News & views, serious business.

Wednesday 21 December 2016 - A very PoE Christmas

Picture the scene: a freshly acquired christmas tree, various lights and decorations retrieved from their summer hiding places and then suddenly, tragedy. One of the power supply bricks for the lights is missing!

A bodge is soon secured, it turns out that the lights are 24v and so is the office scanner. We have light, and they even look better as a result of being fed from a proper smoothed DC power supply rather than straight from a bridge rectifier.

It was however not to last. There were new contracts to sign, and the scanner was required so its power supply had to be retrieved and freed of the small mound of insulation tape that secured the lights to its connector. As a part of this process I noted that there was an ethernet socket close to the tree, and a Cisco 3560G PoE switch on the other end of it. It crossed my mind that it would be very useful if the lights were 48v and not 24.

Hold on a minute, there are two identical sets of 24v lights. A plan formed and the IEEE 802.3AF specification was downloaded.

First I tested the power consumption of the lights, you have a budget of up to 15.4W (or 12.95W after some cable loss) - they were below 3 watts per set so well within budget.

The second task was persuading the switch to supply power. PoE device detection is performed by pulsing the cable with a low voltage and looking for a resistance of 25kΩ, we didn't have that exactly but found a pair of 12kΩ which were close enough to make the switch see a device. The device is then given a short time by the switch to start consuming power, or the supply is disconnected and it goes back into discovery mode. With the lights attached, it starts drawing power straight away and the switch seems happy, and the switch logs this:

Dec 21 2016 07:10:08.218 GMT: %ILPOWER-7-DETECT: Interface Gi0/14: Power Device detected: IEEE PD
Dec 21 2016 07:10:08.772 GMT: %ILPOWER-5-POWER_GRANTED: Interface Gi0/14: Power granted

And this is the circuit:

Yes, really. All of it.

I did wonder if at some point the switch would cut the supply due to the device not attempting any further negotiation, but it seems to be quite happy to supply power indefinitely.

With confirmation that this circuit does actually work, I've soldered it and made it nice with some heat shrink, now it is tucked away behind the tree and is much neater than the previous arrangement of cumbersome power bricks, and a lot more efficient. It turns out those old bricks were wasting more than half of the power they consumed.

But wait, this now means my lights are attached to a network device. A device that can be controlled through SNMP...

Enter... The app.

Well, the page. Calling it an app might be giving it ideas a little above its station, it calls a very simple CGI script on the server which sends an SNMP packet to enable or disable the port.

That's all folks, have a great Christmas, and try not to electrocute yourselves.

Thursday 7 July 2016 - Documentation

Good documentation is what sets apart a product from the rest - it doesn't matter how good a service is if you don't know how to use it.

With this in mind, we are in the process of launching a new documentation area on the site. It will cover everything from adding a DNS record through to our new API which will allow you to integrate our services fully with your workflow via a simple HTTP based API.

You can access the documentation via the new link at the top of the page.

We'll be adding more sections to this page as we go, so expect it to fill out over the coming weeks.

Monday 21 March 2016 - Many new TLDs and old TLD price cut

We now support almost 600 types of top and second level domain name, from .abogado (Spanish for "attorney") to .zone.

In addition to this, we have managed to reduce our costs for acquiring .com, .net and .org, which is reflected in pricing from today.

You can browse the price list and check availability on the Domains page.

Friday 19 February 2016 - HTTP/2

As part of some general software housekeeping, I've upgraded the version of nginx that looks after the main site & control panel to 1.9.10, this version supports the new HTTP/2 protocol. Note that this is different from the other efforts to do the same thing e.g SPDY and is expected to replace those in time.

I thought this announcement would be a lot more interesting than it actually is, however there's nothing to report other than that it "just works".

There are browser plugins that will tell you which of the various next-generation protocols are in use.

Friday 5 February 2016 - Virtual machine price refresh

We've revised the pricing of our virtual machines, it had been a while and they were looking a little outdated.

To this end, we have decided on a completely flexible model where you choose RAM and disk space to suit your application, with a linear scale of £4 per GB of memory, 7p per GB of disk space and £1 for the IPv4 address. IPv6 only is actually something we've been asked for in the past, so why not.

Additionally, if you pre-pay more than a month, we give a discount ranging up to 10% for a year.

As we value our existing customers, whenever we make a price adjustment we will extend your service term automatically to ensure that you are on the best rate.

We're also working on a configuration changer for live virtual machines too, so that you can grow them as required on short notice. Until then if you want to change your configuration, just open a ticket and we will make it so.

Learn more » Configure your VM »

Tuesday 5 January 2016 - Firewalls for virtual machines

We've just launched a new feature, an external firewall that sits in front of your virtual server. By default the policy is to allow all, so don't worry that we are restricting your traffic or ports.

From a technical perspective, this firewall sits between your virtual machine and its default gateway, not on the VM itself so should the VM become compromised, the attacker can't relax the rules.

We've tied all this together with an intuitive interface within the control panel that lets you create, sort and commit rules in seconds.

Thursday 31 December 2015 - MySQL to PostgreSQL migration

From day one, from the first lines of code back in 2005, we have used a MySQL database as the back end for pretty much everything. It has served us well, not lost any data and mostly done what we have told it to. It remains the world's most popular database engine due to its shallow learning curve and extensive documentation.

As our requirements have shifted, for some time now, I've been eyeing up PostgreSQL as an alternative.

Postgres supports some more useful data types, like 'inet' as a great example, and 'json' as a native container for a blob of JSON data which you can build a query on, so we took the time to build a migration plan.

Interesting things you might run in to during such a migration will include:

The unit tests have all passed but the two databases do behave slightly differently, so if you find anything that's not working as expected then open a ticket and we'll fix it.

Friday 9 October 2015 - SSH public key support

I have been asked at various times over the years if we can put peoples SSH public keys in place for virtual machine out of band management.

Historically it was a manual process but great news! - I've automated it.

Start here by uploading your keys and then you'll be able to push them out via the normal VM admin console.

We'll extend this feature in the near future to allow you to push them to new VMs as part of the build process and any other products where they'll be useful.

Monday 24 August 2015 - Windows 95 is 20

Happy 20th birthday, Windows 95.

Although my desktop of choice for probably 19 of those 20 years has been based on Linux, I still have some semi fond memories of Windows 95, so maybe time for a nostalgic moment.

We didn't have a CD-ROM drive back then, so it came to us on no fewer than 13 3.5" floppy disks which were all required, one after the other, as the percent completed bar edged painfully towards 100. Suffice it to say that you did not get the free Weezer music video on the floppy disk version.

We duly installed it on our 486 DX/2 50 over the top of the existing Windows 3.1 installation that had come with it, and rapidly found that our 8MB of memory that 3.1 had positively wallowed in was not adequate for this new vision of the future, at least not if you wanted to run more than a couple of things at once.

I did once manage to get it installed on a computer with a 20 megabyte hard disk by using "doublespace" and a second floppy drive, moving files as they were installed onto some spare 5.25" disks to make space and keep the installer going. The installer itself consumed around 7MB of temporary space that was freed afterwards, so then you could move the files back into place and it would boot. Of course, there was not a lot of space left afterwards to do anything with, so it was not a lot of use, but it did work.

It's hard not to feel spoilt now, as I sit in my office with a tiny computer that has 16GB of memory and an internet connection that could deliver the contents of those 13 floppy disks in a couple of seconds. We will see what the next 20 years will bring.

Wednesday 13 May 2015 - Venom

If you work anywhere near computers then you can't have missed the VENOM bug that has been in the news today.

It's an interesting one as it could allow code execution on a virtual machine's physical host, with the privileges of the emulator. This is something we always anticipated when building this platform, and each of our VMs runs as its own user, in a chroot with no permission to write or execute anything, so we hope this should prove an adequate trap should anyone try and exploit this particular bug.

We are obviously in the process of rolling out a patched qemu binary and where possible live migrating users over to it. We have a slight problem there in that the older VMs are running on qemu-kvm v1, which although it seems it should migrate into a v2 hypervisor, doesn't work terribly reliably and the failure mode is for both sides to crash.

We were planning to roll out v2 across the board slowly over a period of months to allow people to reboot into it in their own time, but as this has forced our hand somewhat, we will need to do these reboots imminently. Since some of the older VMs on the v1 platform will have uptimes of well over 1000 days, a reboot is probably due.

To this end, there's now a bit of code on each host which listens for reboot events and patches the metadata of the VM to start it up with the v2 hypervisor. From the inside, this should be identical to v1. There are instructions on how to connect to the VM's out of band console in the admin pages, but if you have any problems rebooting then give us a call.

Tuesday 31 March 2015 - Time is hard

Taking a side-step from the usual internet related topics, I'm going to share my experience of parsing the TDT in a DVB stream. I feel it warrants a wider audience due to the unforseen complexity of this particular piece of work.

The TDT is a stream in the multiplexes that transport digital TV, via satellite or terrestrial, the format is the same. The function of this particular stream (always within PID 0x14) is to carry the date and time.

The full specification of this field is laid out in EN 300 468, along with many other parts of the DVB stream. To start with, you have 16 bits which carry the date in Modified Julian Date format. It dates back to 1957 and according to Wikipedia was contrived to record the orbit of Sputnik on a 36 bit IBM mainframe, but is not, for me, the strangest bit of the spec.

The part which for me defies all explanation is why they have used binary coded decimal for the hours, minutes and seconds.

Here is a bit of C that parses it into normal Unix seconds-since-1970.

Knowing the time is a fairly fundamental part of most TV functions, so just spare a minute to think of the poor soul who will have thought "This won't take long!", before dropping their sandwich and having a little cry, just so your TV knows what time it is.

Tuesday 20 January 2015 - More bandwidth, hurrah

Due in part to our excellent peering at LONAP, we're pleased to announce that VPS customers will now have extra bandwidth to play with.

Starting with a terabyte on the basic package, we hope this should give you one thing fewer to have to think about when choosing a provider.

Friday 2 January 2015 - A new look for a new year.

You might have noticed some changes to the Portfast web site today, after much tinkering and shifting of bits, the new version is finally ready to go live.

This first iteration of the new site aims only for feature parity with the old one, a lot of the underlying code is the same, as is the database that it speaks to. As well as easing the transition, this lets us roll it back easily if the customer reaction is along the lines of "OH MY EYES" or "what does 'internal server error' mean?". We hope that the reaction will be a little more positive, but you have to plan for every contingency.

There's even a new logo, yes, partly inspired by our Twitter account name. It's all about being sociable.

Under the bonnet there are a bucket load of JSON API calls that you can make to automate every aspect of your account, while possible to use these now, the specification has not been nailed down yet and is likely to change as having deprecated the old site we can now start tinkering with larger parts of the underlying system.

There will be a key based authentication system for the API which will avoid you needing to leave your actual login details in a script, more to follow.

Other useful features on the road map include (but not limited to):

If you find a problem with it, or just have an idea for something that could work better, we would really appreciate it if you could drop us an email, or a ticket, or if that bit is the bit which is broken, a good old fashioned phone call.

We wish you all a happy 2015!

All prices are exclusive of VAT.
Portfast Ltd :: Registered in England #6061075, 7 Carter Knowle Road, Sheffield, S7 2DW