on
Beep beep

This weekend was spent rewatching all 8 Harry Potter films. It’s nearly the 20th anniversary of the very first film, and I came onboard at MPC during the second film, the Chamber of Secrets when I was a mere pup of 26.

I own all 8 films on both Blu-Ray (HD only) and iTunes (4K). I bought both because I spent many of my 6 years working at MPC working on a Harry Potter film – in fact, I can’t remember a time when something relating to Harry Potter wasn’t happening. I went to Leavesden Studios a few times to set-up or remove kit too. One time I even had a bite to eat at the Warner Bros. café, sitting outside and looking at the scaffolding that made up half of the Dursley’s house in Little Whinging, Surrey.

No film credit (boo – Warner Bros. are stingy with credit allocation), but MPC did a Nice Thing(tm) by taking out this page in Cinefex

Growing up, the film that inspired my imagination most was, of course, Star Wars. It was a film primarily aimed at kids, so it wasn’t difficult to get into or enjoy when I was 3 or 4. Harry Potter was very much a series that starts off as a tale for younger kids, but the story grows with them – as do the characters. Star Wars is difficult to place in this regard- these days it’s still very much a PG thing (and so repetitive to boot), whereas the last three films in the Harry Potter series are quite a bit more dark & violent.

The Whomping Willow. Destroyer of Ford Anglias.

As I made my way through the films, it’s intriguing to see the stars of the film grow up as well with each film. The storyline is compelling, and the characters are believable and relatable, even if it’s set in a fantasy world of wizards and witches and other supernatural delights. Hermione, in particular, is the kind of friend everyone should have. She does tend to put up with a lot of shit throughout the entire story, so how she remains sane by the end of it is anybody’s guess (the same could be said of Harry and Ron, though).

Harry Potter is essentially the story of three best friends, along with a vast array of weird and wonderful supporting characters, fighting the return of a dark lord whilst simultaneously attending school and learning the very skills to be able to defeat him. It’s very impressive. J. K. Rowling sets up her ducks in a row with each film (or book) and then presses the FIRE button when it needs to be pressed. She’s not frightened to put her characters in very dark, very risky situations. And not everybody makes it through.

The Prisoner of Azkaban resonates with me a bit because we had a massive model of the werewolf Professor Lupin turns into towards the end of the film in the office. And it had a removable head. And people would wear it like a hat – just because. That said, The Chamber of Secrets was the first film I got my hands dirty with, especially figuring out the ins and outs of the VPN system WB had set-up (against a 512Kbs ADSL line at Leavesden – but thankfully it got better with subsequent films) and other VFX infrastructure matters.

This version does NOT have a removable head

I also went along to Shepperton Studios during Azkaban’s production, though it was for another film called Wimbledon. Somewhat ironic, don’t you think, that many years later I’d be working IN Wimbledon. Anyway, on my way to the office at Shepperton Studios, I came across the trailers for David Thewlis (who plays Professor Lupin) and IIRC, Professor Snape (Alan Rickman). But even more interesting was this monstrosity poking out the top of one of Shepperton’s sound stages:

It’s big. Seriously big.

It was all good fun (except I got told off for replacing a broken PC on Wimbledon when the resource manager was away – yet the artist working at the studio had to use SOMETHING and that was the only machine I had listed as a spare – I’m glad to be out of VFX because it was things like that which drove me nuts).

Anyway, it was late on Sunday when I finished all 8 movies. I felt sad because we followed the fortunes and misfortunes of a group of plucky youngsters who risked a lot to get where they were, and now we were going our separate ways. Nearly 10 years in the making. And I was also sad because without J. K. Rowling, and as such without Harry Potter, the British film industry would probably not have had such a resurgence between 2000-2010. VFX companies sprung up around Potter. But within that was darkness.

During the Order of the Phoenix, Warner Bros. essentially made an ultimatum – give us more tax credits or we’ll move to Eastern Europe. It must have been a big deal because when the managing director sends every employee an email that wishes the PM (either Gordon Brown or Tony Blair at the time) would increase tax incentives for the studios, it makes you wonder about whether you’re going to have a job later down the road.

And it’s that reason why I feel that we must do something to get away from tax incentives for major US film studios and move to something fairer for the taxpayer. Fairer for VFX vendors. Stop the race to the bottom, and stop the displacement this causes. Besides, these kinds of incentives can lead to tax dodgers (Just “Google” the following: HRMC film tax fraud). State handouts to corporations, especially the film industry, need better management.

Nevertheless, Harry Potter remains one of the most beloved characters and stories this country has produced. And the films are just wonderful. Here’s to another 20 years (but please – no enhancing VFX like Star Wars did).

on

Yes, South Western Railways and smartcards again. But before I start there, I popped into Woking station’s platform 1 waiting room to check up on the lending library there:

They’ve expanded to VHS and DVDs now?!

Quite surprised to see the entire series eight of Inspector Morse there, along with a VHS copy of Carry on Up the Khyber. Good luck to the person whoever manages to find a portable VHS player (a joke I shamefully nicked off a work colleague).

Smart card. Fart card. Whatever.

My replacement SWR smart card has faired as well as the card it was replacing. Bought another single day return ticket to Wimbledon from Woking and went to check that it was valid on the same machine that issued it at Woking station.

The ticket machine managed to do its job properly this time! Give it a biscuit!

ALAS!

The Computer Says No

Went up to the barriers at Woking and the dreaded “Seek Assistance” popped up. Several attempts. No joy. Went back to the ticket machine to verify – yep, it was readable and the ticket was found. So I showed the image above to the ticket inspector who advised that I tap in on a yellow contactless terminal on the platform. That should do it, he said. So I did. Green tick.

Merry-go-round broken down

Then the train I was to get down had developed a fault and I had to make my way to platform three and endure a delay of stopping at every single stop to Wimbledon – but at least I didn’t have to change at Surbiton.

Got to the barriers at Wimbledon:

SWR’s ticketing systems are a useless pile of toss

So more explaining to the guards at the barriers and I was let out. The same will happen again this evening. I am so utterly fed up with the hassle South Western Railway’s smart card system has brought. It should not go wrong this often. I fully blame their IT department for this. It’s as if the ticketing system cannot communicate with the barriers properly to validate tickets.

Hard to believe it’s the 21st century

I’ll probably end up using paper tickets again. But I find these wasteful and a pain in the arse to have to take out of one’s wallet every time they need to go through a barrier or inspected by a train guard/inspector. Furthermore, by the time I’ve got home, the barriers at Woking are unmanned, leaving me with a useless paper ticket. They tend to build up in my wallet. If I remember, they’re discarded in the bin – but I’m sure that somebody will delve in there and try and find a way of reusing it.

I sincerely hope that with all these problems, the franchise owners, The First Group and MTR Corporation, lose the franchise at the earliest opportunity. Since they took over, the service (at least the suburban service) has been bloody dreadful. The ticket system is still stuck in the 20th century and is unreliable as hell.

Hand-written ticket!

On Monday I tried to buy a ticket on the smartcard at Woking station. Paid for it via contactless, and put my ticket on the reader to update it. Uh-oh, the machine had trouble updating my ticket. Tried again. Still problems. So I went to the counter and ask them what to do. They got a notebook which contains special tickets that are handwritten. So I traveled on that for the day – but encountered some resistance at Wimbledon as the guard was not familiar with the SWR smart card system and insisted that I had to get a return ticket from the ticket office. Nope, the ticket office said, the paper I had was sufficient as they couldn’t deal with SWR smart cards. And indeed, within the London zone, none of the ticket machines can handle smart cards. And none of ticket offices, regardless of location, can deal with smart cards either.

Learn. Improve. Maybe unite?

It’s about time that we started to go down the route of TFL and use contactless credit/debit cards. Whether they be physical cards, or virtual cards stored on our phones or smart watches. I’d much prefer to use my phone to act as my ticket than the current system. Travelling with TFL is almost effortless. It’s not without a few problems, but considerably less than that of SWR.

on

(*) Translation: I am in great pain.

So many announcements, so little time..

This year’s WWDC keynote was packed to the gills with a slew of announcements relating to upcoming software features in Apple’s range of products, including the Apple Watch, iPhone, iPad, and Mac. Additionally, the company also announced a whole new redesign of the Mac Pro, a new high-end monitor, and $1,000 monitor stand (I kid you not).

Apple has a rebranding/versioning problem

The iPad is getting a whole new slew of feature enhancements that won’t be found on the iPhone, to the extent that Apple is now referring to the version of iOS for iPad as iPadOS. This now gives us the following OS derivatives based on the Mach kernel/FreeBSD from which OS X originally came from:

  • MacOS – for Mac desktop and laptop operating systems
  • iPadOS – for iPads
  • WatchOS – for the Apple Watch
  • tvOS – for Apple TV HD and Apple TV 4K
  • iOS – for iPhones

So why doesn’t Apple rename iOS to iPhoneOS to identify the operating system specifically for iPhones? I don’t know. I’m assuming iPadOS will be referred to version 13, the same as iOS rather than iPadOS 1. If Apple did change iOS to iPhoneOS, it’d still be version 13 too. Only WatchOS has had significant changes to the version number since it was first released. We’re currently on major version 5, but for iOS and tvOS it’s version 12. For MacOS it’s 10.14. Even I’m finding it difficult to keep up.

Goodbye iTunes – so long, and thanks for all the fish

I’ve been a heavy iTunes user since.. well .. since Winamp died. I migrated over to the iTunes platform on Windows initially long before I had my first Mac, and haven’t looked back since. I’ve tried to leave the iTunes ecosystem a few times, but quite frankly it’s very difficult – particularly because the integration and feature set is very good. The downside is that iTunes has been enormously clunky for quite some time.

So Apple is splitting out music, video and podcasts into three separate applications for the next release of MacOS (called Catalina). This makes sense. I’m an Apple Music subscriber and find that the iCloud Music Library to be extremely useful to sync my own tracks across my iPhone XS Max and Apple Watch series 4. The iTunes store will still be there if I do want to purchase tracks or albums, or movies or TV shows.

The Mac to get 4K movie playback

Apple TV on the Mac will also play 4K content (since many modern iMacs will have 4K or 5K displays) and Dolby Atmos content. It’s no longer limited to Apple TV HD/4K devices. However, my biggest disappointment with Apple in this regard is that iTunes is still not offering 4K television shows for sale. Or TV shows with iTunes Extras content. I feel that Apple’s upcoming video streaming service, Apple TV+, may have had an effect on that. If UHD Blu-Ray content is on the way out, we need a better alternative to just streaming services. People want to buy, download and keep. And they want the extras that come with physical discs.

Apple to stop BASHing MacOS and wants to zig-a-zig-zsh

Apple is, for whatever reason, not a fan of GNU v3 General Public License. As such, the version of the bash interpreter included with MacOS is a little out of date. The zsh shell is more modern, largely backwards compatible with bash and is, in theory, a better option. That said, a good amount of what I do involves bash, so I doubt I’ll be changing over anytime soon.

You’ll be able to use your iPad as a second screen with MacOS Catalina

Something that I look forward to using. The new version of MacOS Catalina will allow users with a modern iPad or iPad Pro as a second screen – with the added bonus that if you have an Apple Pencil, you can use something like Photoshop to sketch on the iPad and it’ll appear on your Mac.

iPadOS will make the iPad more computer-like like never before

Apple has been pushing the iPad and iPad Pro as fully fledged computers. The problem with that is that even with a physical keyboard, key features of the operating system are still incredibly limited.

As well as a new home screen with access to widgets in horizontal view, the icons are now more tightly packed together – allowing more icons per screen. There are new gestures to make it easier to select, copy and paste text – and the cursor should be much easier to reposition.

And you’ll finally be allowed to use a mouse with an iPad! Though it forms part of the accessibility features and effectively emulates fingers – thus it won’t be the same as if you were using MacOS. But I think the new gestures and cursor control should help a bit.

The biggest change is that you’ll be able to plug in a USB hard drive or thumb drive and copy data to and from the iPad like any other file. It’s been mentioned that Apple formatted HPFS+ volumes don’t yet work (which would be silly if you also have a Mac), but may change during the beta/development process.

The iPad will also be able to connect to network shares as well – also offering a way of pulling data into and out of the iPad over the network.

Access to files via USB drive or network drive makes me wonder what would happen if the iPhone XI models ship with USB-C ports instead of lightning ports. It would be a tremendous benefit to have USB-C on the iPhone, but it did, would the Files app also support the use of hard drives and thumb drives as well? And are the other features sufficient to rename iOS on the iPad as iPadOS in that case?

Safari, the default web browser on iPadOS, will be able to use the desktop versions of web sites. Previously this was not possible as Safari always identified itself as a mobile browser, and the web site/app would deliver a mobile-friendly version. It’s not clear whether this will be the default option, or if other browsers such as Chrome will follow suit as it will mean changing the browser identification string. Something I’ll need to bear in mind for work!

In short – iPadOS has more features in it to make an iPad last a good many years as a laptop computer. It’ll always be a locked system, but Apple have opened it up a little more in what it can do that will make it a more attractive option to those on the move.

iPhone users also have a few tweaks to look forward to

I’m so looking forward to disabling limits on the size of app downloads. I have a very generous data allowance with my phone provider, and few humongous apps. But that’s not all – it’s said that apps will launch twice as fast and be half the size. Some serious optimisation work going on there!

I’m definitely looking forward to the new dark mode, and even more so – I like the look of the new Photos app. I use Photos and the iCloud Photo Library a lot across all my Apple devices, so it’ll be interesting to play around with the new features there. Already loving the new layout and can’t wait to start using it.

Pro Macs and Displays

With potential costs of up to $35,000 for a fully tricked out Mac Pro, and the displays costing around $6k including the monitor stand, the new Mac Pro is going to be something for companies or individuals with very deep pockets. The performance will be phenomenal, but it will require substantial effort from developers to make use of those performance enhancements.

VFX, for example, has generally relied heavily on NVIDIA graphics technology – as has anything with big computational needs. That said, when I was working back in VFX, Macs were primarily used for 2D Photoshop work (working with giant size textures).

I think the Apple ProDisplay will do much better in terms of sales – the specifications alone are going to be very tempting for anybody that requires great colour accuracy. And cost point of those monitors – even with the stand – is considerably cheaper than other manufacturers.

Another question that I have is that if Apple is intending to switch from Intel to their own ARM silicon in the future – how far ahead is this, and what about people who have spent tens of thousands of pounds/dollars on these systems only to find that we’re going to be in the middle of another architecture change in 2-3 years time. That’s a very difficult question to answer right now, but I believe Apple *will* do it at some point. Given the number of speculative vulnerabilities that are cropping up in Intel CPUs, people (and Apple) are going to be fed up with Intel.

(*) From the Adult Sim cartoon series, Rick & Morty. “Wubba lubba dub dub” was Rick’s catchphrase.

on

I had originally written and long and waffly review last week, but I felt it was too nitpicky, but more specifically, too waffly. So I thought I’d try giving it another go.

I’ll start off by saying that alongside Peter Harness’ and Toby Hayne’s adaptation of Jonathan Strange & Mr. Norrell, Good Omens is one of the most faithful book adaptations I’ve ever come across.

It’s been some time since I last read the book, and indeed, I gave my only copy away a few months ago at Woking Railway Station so that others can enjoy the madcap antics of the angel Aziraphale and the demon Crowley. But as the series progressed, it all came flooding back.

The Good Omens TV mini-series shares a number of people across different Neil and Terry projects. For starters, the director Douglas Mackinnon and executive producer Caroline Skinner have both worked with Neil Gaiman on Doctor Who. Not forgetting David Tennant, of course. Gavin Finney (director of photography) and Rod Brown (executive producer) have worked together across Terry’s previous television adaptations: Hogfather, The Colour of Magic and Going Postal.

Cast-wise, perhaps only a budget afforded by a joint production with BBC Studios could pay for the likes of an all-star cast including Frances McDormand, Nick Offerman, Jon Hamm, Michael McKean, Michael Sheen, David Tennant, Miranda Richardson, Brian Cox, David Morrissey, and Benedict Cumberbatch. Though given how well read Good Omens is with the cast, I’m sure they’d have given up a hefty chunk of their usual salary to appear in the show. Though given Jeff Bezos is the world’s richest man, planning on some major space initiatives, he could afford to pay everybody on this production handsomely – several times over.

But it is the cast which makes this show so much fun to watch. Clearly Michael Sheen and David Tennant are having so much fun playing Aziraphale and Crowley respectively. These two hereditary enemies form a close bond over the many centuries since humanity was kicked out of the Garden of Eden, and are very happy with the status quo of things in the world (occasionally getting involved to help things along a bit). So when the Apocalypse comes a-calling, they’ve got to do something about it. They are the ultimate odd couple.

During their adventures, we come across weird and wonderful characters such as Agnes Nutter, a witch, who has written the world’s only truly accurate book of prophecies, which is inherited by her ancestor Anathema Device who sets out to stop the antichrist. But it turns out everybody has misplaced him. He was supposed to be given to the American Ambassador, but it turns out that the antichrist was given to an ordinary couple who raised him lovingly in a small village near an American airbase. His name is Adam, and on his 10th birthday when he wishes for a dog of his own, hell sends him a hell hound. But as he doesn’t know he is the antichrist, he just wants a small puppy. And the hell hound must obey him. So we see this big, snarling, more-teeth-than-should-be-healthy-for-a-dog, suddenly transform into the world’s cutest puppy.

We meet Newton Pulsifer, a man who loves computers, but every time he goes near one, it breaks. He ends up working for Witchfinder Sergeant Shadwell, who is absolutely convinced witches still exist and is recruiting people for his army. And it doesn’t require the use of computers.

We also meet the four horsemen of the Apocalypse who have modernised somewhat and now ride motorcycles. Except Pestilence has now retired and has been replaced by Pollution.

All these characters weave in and out of each other in order to find the antichrist and put a stop to the Apocalypse. Aziraphale and Crowley both have to contend with their relevant superiors. There’s a lovely scene in which Hastor, one of the Dukes of Hell, literally gets caught up in a telephone answering machine and is only freed when a cold calling “we understand you have been involved in an accident” agent calls Crowley’s phone. I feel a lot of people will be satisfied how that one plays out.

It’s such a fun show that the 6 hours simply fly by. It does very much feel like a 6-hour film – especially as it’s shot in 2.35:1 aspect ratio which is a much wider format than most TV shows (though an increasing number of TV shows are adopting that format – the most noticeable has been the excellent Fleabag).

I must admit I was moved to tears during the last episode. The last 30 minutes were mainly spent snot-filled sobbing. A vital part of good storytelling is making you care enough about the characters. And it wouldn’t be too long before it’s all over. But I was crying mainly because this felt like a very final, long goodbye to the wonderful Sir Terry Pratchett who couldn’t be around to see just how bloody good this all was.

The ending also caught me out. We end on the song, “A Nightingale Sang in Berkeley Square”, performed by Tori Amos, and that’s when the tears started flowing again.

But I can’t be too sad about the ending. Neil Gaiman has a deal with Amazon Studios for more things, and Narrativia, Terry Pratchett/Rhianna Pratchett/Rod Brown/Rob Wilkins production company, has a few projects up their sleeves too.

Good Omens comes highly recommended. Very, very funny, emotionally satisfying, and tremendous fun. TV shows rarely tick all the boxes, but this one absolutely does. I’d highly recommend the 4K version – which requires that you use Amazon Prime Video’s search function. Just do a search for “good omens” and you’ll find it in the search results. If you have a 4K TV, do yourself a favour and watch it in 4K.

(P.S. I would also highly recommend Dirk Magg’s audio adaptation of Good Omens too – available via Audible)

on

You’ll have seen the adverts on TV. Well, I did too. And I thought – have they possibly changed in the few decades I’ve known them? They’ve always been in the back of mind – but not in a good way (especially when it came to domains). Has the rebranding done any good?

Bargain Hunt

I like a bargain as much as anybody else does, and although I’ve been very happy with DigitalOcean, 1&1 IONOS’ VPS service for £1.20/month for 6 months before another 6 months of £24/month seemed quite reasonable for the specifications on offer (4 vCPU, 8Gb RAM and 160Gb SSD).

I know my own address, thanks..

So I signed up early last week. The first thing that drove me insane was their postcode/address lookup function when entering your address as a new customer. I have constant problems with postcode databases not getting my address properly and 1&1 are no different. After entering my postcode, the system told me my address was wrong and I couldn’t move forward with completing the registration form unless I accepted their version of my address (which is wrong). So I just accepted it. When it came to payment, a similar problem, but the system seemed to accept it and was charged £1.20 just fine.

It wasn’t until later the following day I received the account set-up confirmation email and I proceeded to log in and start getting things set-up. The very first to do was to lock down the server so that only I could connect to it from my home and work IP addresses for the purposes of SSH access (command line access). 1&1 IONOS comes with a firewall, so I started to configure it. As I also use CloudFlare for caching, WAF and firewall, I started to configure the IONOS firewall for that – though I note that the documentation for the firewall doesn’t mention you can use CIDR notation for the allowed IPs. The web form will accept them though! According to the official firewall docs, you can specify a range of IPs with a dash, but since CIDR is a perfectly normal and standard notation for IP ranges, I’d try that (it saves typing). After a while (as CloudFlare has a fair number of IP ranges), everything looked set to go. CloudFlare’s servers were the only ones that could connect to TCP port 443.

Let me explain how CloudFlare works, as you’ll find that neither 1&1 IONOS engineers or my “personal consultant” understand how systems like CloudFlare or Akamai work (I’ve been using CloudFlare for at least 7 or 8 years, and Akamai for 2).

How does CloudFlare work?

When you request a page from my blog, the request goes to CloudFlare. CloudFlare does a few security checks first of all, then, if you’re not a naughty bot or person, it checks to see if the page already exists in its cache. If not, CloudFlare – and ONLY CloudFlare – will connect to my VPS securely to retrieve the page and serve it to you. You, as a requester cannot bypass CloudFlare to get to my VPS directly unless I specifically disable proxying within CloudFlare (my DNS is hosted with CloudFlare so any changes I make should be almost immediate).

Too hot to trot?

When I set-up the 1&1 IONOS VPS server, it took me about 30 minutes to get everything running including moving everything off DigitalOcean and installing MySQL, PHP and nginx. I’ve written scripts which perform much of the set-up for me – and everything is checked into BitBucket so that I can retrieve those scripts at any time from anywhere. I also have many backups at Backblaze B2, courtesy of rclone (written and maintained by my former boss at Memset Hosting Ltd.)

ALAS!

CloudFlare could not talk to the 1&1 IONOS VPS. Connection timed out every time. I set-up a firewall rule to allow myself direct access to the VPS via port 443) to test that the LNMP stack was working correctly. It was. Output from netstat showed everything was fine. No local firewall was running, and iptables rules were clear and set to accept. And yes, I had changed the IP addresses in CloudFlare’ DNS to the new shiny VPS.

How about you try turning it on and off again?

So I utilised 1&1 IONOS’ live chat system for technical support. They’re fast, but they wanted to know why I was locking off port 443 to specific IPs. I explained I was using CloudFlare. I checked with them if the syntax of the firewall rules were correct. Apparently, they were. Their advice? Open port 443 to the world. I asked them if they had any experience with CloudFlare or Akamai or any other similar service. The whole point with these systems is that it acts as a barrier between the internet at large and your origin servers. The origins which host your application should never be exposed externally but only through CloudFlare, Akamai or whoever.

So I called my “personal consultant” for help by submitting a request for a callback. Within a minute or two I was connected. I explained the problem to him and he went away and spoke to the technical people. Their explanation was how CloudFlare was returning client IPs. Which is absolute bull. See my explanation further above. The connecting IPs are the ones that I defined in the firewall. The same IPs I had been using at DigitalOcean with their firewall. Client IPs that come in are passed to the original server in the form of a header (and my nginx configuration looks at that header and parses the real IP which is then available in the server logs) – but that’s got nothing whatsoever to do with CloudFlare’s servers connecting to my VPS.

No experienced sysadmin should touch 1&1 with a bargepole..

While I was still talking to the chap on the phone, the blog suddenly spluttered into life. But it is not obvious why. The firewall rules didn’t look to have changed. But still, I didn’t like the explanation whatsoever from their technical department as to how CloudFlare operates and the encouragement of opening TCP port 443 to the world. I had to explain that I’m a systems administrator of some 22 years, having worked for two Academy Award-winning VFX companies, and now help manage multi-million-pound websites for some very high profile clients and have extensive experience with CloudFlare. So I cancelled the account there and then.

ALAS!

I was transferred to the US division of 1&1 for cancellation. But after 10 minutes or so, I was put through to the right person who cancelled the account for me. And I received this email:

Every. Single. Image. Broken.

SIGH.

I’ve gone back to DigitalOcean again (~£10/month for third of the resources). But in order to test my DR (disaster recovery) plan, wiped the old server, set-up a new one, and restored everything from my Backblaze B2 backups. It all works perfectly.

CloudFlare had no problem connecting to my new VPS at DigitalOcean. New IP and everything. That’s how 1&1 IONOS should have worked out of the box. I blame their firewall and their documentation. And possibly lack of experience of IDS/WAF/CDN systems such as CloudFlare.