Ok, I understand the problem better, but I don’t know why this happens. Maybe someone from @maidsafe can explain this?
What a pity you had to stop your node (958753) which was running uninterrupted since January 18th, to be able to access Alpha 2 network.
I have rebased my safe_vault fork on current Maidsafe repository, recompiled it with latest rust version (1.33) and build a new docker image.
I am about to update the docker swarm service with this new image. The 4 docker vaults will be restarted with a 40 mn interval between each.
I’ve done some extra tests.
Restarting Vault when SAFE Browser is connected → no problem.
From the moment I see in the Vault logging:
Resource proof challenges completed. This node has been approved to join the network!
the SAFE Browser can’t connect anymore.
For an already connected browser: static sites (e.g. safe://cyberpunk) keep working, but errors on ‘dynamic’ sites (e.g. safe://to-do).
I had the same problem. It’s a Crust problem - it tries to bootstrap from LAN first, finds your vault, sees that the network names disagree, reports an error and gives up. I reported this to the Crust guys and I think they either fixed it already or will fix it, but unfortunately, this won’t affect the SAFE Browser or the vaults, as they are stuck on an older version 
I have just launched another update of docker vaults to replace the IP address in the web app url by its domain name. The ulterior aim is to replace the container managing the web app by a service, but this will be done later.
The update interval between 2 successive vaults is 2 hours.
Update is finished and web app is now a docker service, which means that it is automatically restarted whenever it crashes or server is rebooted.
Vaults that joined my docker swarm already benefited of these features, but not web app itself. This discrepancy is now corrected.
I have added a new tab in the web app (Docker) that displays another view of the nodes that have joined my docker swarm.
Its content is a combo of the 2 commands I most commonly use to check the state of the swarm when I connect to one of my hosts ("docker node ls" and "docker service ps").
@tfa did you get one of these, any idea what this is about/what to do?
We have received a security alert from the German Federal Office for Information Security (BSI).
Please see the original report included below for details.
Please investigate and solve the reported issue.
It is not required that you reply to either us or the BSI.
If the issue has been fixed successfully, you should not receive any further notifications.
Additional information is provided with the HOWTOs referenced in the report.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <reports@reports.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.
Kind regards
Abuse Team
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen / Germany
Tel: +49 9831 5050
Fax: +49 9831 5053
www.hetzner.com
Register Court: Registergericht Ansbach, HRB 6089
CEO: Martin Hetzner, Stephan Konvickova, Günther Müller
On 20 Mar 05:14, reports@reports.cert-bund.de wrote:
Dear Sir or Madam,
open DNS resolvers are abused for conducting DDoS reflection/
amplification attacks against third parties on a daily basis.
Affected systems on your network:
Format: ASN | IP | Timestamp (UTC)
24940 | xx.xx.xx.xx | 2019-03-19 01:06:37
We would like to ask you to check if the open resolvers identified
on your network are intentionally configured as such and appropriate
countermeasures preventing their abuse for DDoS attacks have been
implemented.
If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.
Additional information on this notification, advice on how to fix
reported issues and answers to frequently asked questions:
<https://reports.cert-bund.de/en/>
This message is digitally signed using PGP.
Information on the signature key is available at:
<https://reports.cert-bund.de/en/digital-signature>
Please note:
This is an automatically generated message. Replies to the
sender address <reports@reports.cert-bund.de> will NOT be read
but silently be discarded. In case of questions, please contact
<certbund@bsi.bund.de> and keep the ticket number [CB-Report#...]
of this message in the subject line.
!! Please make sure to consult our HOWTOs and FAQ available at
!! <https://reports.cert-bund.de/en/> first.
Mit freundlichen Gren / Kind regards
Team CERT-Bund
Bundesamt fr Sicherheit in der Informationstechnik
Federal Office for Information Security (BSI)
Referat CK22 - CERT-Bund
Godesberger Allee 185-189, 53175 Bonn, Germany
No, I didn’t receive such messages. I have 2 safe vaults and 1 web server, so nothing using “open DNS resolvers”.
In the past you mentioned that you were using the node also as a VPN server, could it be that part?
Could be, or more likely an aborted go at installing pi-hole. In not sure how to undo that - time to search a bit.
No joy in getting that file. Tried from a couple of computers.
Any chance of checking.
My odroid hc2 arrives in a few days and I am trying to get my xu4 running to test things out
Ahh, it was hosted on my Raspberry Pi, which stopped working recently for some reason. I’ll try to find the file and host it somewhere else (or fix the Pi).
Have you tried safe://vault.arm/safe_vault-linux-arm-musl.zip? This is/was on this community safe network, not sure it has survived restarts etc.
Would be good if you could.
Maybe @tfa can add it to his github for the community network. Would help a lot.
hmmm, I checked some chunks stored on my Vault and I could actually read the content of some. Shouldn’t all data be encrypted? Or does this version of the software not support this yet?
An immutable data smaller than 3 kbytes is not split in chunks and isn’t encrypted. In this case the datamap is the original file itself.
Small private files are always encrypted I may assume?
It’s probably another discussion/thread, but I can clearly see some html pages. Normally this would be fine as it is public, but if the content is something abusive, then I am acutally aware that my vault is serving this and I might even get prosecuted if some agency seize my vault.
(I always thought everything was encrypted, so nobody could know what a vault is actually storing)
Got to say this is a bit of a worry. Small chunks of unencrypted data… what if I am storing bank details, etc… all it takes is a little luck then for someone to spot data that is valuable.
@nevel could you post a screenshot of what you are describing?
Say its not true?
Ahh… okay on first glance that looks scary. It is a lot of plain text data!!
But! That looks like publicly available data via website anyway.
What you are doing is sort of like a view source of a publicly available webpage.
I’m not so concerned now.
Comment from devs would be great though.
edit: but! i get what you are saying now. What if this was leaked national security data put up publicly?
You could have every name of every undercover agent in the field, on your hardisk.
Ah, it is a little worrying.
