secure HTTPS connection.

When web sites are accessed insecurely, users are vulnerable to attacks by other users on their networks. HTTPS Everywhere aims to activate sites' existing HTTPS protection more consistently to make sure users are as well-protected from these attacks as possible -- including attacks like sidejacking and SSL stripping.

http://www.firesheep.org/ http://www.thoughtcrime.org/sslstrip

As a result, we think there's an emerging consensus to make all web sites secure, not just financial sites and login pages. Providing a secure connection helps protect users' login credentials, but also helps protect their privacy and security even when accessing public resources, for example by preventing network operators from injecting malware downloads.

The goal of HTTPS Everywhere is to make the web more secure and help users express their preference to use the secure version of every site automatically, even on sites where this is not the default. We don't want to break sites or harm users' experience. So, we encourage webmasters to test the effect of HTTPS Everywhere on their sites and fix any problems that result -- ideally, by making sure that all resources that make up a site are available over HTTPS, using a current, valid certificate. Although we only include rules that we've been told and believe work properly, we can't always anticipate whether a rule adversely affects a site, especially if the site's URL structure, use of CDNs, or level of HTTPS support changes over time.

We are always happy to receive bug reports, updates, and fixes to HTTPS Everywhere rules. We will also make rules inactive by default if a site operator asks us to. Although we are working for a web where all sites are secure, we are not trying to use this software to force sites to use HTTPS against their operators' wishes. You can send any corrections, updates, or requests to https-everywhere-rules@… (which is a public and publicly-archived mailing list), or by replying to this e-mail address.

Thanks for your attention!

Seth Schoen, Senior Staff Technologist, Electronic Frontier Foundation for the HTTPS Everywhere development team

#648: Edit the contact form reply in January

ed — Thu, 12 Dec 2013 10:49:39 GMT

Ed has edited the contact form replies for webproject@… on the contact form for TN.org which will now reply to users saying this:

"Thank you for getting in touch. Please note that the website support is part time; and between mid-December 2013 and mid-January 2014 we are handing over the website support work as Ed goes on Paternity leave and Sam comes onboard, so please be patient - your replies are likely to take more time than usual. "

https://www.transitionnetwork.org/admin/build/contact

SAM - when you are ready - probably mid-Jan - you will want to edit this back to something more suitable like:

Thank you for getting in touch. Please note that the website support is part time, so while we will get back to you as soon as we can, that may be a few days

#494: Email account for TRAC

ed — Thu, 21 Feb 2013 10:16:37 GMT

Set up: 'trac@…' Password: going to Chris separately Secure SSL/TLS Settings Username: trac@… Password: Use the email account’s password. Incoming Server: mail.xssl.net IMAP: Port 993 POP3: Port 995 Outgoing Server: mail.xssl.net SMTP: Port 465 Authentication is required for IMAP, POP3, and SMTP.

#751: Email alert changes

ed — Tue, 01 Jul 2014 11:14:42 GMT

Change the email alert template for news items to include the term 'news item' so it is:

"New news item: [title]"

When users click on the subs links at the bottom of their email alerts, and they are not logged in they get the ‘access denied’ screen. This is not good. Please investigate

(a) can this be changed (with small time investment) (b) can we change the access denied blurb to include something human encouraging the user to login to continue the journey:

"We are sorry for the inconvenience, but if you are seeing this screen having followed a link, you will probably need to login to continue with your request" (NB if they are coming from an email link with their id in it, how do we keep that journey so they get to the destinateion they wanted?)

When user clicks on the general subs link at the bottom of an email alert (and is not logged in), they get a 403 forbidden page. Not good - pls investigage

#634: Embeds - some don't work

ed — Wed, 27 Nov 2013 11:50:23 GMT

I couldn't embed a 'paper.li' embed into a page recently and forgot about it. Now I can't embed a slideshare embed either adn wonder if I am seeing a pattern.

Please look and advise: https://www.transitionnetwork.org/blogs/ed-mitchell/2013-11/web-strategy-update

#641: Enable dynamic Munin graphs

chris — Mon, 02 Dec 2013 15:25:45 GMT

If we only generate munin graphs on the fly we will also get the zoom function working, this example config looks good: http://uname.pingveno.net/blog/index.php/post/2013/08/25/Configure-Munin-graphs-with-Nginx-and-Debian-7

#659: Featured story on homepage not updating

ed — Mon, 16 Dec 2013 17:03:41 GMT

Rob cleared the nodequeue for the featured story on the homepage about three hours ago, removed all but one story. No change has been observed. Please investigate:

Nodequeue: https://www.transitionnetwork.org/admin/content/nodequeue/6/view/5

This view: https://www.transitionnetwork.org/admin/build/views/edit/featured_content?destination=newhome#views-tab-panel_pane_1

This is using content cache

#695: File upload problem with TTT WordPress site

chris — Sun, 02 Mar 2014 19:46:50 GMT

Laura has reported:

Had a report this evening that the TTT website isn't letting any uploads happen (adding of a new plugin by another admin, and also media/image uploads not being able to uploaded - no real error message as such just doesn't upload).

I just logged in quickly to see if I could upload a pic to test and wouldn't upload. Just wanted to check if anything had changed server side re permissions.

#679: Filter Initiative by Country not working

sam — Fri, 17 Jan 2014 17:15:58 GMT

Filtering the initiatives by country is not working

https://www.transitionnetwork.org/initiatives?themes=All&community_type=All&status_value=All&country=at&field_title_search=

I had a play with the view on stg2.transitionnetwork.org but I couldn't get it working.

It should display only initiatives from the country selected in the filter. It is displaying initiatives from all countries & not respecting the filter.

This view is used a lot by international initiatives.

#571: Force HTTP for anonymous, HTTPS for logged in users

jim — Tue, 16 Jul 2013 11:59:54 GMT

To further reduce load and leverage the caching I've changed the Session 443 settings to force anon users to HTTP and logged in to HTTPS. The benefit of allowing a handful of users to choose is tiny compared the downsides of outages, 503s and higher load.

The "User state" setting on the config page is now " Redirect authenticated users to HTTPS and redirect anonymous users to HTTP (with the exception of login/registration pages).", was "Redirect authenticated users to HTTPS and redirect anonymous users on login/registration pages to HTTPS. Anonymous users visiting other pages may use HTTP or HTTPS."

I've also set user and site-wide contact forms, plus the mailchimp subs page force secure-only per the "Additional pages to make secure" setting.

We can see if this makes a difference, and this ticket is to track comments and see if it results in any improvement in performance/stability.

#607: Getting three copies of stats reports

ed — Mon, 14 Oct 2013 08:27:59 GMT

I'm getting three copies of the stats reports (weekly) that I've set up here: https://stats.transitionnetwork.org/index.php?module=PDFReports&action=index&idSite=1&period=day&date=today

Please investigate

#786: GitHub Transition: Annesley needs permission to create repositories

annesley — Mon, 15 Sep 2014 07:17:03 GMT

is Paul the owner of Transition GitHub??

#895: HTTPS wildcard *.transitionnnetwork.org expires on 22nd January 2016

chris — Mon, 11 Jan 2016 09:56:17 GMT

Unless I hear otherwise I'll renew the *.transitionnnetwork.org cert which is used by PuffinServer, PenguinServer and ParrotServer at a cost of £130.50 on or before the 22nd January 2016 when the current one expires.

An alternative would be to use Free HTTPS certificates from Let's Encrypt but this would take some time to set up as Let's Encrypt don't provide wild card certs.

#921: HTTP_PROXY env var vulnerability

chris — Tue, 19 Jul 2016 12:34:30 GMT

See https://httpoxy.org/

#717: Heartbleed / Open SSL vunerability

sam — Wed, 09 Apr 2014 20:50:37 GMT

Hi Chris

I don't think I have seen a ticket for this? http://heartbleed.com/

Does it affect us?

Thanks

Sam

#617: Help adding text to account creation email

ed — Mon, 11 Nov 2013 17:16:37 GMT

I want to add a link to the email a user receives following their creation of an account.

this one: Subject: Account details for [user] at Transition Network

Can I do this myself? I've looked in subs, notifications, logintoboggan etc. and can't find the place

is it do-able?

#650: Helping TN strategy consultation with online publishing

ed — Thu, 12 Dec 2013 11:00:08 GMT

Sarah will be working on the TN strategy and this is about the content and comms tactics therein. The guiding principle is to use TN.org as the most suitable place for this material and conversations, and social media and direct mailshots for marketing and communicating it (because Sarah/TN cannot manage multiple conversations in multiple locations atm).

This is work for Sam to do from January onwards

set up a landing page ".../TN-strategy-consultation" with its own RHS block with manual links to different documents and interviews

SAM this can be a normal page with anchor links etc.

Use of blogs
Rob's for outreach - it's got the momentum - for updates/alerts/subscriptions
Sarah's for continuity (and looking back at it) - using tag "fn-strategy-consultation"

other places for comms/engagement
Forums not good; too open to trolls and spam; better in blog comments
webinar? Possibly if suitable
FB, twitter, other marketing channels - for marketing only
online meeting with national hubs - quite possibly

Direct Mail shot to PPOCs
Sarah Let Sam know if this is happening; Sam you'll need to do an export of PPOCs (https://www.transitionnetwork.org/admin/reports/initiatives/primary-contacts), tidy and dump into mail chimp using the standard template

#657: Homepage slideshow: can't order the images

ed — Mon, 16 Dec 2013 14:30:49 GMT

Big picture slideshow on TN homepage: Rob can't get it to go in the order he wants - please investigate:

It is this nodequeue: https://www.transitionnetwork.org/admin/content/nodequeue/9/view/8

Made up with these CTs: https://www.transitionnetwork.org/admin/content/node-type/slide

#906: I borked it

sam — Tue, 01 Mar 2016 22:27:10 GMT

Hi Chris

I recklessly tried to enable a module on the site that enabled sending articles to friends by email, this seems to have been one of my less-good ideas.

It tried to enable a print-friendly page and this seems to have brought the whole crumbling edifice down

Sorry about that. Can you fix it?

#837: Iframe in a panel page

sam — Thu, 12 Mar 2015 11:55:21 GMT

Hi Ben

I'm trying to embed a Eventbrite form into the 'tickets' block on this page: https://www.transitionnetwork.org/conference-2015

It looks like it's going to appear in the preview here: https://www.transitionnetwork.org/node/39195/panel_content

But when I view the actual page it's just a big white space.

Could you estimate how long it would take to get it working?

Thanks

Sam

#703: Image not scaling on project

ed — Wed, 26 Mar 2014 13:06:15 GMT

The REconomy logo is not scaling and being re-presented well on the project page: https://www.transitionnetwork.org/projects/reconomy

Is this a theme/design issue or a problem with image re-sizing?

What can we do about it?

#704: Image not scaling on project

ed — Wed, 26 Mar 2014 13:51:48 GMT

The REconomy logo is not scaling and being re-presented well on the project page: https://www.transitionnetwork.org/projects/reconomy

Is this a theme/design issue or a problem with image re-sizing?

What can we do about it?

#710: Incorrect email address for Sam on Transition Culture

chris — Tue, 01 Apr 2014 12:01:47 GMT

I'm seeing quite a few emails like this:

From: Mail Delivery System <Mailer-Daemon@parrot.webarch.net>
Date: Tue, 01 Apr 2014 08:04:28 +0100
To: tc@parrot.webarch.net
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
  samrossiter@transitionentwork.org
    Unrouteable address
------ This is a copy of the message, including all the headers. ------
Return-path: <tc@parrot.webarch.net>
Received: from tc (uid=1011)
        by parrot.webarch.net with local (Exim 4.80)
        (envelope-from <tc@parrot.webarch.net>)
        id 1WUskG-0005Rv-Sa
        for samrossiter@transitionentwork.org; Tue, 01 Apr 2014 08:04:28 +0100
To: samrossiter@transitionentwork.org
Subject: [Wordfence Alert] Problems found on Transition Culture
X-PHP-Originating-Script: 1011:class-phpmailer.php
Date: Tue, 1 Apr 2014 07:04:28 +0000
From: WordPress <wordpress@transitionculture.org>
Message-ID: <11e64e1b3cdb24f69d0069ecdc224524@transitionculture.org>
X-Priority: 3
X-Mailer: PHPMailer 5.2.4 (http://code.google.com/a/apache-extras.org/p/phpmailer/)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
Wordfence found the following new issues on "Transition Culture".
NOTE: Upgrading to the paid version of Wordfence gives you two factor authentication (sign-in via cellphone)
and country blocking which are both effective methods to block attacks.
You can also schedule when your scans occur with Wordfence Premium.
Click here to sign-up for the Premium version of Wordfence now.
https://www.wordfence.com/wordfence-signup/
Alert generated at Tuesday 1st of April 2014 at 08:04:28 AM
Critical Problems:
* The Plugin "Spam Destroyer" needs an upgrade.

#616: Initiatives map not showing on http

ed — Mon, 11 Nov 2013 09:56:14 GMT

Initiatives Map not showing on http

here error message: This web site needs a different Google Maps API key. A new key can be generated at http://code.google.com/apis/maps/documentation/javascript/v2/introduction.html#Obtaining_Key.

is this related to #615?

#560: Install drupal-based project management system onto our servers

ed — Tue, 11 Jun 2013 17:00:28 GMT

Please can you install a suitable project management drupal-based tool onto the suitable server? I am thinking of Open Atrium. It's for staff and partners to use for management stuff (ie not a ticketing system or mediawiki).

Open Atrium?

Can you let me know how long it would take to install to a point where I can manage it and get a pilot project up and running?

#673: Install mosh - the mobile shell

chris — Mon, 13 Jan 2014 11:27:40 GMT

The mobile shell enables terminal connections to stay up when using really bad connections, for example on a train, see:

http://mosh.mit.edu/

#553: Invalid response from server ERROR message

ed — Tue, 28 May 2013 15:13:43 GMT

Trying to add a user. Get error message: "Received an Invalid response from the server" then served a blank screen. Same with project profile:

https://www.transitionnetwork.org/admin/user/user/create https://www.transitionnetwork.org/node/add/project-profile

This has also happened for a user trying to add a project.

Ed can add an event and blog post, ingredient, panel page.

#891: Issue with TTT and REconomy websites after upgrade to WP 4.4

chris — Thu, 17 Dec 2015 11:18:38 GMT

Email from Laura:

Just to let you know there's a bit of an oddity going on with both the TTT and Reconomy websites.

I upgraded to WP 4.4 after running full tests on my local copies here, and for some odd reason images aren't showing on the site. If you try to open an image in the browser eg https://www.reconomy.org/wp-content/uploads/2015/10/hubs-logos-landscape.jpg takes you to the - "Server error! The server encountered an internal error and was unable to complete your request Either the server is overloaded or there was an error in a CGI script. Please return to the front page of the site."

I've updated over 20 sites over the past few days (!) and these are the only two this has happened on. There are a few discussions here, (and have tried the temp fix of various functions.php tweaks in the theme files to see if that helps, but it doesn't)... https://wordpress.org/support/topic/after-upgrade-to-44-media-files-are-not-showing and even though sites are not appearing to use SSL wondering if related somehow to that or other? Has this happened to any other WP 4.4 sites on your servers?

I'll let TTT and REconomy know their site has been updated, but there is a glitch at present.

I've also added Wordfence to the sites too as there are swathes of brute force attacks happening on lots of WP sites everywhere currently and this plugin seems to help somewhat currently. I don't think it's the Wordfence plugin, as disabled it to test the missing images issue.

#846: Load Spikes on BOA PuffinServer

chris — Thu, 16 Apr 2015 11:16:00 GMT

Creating this as a ticket to record load spikes and related site outages.

See wiki:PuffinServer#LoadSpikes for links to historic issues of this nature.

#555: Load spikes causing the TN site to be stopped for 15 min at a time

chris — Wed, 29 May 2013 09:53:52 GMT

The BOA /var/xdrago/second.sh script is run every minute via the root crontab and if it detects a certain load level it changes the nginx config to a "high load" config which results in bots being served 503 errors when they spider the site, see ticket:563. When the load goes higher and hits another threshold the second.sh script kills the webserver applications, nginx and php-fpm, and waits till the load has dropped before starting them up again. This was happening once or twice a day following the increase in traffic around the launch of The Power of Just Doing Stuff. This has been addressed by multiplying the thresholds by 5 in second.sh.

Original Description

This morning at 10:19:24 I received the following alert from puffin:

Subject: lfd on puffin.webarch.net: High 5 minute load average alert - 6.59
Time:                    Wed May 29 10:17:02 2013 +0100
1 Min Load Avg:          23.39
5 Min Load Avg:          6.59
15 Min Load Avg:         2.57
Running/Total Processes: 44/326

At 10:21:57 I got an alert regarding ssh:

Service: SSH
Host: puffin
Address: puffin.webarch.net
State: CRITICAL
Date/Time: Wed May 29 10:21:57 BST 2013
Additional Info:
CRITICAL - Socket timeout after 10 seconds

Then at 10:26:47 ssh appeared to have recovered:

Service: SSH
Host: puffin
Address: puffin.webarch.net
State: OK
Date/Time: Wed May 29 10:26:47 BST 2013
Additional Info:
SSH OK - OpenSSH_5.5p1 Debian-6+squeeze3 (protocol 2.0)

But then pingdom reported at 10:29:07:

www.transitionnetwork.org is down since 29/05/2013  10:24:57.

There was then a report regarding Nginx at 10:32:07:

Notification Type: PROBLEM
Service: HTTP
Host: puffin
Address: puffin.webarch.net
State: CRITICAL
Date/Time: Wed May 29 10:32:07 BST 2013
Additional Info:
Connection refused

So at 10:33:47 I ssh'd in and found that php53-fpm and nginx were not running and it took several attempts to get them running again.

The up email from pingdom reported:

www.transitionnetwork.org is UP again at 29/05/2013  10:36:57, after 12m of downtime.

I can't find anything in the logs to indicate what caused the load spike and php-fpm and nginx to stopp running.