I’m on an adventure. I have run a farm of Linux-based servers for decades, but for my desktop experience I have been using Macintosh computers since 1984. I’m a big fan of FOSS, and after I retired and could afford to have my workflow disrupted, I decided to switch to Linux for my desktop.
Category: sysadmin (Page 1 of 3)
My latest project, QRazy.fun (“crazy-fun”) is now open for public beta. It’s a simple site that lets you slap a pre-printed QR code label on anything, then give it a label and description using any smart phone. It’s free. There is no app to install. There are no ads. There is no tracking or collection of personal information.
A family member recently asked me about password managers. As it happened, I had recently had a string of Very Bad Experiences with same, so had been thinking about it entirely too much. Here’s how I answered:
It’s time to pay off some technical debt!
I have been running an email server since forever. Way back in 2004 I switched Linux distros to the newly-hatched Ubuntu. There were things I liked about it, particularly when they started offering long-term support (LTS) versions that would receive updates for years. I was running Postfix for the MTA and Dovecot for the user-facing side, and everything went really well. Every two years, a new LTS release of Ubuntu would come out, I would upgrade and spend most of a day cleaning up the inevitable rough edges, and Life Was Good™.
Privacy seems to be the latest casualty of COVID-19. I guess because I am involved in the information security community, I thought everybody knew about the atrocious privacy policies and reprehensible actions of Zoom. I was shocked to discover that Matthew and Joshua’s school district is planning on forcing children to use this platform whose policies probably make Mark Zuckerberg envious. Here is what I wrote to them today:
Back in 2014, most of my servers were using Ubuntu. In April of that year, a long-term support (LTS) version was released and I migrated the servers to it. LTS releases are supported for five years—it seemed an eternity at the time.
In April 2016, the next LTS release came out. By then, I probably had close to 50 servers running a handful of distributions. All the Ubuntu-based servers migrated successfully except for two (four, actually, as each of those servers had a hot backup). One of those handled the office phones (asterisk, hylafax, IAXmodem), the other mostly handled email (postfix, dovecot, spamassassin). Those machines died horribly when I attempted to upgrade to 16.04 (saved by backups!) and, since they handled critical services, I decided to leave them on 14.04. After all, I had until 2019 to upgrade.
Plenty of time.
Most email users are blissfully unaware of the magnitude of the spam problem. Major email providers do a pretty good job of filtering, so you might see little or no spam in your inbox. Even the stuff that gets sent to your “spam folder” is only a tiny fraction of the spam that gets sent to you. That hides the magnitude of a really big problem, and one you pay for even if you don’t realize it.
If you don’t know what IPv4 and IPv6 are, this post isn’t for you.
If you know, and are wondering how you might implement IPv6, this might be of interest. We handle http/https requests using a white box router running Debian. Until recently, we were IPv4 only, and the router used NAT to connect to an existing subnet with a local IPv4 address space (in the 10.x.x.x range). What makes it odd is that the subnet is also reachable through a different IPv4 address and NAT—it’s ancient history in a network that has been running since the 1990’s.
I have written before about the horror that is systemd. I was just bitten again.
Continue reading
A year or so ago, I was looking for a new phone. I had been using a Google Nexus 6 for two years, ever since I became a beta tester for Project Fi. I loved Project Fi (Google is eversomuch cooler than any other cellular carrier/MVNO in the US), but getting timely updates—even security updates—for the Nexus was like pulling teeth, and they dropped support for what had been their flagship phone barely a year after I bought it. Add to that the fact that there’s no effective private backup solution for Android devices, and I didn’t have any real choice. I had an old iPhone 5 that I had owned for maybe four years, and it was still running the latest version of iOS with all the security updates delivered instantly, while my three-years-newer Android was a security breach waiting to happen.
