STARTTLS is not a protocol

As regular readers will know, I’m not a fan of STARTTLS but today I realised that some people are confused as to what it even means. And there’s a perfectly good reason for this – some graphical email software is actually listing STARTTLS as a protocol for talking to mail servers and people are jumping to conclusions.

So what is STARTTLS all about if you go back to basics?

Originally, when only nice people had access to computers, network traffic was unencrypted. If you had physical access to the network you could pretty much read anything you wanted to, as everything connected to the same network saw the same data. This isn’t true now, but encryption you data is a good idea just in case it can be intercepted – and if it’s going over the Internet that’s definitely the case.

In the mid 1990s, the original mass-market web browser, Netscape, decided to do something about it and they (or more specifically their chief scientist Taher Elgamal, invented a protocol called Secure Sockets Layer (SSL) to protect HTTP (web) traffic. Actually, several times as the first couple of attempts weren’t very secure at all.

SSL didn’t really fit in with the OSI model; it runs on top of the transport protocol (usually TCP) but under the presentation layer, which would logically handle encryption but doesn’t usually. To use it you need an SSL layer added to the stack to transparently do the deed on a particular port.

But, as a solution to the encryption problem, SSL took off and pretty much every major protocol has an SSL port along with its original cleartext one. So clear HTTP is on port 80, HTTPS is on port 443. Clear POP3 is on port 110, encrypted on 995. Clear IMAP is on port 143, encrypted on 993.

As is the way of genius ideas in cybersecurity, even the third version of SSL was found to be full of holes. SSL version 3.1, which was renamed TLS, continued plugging the leaks and by TLS 1.2 it’s considered pretty much secure now. TLS 1.3, which interoperates with TLS 1.2, simply deprecates certain cyphers and hashes on the suspicion they might be insecure; although anyone into cybersecurity should tell you that everything is secure only until it’s broken.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

Unfortunately, because different levels of TLS use different cyphers and reject others, TLS levels are by no means interoperable. And neither is it the case that a newer version is more secure; bugs have been introduced and later fixed. This’d be fine if everything and everyone used the same version of TLS, but in the real world this isn’t practical – old hardware, in particular, bakes in old versions of SSL or TLS and if you decided to deprecate older cyphers and not work with them, you loose the ability to talk to your hardware.

But apart from this, things were going along pretty well; and then someone had the bright idea of operating encrypted and unencrypted connections on the same port by hacking it at the application layer instead. This was achieved by modifying the application protocol to include a STARTTLS command. If this is received, the application then negotiates a TLS connection. If the receiving host didn’t understand what STARTTLS meant it’d send back and error, and things could continue unencrypted.

In other words, if you’re implementing an SMTP server with STARTTLS, this keyword is added to the protocol and the SMTP server does something about it when it sees it.

What could go wrong?

Well quite a lot of things, actually. Because TLS doesn’t fit in to the OSI model, it’s actually very difficult to deal with the situation where a TLS connection is requested and agreed to but the TLS layer fails to agree on a cypher with an older or newer version on the other end. There’s no mechanism for passing this to the application to say “okay, let’s revert to Plan A”, and the connection tends to hang.

There’s also a problem with name-based virtual servers must all use the same host certificate because the TLS connection must be established before the application layer headers are transferred.

But perhaps my biggest gripe is that enabling STARTTLS makes encryption optional. You’re not enforcing encryption when you need to, and even if you think you are, STARTTLS connection are obviously vulnerable to a man-in-the-middle attack. You have no idea how many times TLS has been turned on and off between the two endpoints.

You might be tempted to think that optional encryption is better than none at all, but in reality it means you don’t care – and if you don’t care, don’t bother. It just leads to a false sense of security. And it can lead to interoperability problems. My advice is to use “always TLS” ports for sensitive data and turn off the old port.

No talk from TalkTalk 2

Hardly a week goes by without someone contacting me about a problem with their email. Pretty much every time they’re just doing something wrong.

“Your message bounced back because you spelled your friends name wrong.”

I’ve learned to say it without sounding judgemental; or I think I have. Everyone’s done it, after all. It’d be nice if people checked before blaming the mail server, but so would world peace and I’m not hopeful I’ll see either.

But last week was a bit different. Someone got a bounce-back after emailing, but the address in the bounce was I know what you’re thinking; same as me. Someone had manage to type their address wrong in their iPad and the replies were to somewhere silly. (Why’s it always Apple users)

Not so this time. After more complaints I checked TalkTalk’s email server. First thing to check is the MX records. Hang on, there aren’t any!

An domain MX record simply tells other mail servers where to send email for that domain. In the absence of an MX record, a mail server is supposed to send email for a domain to it’s IP address (A record). Not everyone knows. this. As a final roll of the dice, it’s allowed to send it to a domain name’s alias (CNAME).

It turns out that lacks an a record, and it’s CNAME is This kinda makes sense – anyone going to the obsolete web site will end up at Great for web users, but it also means that all the email going to customers will be directed to their mail server. Not cool. Unsurprisingly their web server didn’t know what to make of it.

Was this something weird with my DNS? Nope. I tried it multiple DNS servers on several networks, and Google’s service with exactly the same results. Definitely wrong; and it was a Saturday so there was no one at the company to TalkTalk to. I sent an email to the address their tech support suggested, and got a snotty “we’re not talking to you because you’re not a customer” response. Er, no. At this stage it was on behalf on an ISP trying to resolve a serious problem for their customers. How dumb can you get?

Now TalkTalk is an interesting company. It’s basically a mishmash of many ISPs purchased over time by Charles Dunstone’s Carphone Warehouse. These include Opal, Pipex, Nildram, and OneTel, AOL, Virgin’s ADSL business. The group has not been without its problems, including being slammed by the ASA and Ofcom for not delivering what it promised, and let’s not forget the famous 2015 data heist, malware infected home routers, slamming, and customer privacy concerns (Phorm, URL harvesting with Huawei and so on).

However, a big worry is how these disparate ISPs have been on-boarded to the TalkTalk communication bemouth. The answer is probably “badly”, and woe betide anyone on a legacy service such as an email address. We had the same problem a year or so ago with emails; TalkTalk had kindly left the service running but had no way of known which customers had left and who was using it for free. It was twenty years before they decided to pull the plug on it and see who squealed.

Naturally I phone around about the MX records to see what other were experiencing, and the consensus was that they’d decide to pull the plug on these legacy accounts too.

Of course, having bad/no MX records in your DNS doesn’t cause an overnight meltdown. DNS entries are often cached, and drop off senders’ servers over time. To add to the confusion, many high volume providers trying to save a few quid don’t even bother to check MX records when sending – they simply use the last known good destination server and “do something” when it fails to connect for a period. Freemail users may not have noticed a problem corresponding with their chums on – at least not for a while.

So what did I do? The user was convinced they were infected with malware (as they do) so for a quiet life I faked up the last known good zone in a local DNS server and sat back waiting for the actual server to be turned off. But a week later they’d fixed it; so that’s alright then. For now. I guess legacy customers of the worst domestic broadband provider in the UK (consistently, along with Virgin Media and Plusnet and Vodafone, according to Which? Surveys and Ofcom rankings for customer service) aren’t going to heed any warnings about shifting their email service elsewhere before it’s too late.

Graph showing trend data on residential consumer complaints received by Ofcom across fixed broadband by communications provider.   It shows the fixed broadband complaints per 100,000 subscribers for the Q2 2019 – Q1 2021 period.   Virgin Media generated the highest volume of fixed broadband complaints (at 33) in Q1 2021 followed by Vodafone at 24.    EE and Sky generated the lowest volume of fixed broadband complaints with both at 7.

Chip crisis? What chip crisis?

We’ve all seen the mass media going on about a chip shortage – or “crisis” as everything seems to be called these days. Silicon chips are unobtainable, apparently. And industry leaders are blaming their inability to meet demand for products on the “chip shortage”. But does this mean we should believe them?

Industry leaders are brilliant at blaming their mistakes on outside factors. Chips, and IT in general, is an obvious scapegoat.

It’s important to differentiate between a “chip shortage” and demand outstripping supply for particular ICs. Cryptocurrency mining is soaking up GPUs like there’s no tomorrow, so you could say there’s a GPU supply crisis. The the boyz will have to make do with plain old HD murder simulators for a while.

The automotive sector always had an interesting supply chain. They beat the price down to the last penny and order “just enough” semiconductors ahead of time meet their anticipated demand – if they guess wrong then it’s on them, and in a pandemic they’re going to lose their nerve and order less.

And then there are the usual “flood/fire/zombie invasion” stories on silicon foundries that accompany every supply crisis. I’m not having it.

The facts (remember “facts” from the old days?) tell a different story when you look at the units shipped. Okay, this lumps in NVidia GPUs with 741 op-amps but it still paints a picture.

The fact is that the supply of semiconductors continues to go up year on year. The latest predictions for 2021 are suggesting there’s been a 27% increase over 2020, and that was a significant increase over 2019. Business is booming.

So, if there’s a semiconductor supply crisis, please tell me which semiconductors are actually out of stock? Automotive manufacturers who failed to pre-order enough to meet demand of their particular custom chips are going to have to wait. And they might find that having beaten the price down, they’re not top of the list when it comes to rushing through a special order fast unless they pay a bit more.

Australia bites back

Well known conspiracy theorist and tennis player Novak Djokovic appears to have gained entry to Australia without the covid-19 vaccination that he and his wife Jelena oppose, even though it’s a requirement for everyone else.

Jelena Djokovic is on record as believing that 5G mobile phones are the real cause of Covid-19.

It appears Djokovic obtained this exception on a technicality – that he’d tested positive for Covid19 in the last six months. Normally exemptions are granted by an independent (and blind) panel to people with documented medical conditions (usually cardiac) that would make vaccination risky. Immunity through past infection makes the matter less urgent. Does Djokovic really have a dicky ticker? You wouldn’t think so to look at him.

Now the Australian Prime Minister, Scott Morrison, has said he could be on the next plane home because of another technicality – his visa was completed incorrectly.

You’ve got to admire the Australian way of doing things. However, I’d be surprised if the wealth of the rich and famous doesn’t prevail. But whilst I have no interest in watching tennis, I must say this is the shaping up to be the best soap opera coming out of the country since neighbours.

Meanwhile, in France, their controversial but entertaining president has made it clear his strategy is to “piss off” the vaccine dodgers, rather than forcing them to be vaccinated by law.

« Moi, je ne suis pas pour emmerder les Français », confie-t-il tout d’abord. Mais « je peste toute la journée contre l’administration quand elle les bloque. Eh bien, là, les non-vaccinés, j’ai très envie de les emmerder. Et donc, on va continuer de le faire, jusqu’au bout. C’est ça, la stratégie ». Source: Le Parisien

To put this in to context, the UK has been playing softly with the anti-vaxxers, but other European countries are gearing up for compulsory vaccination – starting with Austria, with Italy and Germany not far behind.

Has Macron gone mad? Politicians on the left and right have condemned his language, and the admission of his strategy. However, with 90% of France vaccinated, I suspect he’s gambling that the majority have lost patience with the needle-phobic 10% playing Jacques, and he’s basically asking people to side with him or them. Media politicians have been tricked into knee-jerk siding siding with “them”.

How to really add a plugin to WordPress manually

You’d have thought that a google search for “manually add plugin to WordPress” would turn up lots of articles on how to do this, but, er, no. They all seem to tell you to log in to the site and do this or that on the GUI. That’s not doing it manually – it’s using the GUI. If the GUI doesn’t work, then you need to do it manually. Here’s how:

The method is actually simple if you remember it. You download the plugin from the site (e.g. and you’ll end up with a DOS/Windows .ZIP file. Unpack this any way you wish and you’ll get a directory with some file in it. As a sanity check, one of these files will have the same name as the directory, but ending in .php.

Take this whole directory and copy it to /wp-content/plugins. That’s the directory – not the files in the directory.

That’s it. You’re done. It’ll appear in the plugins dashboard.

Wicked Parents let Kid Survive on Walkers Crisp Diet!

If the parents have done anything wrong it’s going public, putting themselves in the firing line for abuse from the ignorant. This may seem a simple case of bad parenting to people who know very little about mental illness or children.

The fact is that when a child (or adult) has it in their head that they’ll only accept certain things as food you have no choice but to give it to them. No choice apart from force feeding, that is. And force feeding someone in that condition isn’t going to cure them off it; make them worse more likely.

And while we’re at it, don’t think of blaming the parents for allowing their child to get into this mental state. It happens in the “best” of families and in otherwise perfectly normal adults.

Sometimes we call a firmly held belief in something that isn’t true, based on available evidence, psychosis. But we’re not consistent. In fact, certain groups see such beliefs as virtuous. A believer in the existence of a supreme being is described as pious. Fringe political group work on conspiracy theory too, sometimes breaking their nonsense into mainstream thought. We know communism doesn’t work, but some will keep the red flag flying based on all sorts of excuses that it just hasn’t been done right before.

Meanwhile another group have convinced themselves that Covid-19 is some kind of hoax. It’s a widespread problem, and not just in uneducated communities; a quick look at the evidence is all you need to prove otherwise, but using selection they can make a case that’s good enough for them.

If your misplaced belief has an appropriate number of adherents it becomes a religion or political movement, and gets equal air time on the BBC. People use the idea that if others agree with them, they must be right and no contrary evidence is considered. It was probably made up by those seeking to undermine the “truth” anyway.

If, however, you alone believe there are aliens living in the house next door, you have a psychotic disorder.

So, before we jump to conclusions about mental illness, and in particular psychotic beliefs, perhaps we should first evaluate what we believe against the evidence.

Let’s have a serious talk about lorry drivers.

Every news outlet and fool politician is banging on about the idea that Brexit has led to a shortage of 100,000 lorry drivers in the UK. This story is too good to check for those still smarting over the lost referendum, or have some other axe to grind. Unfortunately for them, I have checked the story, and it’s a pretty shabby state of affairs.

Let’s start with this figure of 100,000. It comes from the Road Haulage Association, a lobby group. And they claim to have calculated it.

When pushed, it all gets a bit vague, and it might surprise you to know that they were claiming a shortage of 50,000 in 2015 – before anyone had heard of Brexit. They always claim a shortage of about this number. They say it was calculated by surveying their members, and other means – such as looking at vacancies. They also subtract the number of drivers registered with them from the number of lorries registered with the DVLA and add that. Seriously.

Tesco has recently stated it needs another 800 drivers. A quick look at their staff vacancies adverts shows they’re actually looking for just three.

Richard Walker from Iceland, another arch-Europhile, has taken the opportunity to get his mug into newspapers by talking about “Cancelling Christmas”. This is the same Richard Walker who gets publicity for environmental initiatives yet flies around in a private helicopter.

The Road Haulage Association will also tell you there are about 600,000 lorry drivers in the UK. The Office for National Statistics, which knows what people do for a living, reckons there are half that number. Again, the RHA is counting the wrong thing – HGV licenses. Just because someone has an HGV license it doesn’t mean they’re actually a lorry driver. Many people, myself included, have one so I can hire a lorry when I need one – such as for transporting stuff to Scout camps. At the time I got it, the cost was £70. It’s not unreasonable to want to drive something large privately.

Another group with HGV licenses are firemen. Those big red things they drive around in are too big to be classified as cars, so they do the HGV test. I believe Princess Anne had one once, so she could drive large horse boxes.

So I’m not going to take anything the Road Haulage Association takes seriously until they use better methods for obtaining their statistics. It’s almost as if they had an agenda. Actually… it’s a lobby group and its head – Richard Burnett – is a long-time campaigner against Brexit (and by extension the present government).

So what is the truth of the matter if you go to a sober source such as the ONS for figures? There is indeed a shortage of HGV drivers – they say the number has dropped by 55,000 in the last 18 months, of which 47,000 were the last year. However, this isn’t caused by Brexit. In Q2 2020 there were 25,000 EU drivers working in Britain; a year later there are 24,350. This is about the same as the 2015 figure. There was, however, a blip in numbers, peaking at 42,460 – and that happened after Brexit. This fell as drivers returned home during the pandemic; boring but true. And it’s only a minor factor in the current shortage. About 12,500 lost drivers out of 55,000 (18%) were EU nationals. Every country across Europe is reporting similar shortages, apart from Romania as far as I can tell. They’re also complaining in the USA; as far away from Brexit as you can get.

In reality, far the largest drop in working driver numbers comes from retirement – or more accurately leaving to find other jobs. It’s as simple and boring as that. But the story doesn’t end there, as it’s also been claimed that more people are retiring than passing tests. Unfortunately the figures don’t bear this out either.

In 2010-2014 there were 15,500 new licenses issued, with 7500 retiring. In the second half of the decade there were 25,500 new licenses and 8600 retiring. The fact is that there are 230,000 licensed drivers under the age of 45 alone in the UK who are choosing not to drive commercially. They’ve got fed up and taken other jobs, or are using the license privately. The average age of British lorry drivers is now about 55, clearly pointing to trouble ahead.

If you want to figure out what’s going on behind the headlines, and the Twitter experts who have never even driven a lorry in their lives, you eventually end up following the money. In this case the RHA (a lobby group, remember) is making the case for the government to favour their sector. Of course they’re going to highlight any problem, and demand the government does something about it – and more specifically, throw money at it. The thing is that the logistics industry hires their own strategic planners; experts in the field of logistics. They should have seen this coming and done something about it, instead of bleating for the government to bail them out now.

The truth may be simple; if the pay and conditions for lorry drivers were better, more people would do it. And that’s entirely up to the logistics companies to solve. Some have undoubtedly been using cheap foreign labour in the last few years, which has gone home during the pandemic – and they’re the ones that have been hit the worst. And now they want the taxpayers to bail them out for having treated their drivers badly.


Now we’re being told that 5000 visas are being made available to hire in foreign drivers. That’s great. But why would foreign drivers from the EU even want to work here? There’s a shortage across Europe, and they have better conditions working there. France, Germany and Belgium have laws that mean drivers don’t have to work on Sundays. And if you’ve ever compared a French and British transport cafes, the continentals win hands-down.

Update 2

So now Richard Burnett (RHA) has started panic buying of fuel by claiming there was going to be a shortage due to the lack of tanker drivers, and the hysterical media has picked it up. I’m sure the timing has nothing to do with the Labour Party conference.


All figures in this article come from the Office for National Statistics, the Road Haulage Association or European/American government sources. I’ll make the ONS spreadsheets (the reliable stuff) available when I can figure out how.

A solution to the Scottish Nationalism problem

Salmond and Sturgeon: What is the controversy all about? - BBC News

Nationalism is like religion; it’s a matter of emotion rather than logic. Occasionally it make sense to create a new country as a means of protecting a race of people from racist attitudes found elsewhere, but other than that, there’s very little point in having new countries.

National identity is an emotional lever used by scoundrels to control populations throughout history. In western Europe it’s taken over from religion as the best way to manipulate the emotions of a population, and it’s seldom used for good.

The National Socialists in Germany use racism and nationalism to unite the population for a common purpose. Britain used nationalism to stand up against fascism, rather than joining what was a European movement. Germany, Italy and Spain were fully fascist. France was largely fascist (although airbrushed from history after the war). Belgium and Holland were inconsequential.

So nationalism has its uses, but more often these uses are evil.

Nationalism doubtless played its part in the Brexit debate. The UK was half-in the EU and voted for full-out. Was this a tribal desire to avoid be subsumed into a forthcoming European super-state for emotional reasons, or a distrust of the “former” European fascists and communists? Probably a bit of both.

And this brings us to Scottish Nationalism. This is very different from Brexit. Scottish independence is about a major change to the status quo. Brexit was about future direction; the status quo wasn’t on the ballot as the EU is mutating; expanding its powers and geography. It wasn’t what we signed up for in 1975.

The Scottish Nationalists want a self-governing Scotland based on communist principles. Scottish politics is like that. Whether they’re rational or not isn’t the question here; the situation exists and a high proportion of the people living there want this at an emotional level; pathos trumps logos.

So what is the rest of the UK to do about this? We had a once-and-for-all referendum to settle the question in 2014, during which the Cameron government basically bribed the Scottish people with disproportionate funding and won the day. (The people of England, who had to pick up the tab, weren’t consulted).

Broadly speaking the main political parties are split. The Conservative and Unionist party, to give them their full name, is obviously unionist on principle. The Labour party is less sure. Blair started the process towards independence (termed “devolution”) for Wales, Scotland and Northern Ireland in 1997, as soon as he came to power. Or was this an electoral bribe that went wrong? You’d have to think Blair pretty stupid and reckless if that were the case, although this has been said of him in other areas.

Either way, both Cameron and Blair tried to buy off the nationalists one way or another, and it has simply emboldened them. Being granted and losing a referendum changed nothing.

We need a new plan. It would be possible for England to say simply say “We’ve had enough – get into line or leave”. The Conservatives won’t do that, and Westminster in general recoils at the idea of an English a referendum on splitting from Scotland as they know what the result would be.

The Conservatives are being governed by noble motives here. It’s obvious that without Scotland they’d have a permanent majority in the House of Commons. It’s equally obvious that Labour would become the permanent opposition, which amply explains their opposition to Scottish independence.

The final point in this preamble brings us back to Brexit, or more specifically the lessons learned. As soon as the result was known, the Remain camp started waving their arms about shouting “The people didn’t know what they were voting for!”

This is true on many levels. Much of Leave was playing the nationalist card, and Remain was telling the world the sky would fall if we left. Both were outright liars. But it was also very true to say that the referendum was a simple in/out question and no one knew what “out” meant. (No one was keen to explain what “in” meant going forward either).

To those of us watching this disaster, and the ensuing years of recrimination, it was obvious that an in/out referendum was a spectacularly bad idea and should never have taken place. People really didn’t know what they were voting for; they assumed we’d have a trading deal with the EU, and this was the key. Remain said it was impossible. Leave said it was inevitable. No one knew.

So, another Scottish Independence referendum like the 2014 one is clearly a bad plan. There are two possible outcomes:

Leave: Years of argument about the terms and what to do next.

Stay: Years or argument for another bite of the cherry.

Here’s a better way.

If the Westminster government was smart it could deal with this by playing the Nationalists at their own game. Grant them another referendum, but not on independence. Give the Nationalists three years to negotiate an independence treaty, and one with the EU while they’re at it. Then put that treaty to a referendum.

My guess would be that simple-minded nationalism may melt away when the reality of what they’re being sold sinks in. The Scottish people are being sold a pig in a poke right now.

As part of the deal to hold a referendum, Westminster should withdraw the bribes given by Cameron in 2014. Scotland should get its fair share of funding, and not a penny more. The Nationalists deny they’re being subsidised, so how could they object?

If Scotland would really be better off independent from the UK then fair enough. However, there are plenty of people in Scotland who don’t want a communist-inspired local government, or haven’t realised it yet, and the UK has a duty to protect them.

The Scottish Nationalists don’t think ahead, so the UK should force them to explain to the people of Scotland exactly what they’d be voting for if they chose independence. The Nationalist voters aren’t going to listen to the facts from anyone else. It’s easy to sell flag-waving nationalism; less easy to sell economic reality.

Minecraft server in a FreeBSD Jail

You may have no interest in the game Minecraft, but that won’t stop people asking you to set up a server. Having read about how to do this on various forums and Minecraft fan sites (e.g. this one) I came to the conclusion that no one knew how to do it on current FreeBSD. So here is how you do it, jailed or otherwise.

First off, there isn’t a pre-compiled package. The best way to install it is from the ports, where it exists as /usr/ports/games/minecraft-server

Be warned – this one’s a monster! Run “make config-recursive” first, or it’ll go on stopping for options all the way through. Then run “make install”. It’s going to take quite some time.

The first configuration option screen asks if you want to make it as a service or stand-alone. I picked “service”, which sets up the start-up scripts for you but doesn’t actually tell you it’s done it. It does, however, stop it trying to run in graphics mode on your data centre server so I’m not complaining too much.

The good news is that this all works perfectly in a jail, so while it’s compiling (it could be hours) you can set up the required routing, assuming you’re using an internal network between jails – in this case Using pf this will look something like:

scrub in all
nat pass on $extinterface from to any -> $externalip
rdr pass on $extinterface proto tcp from any to $externalip port 25565 -> $minecraft
rdr pass on $extinterface proto tcp from any to $externalip port
{19132,19133,25565} -> $minecraft

And that’s it. You’re basically forwarding on TCP and three UDP ports. If you’re not using a jail, you obviously don’t need to forward anything. For instructions on setting up jails properly, see here, and for networking jails see elsewhere on this blog.

One thing that’s very important – this is written in Java, so as part of the build you’ll end up with OpenJDK. This requires some special file systems are mounted – and if you’re using a jail this will have to be in the host fstab, not the jails!

# Needed for OpenJDK
fdesc /dev/fd fdescfs rw 0 0
proc /proc procfs rw 0 0

If you’re using a jail, make sure the jail definition includes the following, or Java still won’t see them:


Once you’ve finished building you might bet tempted to follow some of these erroneous instructions in forums and try to run “minecraft-server”. It won’t exist!

To create the basic configuration files run “service minecraft onestart”. This will create the configuration files for you in /usr/local/etc/minecraft-server. It will also create a file called eula.txt. You need to edit this change “eula=false” to “eula=true”.

You can make the minecraft service run on startup with the usual “minecraft_enable=yes” in /etc/rc.conf

And that’s really it. There are plenty of fan guides on tweaking the server settings to your requirements, and they should apply to any installation.

This assumes you’re handy with FreeBSD, understand jails and networking; if you’re not so handy then please leave a comment or contact me. Everyone has to start somewhere, and it’s hard to know what level to pitch instructions like this. Blame me for assuming to much!

Nominet EGM, March 2021

Members of the UK’s domain registry, Nominet, have called an EGM to get rid of most of the governing board. After fighting tooth and nail, chairman
Russell Haworth resigned yesterday (Sunday), but other controversial board members remain.

Unusually for me, this year’s report will be updated live. But you’ll have to refresh your browser manually!

Note that this is paraphrased!

The argument is over the direction of Nominet. When it was founded, the idea was for it to take over from the Naming Committee and run the UK’s top level DNS servers. The Naming Committee was overwhelmed, and it was felt reasonable that a new organisation could take over the work, funded by a small fee for new registrations.

This was inevitably going to lead to a surplus income, which was supposed to be distributed for the public benefit, keeping reasonable reserves in case of major court cases.

In 2006 Nominet altered it’s remit to allow other activities, which I warned about at the time. It turns out I was right (as usual), and in the intervening years the board diversified into such things as self-driving cars and subsidising a cyber-security business, in competition with some of the members who were paying for it. Network Solutions all over again.

Mark Wood opens, and acknowledges that the board hasn’t been listening to members. Grateful to Russell Howarth for driving growth.

Invited Simon Blackler to speak for a few minutes. Mark Wood says he declined.

Now going to member’s questions, starting with those sent in advance.

Question: Why has the board predicted chaos if the board changes?

James Bladel: It will, indeed, fall apart without the experience of the existing board. As the board has prevented the second motion to appoint a new board, it will delay reforms.

Question: The campaign by the board has been dirty. How will you heal the rift.

Rob Binns: “We will continue an open dialogue” and make sure there is a meaningful two-way dialogue.

Question: Ester. Why was second resolution (Appoint new directors) blocked?

James Bladel: Don’t ask me – ask Roy. But we have established processes, so we’re not going to make an exception just because the members vote to have one.

Question: What are the chances of the government stepping in and resulting in a price rise?

Steven Page: There is a possibility, but we don’t know for sure. “Nominet is at the heart of digital Britain”. Sounds to me like a FUD pitch.

He’s just suggested the NHS might collapse if the board is removed, as Nominet is critical infrastructure.

Question: Why were Registry Advisory Council idea underway before the EGM?

Ellie: We wanted to find another way to get feedback. She described it as a “registry business”.

Question: What are the board’s future plans depending on whether the resolution passes or not?

Rob Binns: “As a board we will lay out a process that will drive that engagement” regardless of the outcome.

If the motion passes (board half fired) we will have a focus on stability.

Questions: What justifies huge increases in board remuneration.

Mark Wood: Our strategy was to diversify into alternative revenue streams as a hedge against possible income decline. Stated that costs would increase (but didn’t explain why).

Jane Tozer: We take the pay issue seriously, so we’ve frozen it. Our executive team has outperformed on its targets. Appears to be reading a written statement. It benchmarks pay against similar sized technology companies. (Odd, as these are profit driven – Nominet is supposed to be running a DNS).

Question: What is the cross-subsidy between domains and cybersecurity?

Ellie: We’re not cross-subsidising.

Question: One of the problem is lack of engagement. Would the board introduce members meetings?

Anne Taylor: As a board want to export all ways of engaging. It was a bad move to shut down the forum.

David Thornton: Shutting down the forum was inflammatory but needed a re-vamp.

Question about discounts for and .uk together. Irrelevent.

Question: Why has it taken so long to realise members are not happy?

Mark Wood: We’ve missed some signals. Simon Blackler has run a good campaign and raised a lot of issues. We want to make these changes and accelerate them.

Question: Will be bring back member engagement lunches.

Ellie: Yes, stuff like that. “We’re going to need to find more ways to get the views of the network”.

Question: Why can’t we hear from Simon Blackler?

Mark Wood: It’s not a debate; it’s a company EGM. Simon Blackler declined to speak.

Question: Has the current board makeup been complicit in side-lining members’ decent?

James Bladel: I don’t think this has really happened as we have vigorous debates on the board.

Question: What’s Russell’s status right now?

Mark Wood: Russell actually stood down from the board on Sunday. (Subsequently confirmed that the registration was accepted).

Question: About CNI status.

Stephen Page: We’re not, but we’re looking at what would happen if were were designated as such. It could push up our costs. It depends which part of the regulatory system takes us on. We hope it won’t increase prices.

Question: If the broad is critical, what is the plan if anything happened to it?

Rob Binns: Yes, we have a contingency plan. The motion is to remove various members of the board. We’d have to think about how we’d manage that. In any scenario we’ll continue with improved engagement. Didn’t explain what the plan was.

Question: Similar to previous on member engagement.

Mark Wood: Repetitive waffle. Sounds like they’re talking out more difficult advance questions.
James: Bladel: More repetitive waffle. Absolutely nothing that hasn’t been said before. “We need to focus on the future.” “Rebuild relationship”.

Mark Wood: Largest turnout in Nominet’s history. As the whole board has said, Nominet will change as a result of this. I believe it will be easier if we don’t change the board. Closing the member forum was a mistake. We’ll find new and better ways.

We also need to bring the government into management of Nominet as a stakeholder. Nominet delivers brilliant service, does an important job, and does very well.