October 2024

For posterity, here is a description of the trees that we planted in September 2021.  All were purchased from Prairie View.  I'll say they were fine but I'll check out somewhere else next time.  We went with fairly large trees and I think it was a worthwhile expense do to so.  They were all extensively watered for the first fall and then two summers.  I did almost no watering in 2024, which was helpfully a pretty wet year.

Boulevard Linden

We planted two of these in the boulevard at $327 each. These seem to be slow growers but I'm sure someday they will be mighty trees!  Just now in 2024 we finally see significant growth on the top of the north tree (more sun on that one since the south tree is shaded--my theory).  Info 

Medora Juniper

A sort of privacy screen is formed by these in the side yard.  $96.50 each.  These have been growing at a great pace and staying very shapely.  Water/ice falling from the porch onto one has not really harmed it so the hardiness is impressive.  Info

Dwarf Korean Lilac

Three of these serve as show-pieces at the very front of the yard.  I have been able to keep them trimmed in nice ball shapes.  Ideally these would be just big enough that they go just up to the sidewalk but not over the edge.  They have several years before that will be a problem.  These are grafted trees, $218 each.  The flowers only seem to last two days.  Info

Northern Empress Elm

This tree is in the middle of the front yard and has really started to nicely shade the porch area.  It has grown rapidly and has an impressive trunk.  Rated to grow 28 feet tall and 24 feet wide, it should not overwhelm the front yard.  It grows a ton of downwards drooping garbage branches so I get lots of practice pruning.  Apparently this was first available in 2021, the year we got it.  $312 for the pleasure!  Info

Hot Wings Tatarian Maple

I thought for sure that the leaves would be the hot-wings-colored part of this, but I see now that it is the seeds.  That does make sense, since the seeds (samaras, aka helicopters) are like wings, and that is what they say turns red.  $186 for this one.  It had 6 main shoots going straight up in a bundle for the first two years, and they were very annoying in the way that they tangled with each other, but now they have matured out to do their own thing and the tree looks good.  This one is in the side yard.  I imagine that people think it is dumb to put a maple tree right between two kind of close houses and with overhead power lines nearby, but this tree should only grow to 18 feet in both height and width so should fit nicely as a mature tree.  Info

Prairie Expedition Elm

A big tree for the big back yard.  Our neighbor Joyce has a nice big elm in her back yard and hopefully this one can fill in the skyline once that one has moved on.  This grows at a ridiculous rate, with many new 8' shoots each year.  They are too long and susceptible to wind damage so sometimes I cut the ends off.  This one was kind of a disorganized wreck when we got it, with a dead and sideways leader, so who knows if it will turn out to be a decent tree.  Maybe some good pruning tactics will become obvious as it continues to grow over the next few years.  Dutch-elm-disease resistant.  $280.  Info

Shrubs/flowers

Tiny Tortuga Turtleheads on each side of the front gate.  Mammoth Yellow Quill Daisies to the south of the gate.  Fulda Glow Sedum by the turtleheads.

I ran into trouble connecting to some old network gear this week.  It seems that the hmac-sha1 MAC was removed from the default client connection settings.  And then next I was having some trouble with the host key algorithm--the host key algorithm ssh-rsa was removed too.  They are still supported so can be specified manually in the client config file, such as this set that I use for older Extreme switches:

Host switch-1.domain.tld
    KexAlgorithms diffie-hellman-group1-sha1
    HostKeyAlgorithms ssh-dss
    Ciphers aes256-cbc
    MACs hmac-sha1
    HostKeyAlgorithms ssh-rsa

The errors I was getting:

Unable to negotiate with 192.168.1.1 port 22: no matching MAC found. Their offer: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa

You can see the difference in old and new ssh -vv outputs:

A Windows Server 2022 example:

OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
<snip>
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

Freshly updated (2024-10-15) Windows 11 example:

OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2
<snip>
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512

The changes can be found in the myproposal.h file.  Below is a before and after of the MAC section since the diffs on GitHub seemed confusing to me.

Before:

#define    KEX_SERVER_MAC \
    "umac-64-etm@openssh.com," \
    "umac-128-etm@openssh.com," \
    "hmac-sha2-256-etm@openssh.com," \
    "hmac-sha2-512-etm@openssh.com," \
    "hmac-sha1-etm@openssh.com," \
    "umac-64@openssh.com," \
    "umac-128@openssh.com," \
    "hmac-sha2-256," \
    "hmac-sha2-512," \
    "hmac-sha1"

After:

#ifdef WINDOWS
#define    KEX_SERVER_MAC \
    "umac-64-etm@openssh.com," \
    "umac-128-etm@openssh.com," \
    "hmac-sha2-256-etm@openssh.com," \
    "hmac-sha2-512-etm@openssh.com," \
    "umac-64@openssh.com," \
    "umac-128@openssh.com," \
    "hmac-sha2-256," \
    "hmac-sha2-512,"
#else
#define    KEX_SERVER_MAC \
    "umac-64-etm@openssh.com," \
    "umac-128-etm@openssh.com," \
    "hmac-sha2-256-etm@openssh.com," \
    "hmac-sha2-512-etm@openssh.com," \
    "hmac-sha1-etm@openssh.com," \
    "umac-64@openssh.com," \
    "umac-128@openssh.com," \
    "hmac-sha2-256," \
    "hmac-sha2-512," \
    "hmac-sha1"
#endif

They did an #IFDEF so that this only affects the Windows client.

And the changes for the ssh-rsa setting were made way back in 2021 yet took until now to reach my PC.

I have added a new node to my Proxmox cluster--a Qotom 1U rackmount device.  This came to my attention via a pretty thorough STH review.  This hits a sweet spot for me.  I want to have ~5 nodes in my cluster for Ceph reasons but don't have a ton of continuous load going on.  Because capacity and power draw will both be multiplied by five, I don't need a lot of compute/storage per node and want to keep power draw low.

Interlude on my disk selections

Ideally each would have one OS drive and two or three Ceph OSDs.  I am trying to do SSDs with power loss protection so selection is a bit limited.  But usually I can find used enterprise SSDs with this feature for approximately the same price as decent new consumer SSDs.

The system features two NVMe slots and two SATA ports.  I would have preferred OS on SATA and then fill both NVMe slots with OSD disks.  But it is difficult to find 80mm enterprise NVMe SSDs of 2TB or 4TB capacity. The Samsung PM983 would be perfect but it is a 22110 size (110mm long) and while I am always down for funky NVMe hold-downs, this case has a hard stop on length shortly after 80mm where the chassis wall is.

So I ended up with a Samsung MZ-7LH3T80 3.84TB disk which is SATA but will be fine.  And I picked up a Micron 7300 Pro 480GB as the OS disk (no need for an enterprise disk here but I didn't have any other 80mm units around so figured if I am going to be spending $45 anyways for a decent one I might as well do it).  Both used.

On with the main event

The server comes with one SATA power+data cable, and the power cable is non-standard.  The STH review used the cable from their second unit to hook up two SATA disks but no one sent me a second server!  Some searching revealed that this connector is described as a "PH2.0 small 4-pin" cable.  Or more specifically it is JST's PH series connector which features a 2.0mm pitch.

I was able to find a SATA assembly including the power and data cables on AliExpress.  But don't get that one.  The right-angle data plug is bent the "wrong" way and won't fit on the motherboard!  This one looks to be correct based on the picture (warning: the power pins aren't correct).

Not wanting to wait for a new delivery, I simply cut the disk-end connector in half with a bandsaw so that I could use only the power portion, and paired that with an on-hand old SATA data cable.

The computer would not boot with this hack-job connected.  So my first suspicion was the powercable pin order as the colors were different from those on the in-box cable.  I was able to rearrange the pins and things worked.

The drive side of the power cable has wires in this order: black, red, black, yellow.  I moved those first two (black and red) on the motherboard end to be similar to the cable that came with the server and it is running fine. (aka use the black wire that seems to be paired with the red)

The pins have a barb that holds them in the plastic connector.  You can poke or bend the barb with something tiny--I use the "SIM" bit in my iFixIt screwdriver kit.  And then try to bend the barb back out before re-seating the pin in the new home.