I have mentioned before that I really, really, really do not like systemd. Whilst it remained a simple replacement for init (albeit with some peculiarites) I could put up with it so long as it didn’t get in my way, or my way of working. After all, if all the major distro developers were convinced …
Category: coding and admin
Permanent link to this article: https://baldric.net/2022/02/03/no-systemd/
Oct 15 2021
zuck off facebook
Or how to block the entire Facebook network. In my last post on Facebook’s misfortunes I mentioned that my wife initially blamed me, assuming it was just local and that I had made some new change to my local network configuration. Now whilst I do actually bin some of Facebook’s more annoying subdomains (such as …
Permanent link to this article: https://baldric.net/2021/10/15/zuck-off-facebook/
Sep 04 2021
stop starttls
I have been a subscriber to Hanno Böck’s Feisty Duck TLS Newsletter for some time. Böck’s newsletters provide a useful service to TLS users. I am also a big fan of Ivan Ristić’s “Openssl cookbook” which is available as a free download from the Feistyduck website. A couple of days ago the latest Feistyduck newsletter …
Permanent link to this article: https://baldric.net/2021/09/04/stop-starttls/
Jun 06 2020
encrypting DNS on android
My previous two posts discussed the need for encrypted DNS and then how to do it on a linux desktop. I do not have any Microsoft systems so I have no idea how to approach the problem if you use any form of Windows OS, nor do I have any Apple devices so I can’t …
Permanent link to this article: https://baldric.net/2020/06/06/encrypting-dns-on-android/
May 25 2020
encrypting DNS with dnsmasq and stubby
In my last post I explained that in order to better protect my privacy I wanted to move all my DNS requests from the existing system of clear text requests to one of encrypted requests. My existing system forwarded DNS requests from my internal dnsmasq caching servers to one of my (four) unbound resolvers and …
Permanent link to this article: https://baldric.net/2020/05/25/encrypting-dns-with-dnsmasq-and-stubby/
Jul 07 2019
openvpn clients on pfsense
In my 2017 article on using OpenVPN on a SOHO router I said: “In testing, I’ve found that using a standard OpenVPN setup (using UDP as the transport) has only a negligible impact on my network usage – certainly much less than using Tor.” That was true back then but is unfortunately not so true …
Permanent link to this article: https://baldric.net/2019/07/07/openvpn-clients-on-pfsense/
Dec 12 2018
wordpress 5.0 editor error
When I posted yesterday I noticed that there was a new version (5.0) of wordpress available for installation. So I decided to spend a short while today upgrading as I always do when a new software version is released. But I hit a snag – a big one. The new version of wordpress includes a …
Permanent link to this article: https://baldric.net/2018/12/12/wordpress-5-0-editor-error/
Jan 30 2017
variable substitution – redux
Back in October last year, I posted a note about the usage of variable substitution in lighttpd’s configuration files. In fact I got that post very slightly wrong (now corrected) in that I showed the test I applied in the file as: “$HTTP[“remoteip”] !~ “12.34.56.78″”. (Note the “!~” when I should have used “!=”). This …
Permanent link to this article: https://baldric.net/2017/01/30/variable-substitution-redux/
Oct 19 2016
variable substitution in lighttpd
I’ve been a lighty user for many years now, having junked apache when it became obviously overweight for my target devices (the slugs in particular). Trivia is, of course, powered by lighty as are all my other websites. Lighty’s configuration file syntax is reasonably simple to understand, and is well documented on the Redmine wiki. …
Permanent link to this article: https://baldric.net/2016/10/19/variable-substitution-in-lighttpd/
May 02 2016
raid performance
I have recently been building a new NAS box (of which, possibly, more later). In fact the build is really a rebuild because I initially built the server about three years ago in order to consolidate a bunch of services I was running on assorted separate servers into one place. That first build was a …
Permanent link to this article: https://baldric.net/2016/05/02/raid-performance/
Jan 21 2014
backblaze back seagate
In October last year I noted that the Western Digital “Green” drives in my desktop and a new RAID server build looked to be in imminent danger of early failure. That conclusion was based on a worryingly high load-cycle count which a series of posts around the net all attributed to the aggressive head parking …
Permanent link to this article: https://baldric.net/2014/01/21/backblaze-back-seagate/
Dec 30 2013
http compression in lighttpd
Today I had occasion to test trivia’s page load times. I used the (admittedly fairly dated) website optimization test tool and was surprised to find that it reported that parts of the pages I tested were not compressed before delivery. I have the default compression options set in my lighty configuration file as below: compress.cache-dir …
Permanent link to this article: https://baldric.net/2013/12/30/http-compression-in-lighttpd/
Dec 07 2013
TLS ciphers in postfix and dovecot
A recent exchange amongst ALUG email list members about list etiquette resulted in a flurry of postings on a variety of related topics. I posted a flippant comment about top posting, but did so (deliberately) from my Galaxy tab using Samsung’s default email client which actually forces top posting. Steve responded suggesting that I look …
Permanent link to this article: https://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/
Oct 12 2013
wd caviar green load cycle count
Back in January of this year I upgraded my desktop’s hard drive to a 2 TB WD Caviar Green. Not the world’s fastest drive, but quiet, power efficient, and, so I thought, good value for money. I subsequently used two of the same disks in a new build RAID 1 server (which I must get …
Permanent link to this article: https://baldric.net/2013/10/12/wd-caviar-green-load-cycle-count/
Aug 03 2013
security failure at digital ocean
This morning I received an email from Digital Ocean titled “Avoid Duplicate SSH Host Keys”. The email said: “If you have created an Ubuntu Droplet or snapshot prior to July 2nd, DigitalOcean recommends regenerating the SSH host keys. Droplets based on standard images now create unique SSH host keys.” (This, of course, implies that they …
Permanent link to this article: https://baldric.net/2013/08/03/security-failure-at-digital-ocean/
May 27 2013
lighttpd graceful shutdown
I run two tails mirrors. One in NYC, the other in SanFrancisco. They each serve around 2-3 TiB of data per month. In common with my other servers, occasionally I need to interrupt those VMs in order to effect a system upgrade. I had to do this very recently with my upgrade of all my …
Permanent link to this article: https://baldric.net/2013/05/27/lighttpd-graceful-shutdown/
Mar 26 2013
using an ssh reverse tunnel to bypass NAT firewalls
There is usually more than one way to solve a problem. Back in October last year I wrote about using OpenVPN to bypass NAT firewalls when access to the firewall configuration was not available. I have also written about using ssh to tunnel out to a tor proxy. What I haven’t previously commented on is …
Permanent link to this article: https://baldric.net/2013/03/26/using-an-ssh-reverse-tunnel-to-bypass-nat-firewalls/
Feb 28 2013
touching update
I have recently upgraded the internal disk on my main desktop from 1TB to 2TB. I find it vaguely astonishing that I should have needed to do that, but I do have a rather large store of MP4 videos, jpeg photos and audio files held locally. And disk prices are again coming down so the …
Permanent link to this article: https://baldric.net/2013/02/28/touching-update/
Jan 13 2013
what a difference a gig makes
During the new year period when I was having a little local difficulty with thrustVPS, I started looking around for alternative providers. My first port of call was lowendbox. That site lists many VPS providers and is often used by suppliers to advertise “special deals” for short periods. Indeed, I think I intially found thrust …
Permanent link to this article: https://baldric.net/2013/01/13/what-a-difference-a-gig-makes/
Jan 11 2013
dovecot failure
Today I ran a routine apt-get update/apt-get upgrade on my mailserver and dovecot failed afterwards. This is a “bad thing” (TM). No routine software upgrade should cause a failure of the kind I experienced. Two things happened which should not have done. Firstly the SSL certificates appeared to have changed (which meant that mail clients …
Permanent link to this article: https://baldric.net/2013/01/11/dovecot-failure/
Dec 19 2012
no sites are broken
Or so the wordpress post at wordpress.org would have us believe. However, I think there is flaw in both their logic, and their decision making here. I spotted the problem following an upgrade to wordpress 3.5 on a site I use. One of the plugins on that site objected to the upgrade with the following …
Permanent link to this article: https://baldric.net/2012/12/19/no-sites-are-broken/
Nov 16 2012
forcing innodb recovery in mysql
Today I had a nasty looking problem with my mysql installation. At first I thought I might have to drop one or more databases and re-install. Fortunately, I didn’t actually have to do that in the end. I first noticed a problem at around 15.45 today when I couldn’t collect my mail. My mail system …
Permanent link to this article: https://baldric.net/2012/11/16/forcing-innodb-recovery-in-mysql/
Oct 27 2012
using openvpn to bypass NAT firewalls
OpenVPN is a free, open source, general purpose VPN tool which allows users to build secure tunnels through insecure networks such as the internet. It is the ideal solution to a wide range of secure tunnelling requirements, but it is not always immediately obvious how it should be deployed in some circumstances. Recently, a correspondent …
Permanent link to this article: https://baldric.net/2012/10/27/using-openvpn-to-bypass-nat-firewalls/
Oct 20 2012
grep -R doesn’t search amazon
Towards the end of last month, following the release of the unity lens in ubuntu which searches amazon, “akeane” posted a bug report on launchpad complaining that “grep -R doesn’t automatically search amazon”. In his first posting he said: Dear “root owning” overlords, When using grep recursively I only get local results: grep -R fish_t …
Permanent link to this article: https://baldric.net/2012/10/20/grep-r-doesnt-search-amazon/
- 1
- 2