lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

70
active users

#SysAdmin

17 posts17 participants5 posts today

You Have Installed OpenBSD. Now For The Daily Tasks.

Despite some persistent rumors, installing OpenBSD is both quick and easy on most not too exotic hardware. But once the thing is installed, what is daily life with the most secure free operating system like?

More at nxdomain.no/~peter/openbsd_ins #openbsd #development #devops #security #sysadmin #maintenance #freesoftware #libresoftware #bsd #unix #unixlike (from 2024)

nxdomain.noYou Have Installed OpenBSD. Now For The Daily Tasks.

This is a CPU graph of a web host that began having AI bots absolutely slam it starting at 4am UTC.

I blocked all Chrome user agents older than 120 at about 10:45 UTC.

These AI bots aren't using "nice" names like ChatGPT or AmazonBot. No, more like Chrome/116 or similar and they come from ALL OVER.

I am so tempted to put Iocaine or Nepenthes on the machine to generate Markov Chain garbage to poison the well, but I'd have to have Nginx map the older user agent string with regex. It probably could be done but this might piss off my employer. 😂

For many years, I’ve been silent - but I’ve been doing a lot. Some of it I’ve shared, some I will.

One project has already been partially revealed: ITNBlog, my Python-based static site generator that’s been quietly building my blog for a while now. I haven’t (yet) published the code - it’s not exactly beautiful (I’m no coder, and it’s not a daemon, it just spits out HTML) - but there’s some info here: itnblog.dragas.net

But there’s another “program” (though calling it that says a lot about my approach 😄), which I started back in 2015 for personal use - and I’ve been using it ever since. Over the years, I’ve expanded and reshaped it so much that it’s grown into something big. Big enough that some people might raise an eyebrow at how it’s structured. But it works. And considering everything, it’s efficient enough. Plus, it has a little bonus that I think some of you will appreciate.

I’ve used it for years on macOS and FreeBSD. This morning, I re-tested it on OpenBSD - and it ran flawlessly, thanks to the OS’s rock-solid stability. It also works on Linux, and I plan to try it again on NetBSD - though I’m pretty sure it’ll be fine there too.

I’m considering releasing it before ITNBlog - but I’d like some time to review it properly. Still, I think it’s coming soon… and it might be a curious little surprise 😉

Stay tuned!

itnblog.dragas.netITNBlog - Modern Static Site Generator for BlogsITNBlog is a modern, efficient static site generator designed specifically for blogs. Create fast, SEO-friendly websites with Markdown content and powerful customization options.

Gah. Spinning wheels of zero progress for hours on end. How is Microsoft still.. why.. why? They've had decades to get better at building operating systems & yet updates still frequently freeze up and systems are *wildly inept* at displaying a modestly accurate progress bar. It's actually sort of impressive how much Windows continues to suck.
Just give me ssh access and root 🐧
#sysadmin #Microsoft #windows #Linux

Replied in thread

System Administration

Week 8, The Simple Mail Transfer Protocol, Part III

In this video, we look at ways to combat Spam. In the process, we learn about email headers, the Sender Policy Framework (#SPF), DomainKeys Identified Mail (#DKIM), and Domain-based Message Authentication, Reporting and Conformance (#DMARC). #SMTP doesn't seem quite so simple any more...

youtu.be/KwCmv3GHGfc

Replied in thread

System Administration

Week 8, The Simple Mail Transfer Protocol, Part II

In this video, we observe the incoming mail on our MTA, look at how STARTTLS can help protect information in transit, how MTA-STS can help defeat a MitM performing a STARTTLS-stripping attack, and how DANE can be used to verify the authenticity of the mail server's certificate.

youtu.be/RgEiAOKv640

This is one of those post-migration mornings when you wait for the phone to ring because someone might have had/have a problem, but you hope it doesn't ring because that would mean no one has had any issues. So far, everything is fine. 🤞

Another round of “hey, your server is down!” drama from the "we need moar kubernetes!" crowd.

“I can’t reach your server, it must be down.”

I connect. Everything’s fine.

A few emails later, I ask to access the container. The dev says he can’t - doesn’t know how. He’s a nice guy, though, so he gives me the credentials.

I log in and find the issue: someone pushed a workload to production (cue Kubernetes! Moooaaarrr powaaaarrr! We have the cloud! Who needs sysadmins anymore?!) with DNS set to 192.168.1.1.

Of course, it fell to me to investigate, because the dev couldn’t even get a shell inside his container. And it's ok, as he's a dev - and just wants to be a dev.

Once I pointed it out, they rebuilt the container with the correct config and - TADA! - everything worked again.

Then he went to check other workloads (for other clients, not managed by me) that had been having issues for weeks... Same problem.

It was DNS.
But it wasn't DNS.

#IT#SysAdmin#DNS