As I tweeted this morning, news.bytemine.net is shutting down. This is kind of the end of an era, I’ve been providing free usenet access for the last eleven years. The first six years through the usenet node news.hazardous.org, the last five years bytemine hosted the service on news.bytemine.net.

Admiddently news.bytemine.net was never a huge site. We had the Big8, most of the german-language hierarchies plus a few selected others. However non-binary traffic has decreased over the last years and – to be honest – the significance of usenet has decreased much as well. Added to that, news.bytemine.net has been running in auto-pilot mode for the last couple of years, so obviously my interest in usenet has decreased as well. These were a few arguments in the debate on whether to shutdown the service or not. The most significant issue was, that the machine that news.bytemine.net ran on simply uses too much power for the small benefit it brings to a few users (who can easily use one of the bigger sites for usenet), and because interest in usenet has decreased more and more, I did not want to invest the time in moving the service to a different maschine. Because news.bytemine.net ran on a Sun Ultra-10 workstation moving the service to a machine with different endianess, would’ve meant lots of work if the news spool was meant to be kept.

On a side note: Usenet is responsible for me getting into this whole Unix / Linux thing. Back in ‘97 I became interested in usenet and quickly noticed that if I wanted to run a usenet site, I would have to do it on Unix, since I did not want to run such a service on a Windows machine.

[11:43] fkr(news):~ %> sudo shutdown -hp now
Shutdown NOW!
shutdown: [pid 2700]
[11:44] fkr(news):~ %>                                                                                
*** FINAL System shutdown message from fkr@news.bytemine.net ***             
System going down IMMEDIATELY                                                  

System shutdown time has arrived
Connection to news closed by remote host.
Connection to news closed.

Farewell news.bytemine.net.

Now that CeBIT 2010 has started, we finally can announce the things we have planned for quite a while. The first big news (and there is more to come!) is:

bytemine-manager is now open-source!

bytemine-manager is the only cross-platform OpenVPN-administration software and we’ve completly released it under the BSD license.

You can get the source from here on github! Along with the bytemine-manager we also open-sourced a piece of software for multiplexing uni-/bidirectional streams onto stdin/stdout (called ut). Typically used via the secure shell protocol, it provides a means to, e.g., simultaneously control multiple OpenVPN servers via their management interface using one secure channel. You can find the source code to ut here on github as well.

Binary packages for the bytemine manager are linked from our download page. Packages for ut are going to be released within the next days.

You can find us at the CeBIT 2010 in Hall 6, Stand A36. We are looking forward to meet you there!

Since today every package we ship out with DHL will be shipped with DHL’s “GoGreen” initiative. The GoGreen initiative is DHL’s approach to help reduce CO2 emissions. While it is not a gigantic leap towards the solution to healthier earth, it is a step in the right direction and we found this to be worth supporting.

More details can be found at our online shop!

By the way, our colocation in Oldenburg as well as our office runs on EWE Naturwatt power. I am currently investigating into moving our second location in Oldenburg to a better and cleaner way of getting power as well.

During our bytemine hackathon at the north sea, I gave a talk on the history of the company, the way bytemine has developed over the years and our current development culture. During this presentation we came to the conclusion that we follow the ‘evolution, not revolution’ paradigm, just like OpenBSD does.

This is also the paradigm of this bytemine manager release. Of course the bytemine manager had its fair-share of focus during the hackathon, after all it is, what we think the future in OpenVPN administration. But all the ideas we had and also the outcome of a user-interface-usability session, will not become alive over night.

The bytemine manager 1.2 brings a lot of fixes and smaller features, that have been added in the last five weeks to the codebase of the manager. Among other things the following items can be found in the ChangeLog:

• Many smaller UI fixes, the tables now grow upon resizing the main window, etc.
• CN and usernames do not have to be the same, eg. decoupled.
• Each controlcenter tab can now send custom commands to the OpenVPN server
• Updated bouncycastle provider jar (3rd party crypto library)
• External db can be passed on the commandline
• Extract the username out of X509 subject when revoking a certificate

and many more changes.

Of course we’ve also worked on improving the documentation. The manual for the bytemine manager is now also available in english. Direct links to the manuals: english manual, german manual.

The evaluation version of the bytemine manager can be downloaded for free from our eval version.

Daniel is actively working on a much improved user-interface, so stay tuned for further updates to the bytemine manager.

Alongside with the new bytemine manager, we’ve setup a new mailinglist. The mailinglist products-discuss is meant as a direct feedback channel for you. Not only for feedback, but also for technical (and philosophical) discussions around and about our products.

Enjoy!

As a reliable source for embedded boards coming from Soekris Engineering we’ve been asked many times on wether it is possible to order PC Engines systems from us. Well, we’ve finally made them available through our online shop. We also carry the 19” cases as well as various add-on products.

As a special deal, we currently offer the 2d13 at a special rate.

The next step in the history of our online shops has been taken! We’re proud to announce that we just put our new bytemine shop online.

This is the third generation of bytemine shop applications. We started with a simple html form and some javascript on our home page which served us well for some years. The problem was that it didn’t scale well with our growing range of products so that we started to look for a lightweight shop system.

Since we like Ruby and Ruby On Rails, we had a look at some shop applications written in Ruby and Rails. After some tests we decided to go with Spree which is a nice e-commerce application project developed by a small team. We wrote our own layout template and created some small extensions to handle some of our needs. (like special shipping decisions) The shop was running fine for about 10 months. Over the time we discovered two big issues with our Spree setup. The lack of features and the fast development speed of Spree. The lack of features problem could have been solved by ourselves with dedicating time to write some extensions. But we think it’s better to spend that time on our own products and business. The rapid speed of development in the Spree project is related to that. Since we didn’t touch the shop for some months it would have taken lots of time to update it to a more recent release and adjust our extensions. Again, time we don’t have or time that we don’t want to spend on building a shop system. That’s where Magento entered the game.

Magento is a feature-rich open source e-commerce platform which one of our partners is using to build internet shops for their customers. That’s why we gave it a try. The default installation almost satisfied our (current) requirements and it also has a huge collection of extensions available. Our first tests went pretty well so that we decided to switch to Magento as soon as possible.

After installing some needed extensions, adjusting the desing templates and doing lots of tests, our new shop is now ready to be used.

We think the move to Magento is a big step in the right direction. It will improve the shopping experience of our customers and it will ease maintenance for us.

Maybe now is a good time for you to surf over to our shop and place some of our products in your shopping cart! :)

Have fun!

Last Friday and Saturday we spent exhibiting at the Kieler Linux und Open Source Tage 2009. For the ones who remember, a year ago this was the first event, we attended with bytemine as an exhibitor. For years Bernd and I have been doing events and staffed a lot of OpenBSD booths, but in the context of this company last year’s Kiel Event was the first. This made this year’s edition even much more interesting for us, since we could see how much the booth-showcases improved (and changed) and how much better the booth looks overall now. It also showed very clearly our shift towards our new product line. Last year we presented the bytemine openbsd thinclient, a product that we pretty much shifted focus away from in favor of the bytemine openbsd appliance and the bytemine manager. Products that (in my personal opinion) fit way better into our portfolio and experience than a thinclient.

Aside that, Kiel was once again lots of fun. Even though the overall amount of visitors for the event was much less than the year before. The organizers did a lot of publicity for the event, so it is not clear why so little visitors showed up. Maybe because saturday was a german national holiday?

There were quite a few interesting talks, because I had to guard the bytemine booth, I was sadly not able to attend Bernd his talk about OpenBSD and the Web 2.x. The slides of his talk are available as a pdf.

I’ve attended an overview of SSL-based VPN Solutions, which featured software like OpenVPN, CloudVPN, n2n and such. From my personal view, OpenVPN is the only one from the list that should be used in a professional environment, the rest is more meant as an aid to quickly share contents among a group of people and crypt it on the way. The talk was missing some informations regarding OpenVPN, among others a proper reference to the OpenVPN Association (of which bytemine and myself are members).

Once again, we were located right next to Zarafa, which gave us the chance to have lots of chats with Andreas from Zarafa Germany.

Last but not least, we had the chance to meet one of our long-term webhosting customers from Kiel, always a nice experience to directly meet and exchange ideas and be able to answer questions quickly.

Am looking forward to next year’s Kiel event!

Like last year, bytemine sponsors the Kieler Linux und Open Source Tage and we will again exhibit some of our products. The Kieler Linux und Open Source Tage will happen at the KITZ on the 2nd and 3rd of october. On the 2nd Bernd will give a talk about OpenBSD and the Web 2.x, since Bernd is very active in the Ruby and Rails on OpenBSD scene, he surely will deliver a very exciting talk!

As usual, we will show the current development versions of our products at our booth as well as welcome you to stop by and have a chat about our upcoming products with us.

Directions on how to get to the KITZ can be found here.

See ‘ya at the Kieler Linux und Open Source Tage 2009!

While we posted a lot about our development activities and our products lately, this is a bit of a different blog post, as I personally review our final move to our new colocation and try to reveal to you some of the things, ususally not visible.

Thursday night we moved the last machines from our old colocation at Nacamar (formery operated and owned by Tiscali), often refered to by us as colo “FFM”, to our new colocation at New Colo (internally named colocation “FRA”). Both are located in Frankfurt and roughly 10 km apart (as the bird flies).

We’ve been at the old colocation for more than five years; quite some time. The times at Nacamar / Tiscali had its ups and downs. When Nacamar took over the operations, qualitiy did go downhill. The colo itself was still nice (almost like a clinic so clean), but phone service and remote hands. doh. As Nacamar had their ups and downs with the colo, so were also my visit there, sometimes better, sometimes horrible. I recall visits, where I expected to spend a few hours there and ended up staying overnight, because a machine decided to trash various parts of the harddisk. Yes, these were the early days of bytemine, back when I was – on the unix side of things – mostly on my own. Things have changed since then by lot – for the good. The move thursday night involved three persons and has been prepared since april. So besides changing colocations and switching to a place that suits our requirements better, we’ve also switched from a rack that contained infrastructure that was in place before all the other byteminers joined to infrastructure that was built up jointly by the current bytemine team. A lot of things become a lot easier, if you have an experienced team around you and that become very visible throughout the last year.

As I blogged earlier this year, we’ve setup our own AS and run now in our own PI-Space. Roughly a year ago, I began looking for a new colocation. Since this april we’ve been evaluating and testing NewColo, but directly booking from Antilo, and while we’ve had a few problems at first, it turned out that Antilo was very good at resolving these and assuring we get the quality we want and need. Before moving the new colocation into production mode, we’ve got another uplink through GHOSTnet, so that we have two independent peers. Aside from that we now have a presence at the Kleyer-Rebstöcker Internet-Exchange.

The first servers we moved then to the new colocation were our Xen Servers, on which we do the rails- and webhosting (Bernd blogged about a while ago) as well as other things like running SpamAssassin instances for spamscanning.

On Thursday we then moved the rest of the infrastructure, like e-mail services etc., to the new colo. The move itself went so smoothly that I can hardly blog anything interesting about it. The whole combined move (taking down, driving to new colo, building up) took roughly 2 1/2 hours and so far we did not spot any fallout.

After finishing the first setup of the moved machines at NewColo I had a chat with Sebastian (Owner and Founder of NewColo) and it is quite clear that a place like NewColo and Antilo is so much more fitting to bytemine than Nacamar. Both are fairly small companies (at least compared to Nacamar and Tiscali), but that is exactly what we need, since we know that problems will be resolved right away and not escalated through different parts of a gigantic enterprise :)

We’ve been deploying OpenVPN installs for a few years now and ever since the administration of the OpenVPN concentrators was something our customers never really liked. For once there is the Certificate Authority and the user management. The scripts provided by the OpenVPN developers, named ’’easy-rsa’’, are nice but not very user-friendly. For another there is always the wish, to see which users are currently connected to the VPN and how much data they shove around.

At the end of last year, I looked around to find a different solution for handling the certificates and the users. While there are some tools out there, none of them really did it. The features we were looking for:

• Easy handling of certificates and users
• Being able to control the VPN Servers and see what was happening

Ain’t a big list. Wanting to handle the Certificate Authority (CA) meant for us, that it had to be a stand-alone application and not a webfrontend on the OpenVPN Servers. Why? Very simple: In most places it is a requirement, that the CA may not be connected permanently to the network or at least not be on the same host who grants access based on certificates that are issued with this CA. The CA needs to be protected. Furthermore I did not want to offer our customers a set of applications to use with the vpn servers, but only one application that would fullfill all their needs in regards to the OpenVPN concentrators.

We came up with what we call the ’’bytemine manager’‘. The ’’bytemine manager’’ is a stand-alone java-based desktop application. Why java you ask? For one very simple reason: it allows you to use the application almost anywhere. Yes, there are tons of possiblities to achieve the same thing with other languages, but java was from our perspective the most simplest one. Mono was another idea, but there is no stable mono environment for OpenBSD, and of course, we wanted to use the application for ourselves on OpenBSD.

Currently we’ve tested the ’’bytemine manager’’ on the following platforms:

• various Windows flavours (XP, Vista)
• various Linux Distributions (Ubuntu, Fedora, Debian)
• OpenBSD

As long as you have access to a Java 6 runtime environment, you should be on the safe side. All libraries needed, are bundled with the application. The contents of the application (certificates, users, configuration data) is stored in a sqlite database.

Coming back to the features of the ’’bytemine manager’’. Currently it brings the following features along:

• user and certificate management
• synchronisation of users and certificates to multiple OpenVPN servers
• import of existing user and certificate data from existing OpenVPN installations
• management of users and certificates stored in LDAP
• users can be assigned independently to servers
• display of currently connected users per server
• display of usage data per user
• termination of connections
• modular design – various modules can be used independently of each other

Users and certificate data is synchronised from within the application to the vpn concentrators via ssh. Of course the application supports the use of ssh keys, so you don’t even have to use password authentication, makes it even more safe. All communication with the vpn servers is done over the ssh connections. The manager application also allows filesystem- and ldap-based export of the user- and certificate-data.

So this is already quite a lot. One of the neat features is, that the ’’bytemine manager’’ is not only for use with out bytemine openbsd appliance, but can be used with any OpenVPN server. The only requirement is, that if you want to use the controlcenter, you will need at least OpenVPN 2.1rc14, since that version introduced the unix domain socket for the management interface. For security reasons, we decided not to support the cleartext telnet interface. However, the socket-wrapper interface, will be covered in an upcoming blog article by Holger.

More (german) information on the bytemine manager, can be found on the corresponding product page.

There is a trial version of the application available: bytemine-manager-1.0.1-trial.zip.