Ok, maybe I should wait a bit, but I feel like giving a little preview, incomplete...
I’ll make a proper post to announce it when ready, but you can already take a look at the themes 
Pictures are random from picsum and will change at reload
The code hasn't been released, yet. I need to fix some things.
You Have Installed OpenBSD. Now For The Daily Tasks.
Despite some persistent rumors, installing OpenBSD is both quick and easy on most not too exotic hardware. But once the thing is installed, what is daily life with the most secure free operating system like?
More at https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html #openbsd #development #devops #security #sysadmin #maintenance #freesoftware #libresoftware #bsd #unix #unixlike (from 2024)
This is a CPU graph of a web host that began having AI bots absolutely slam it starting at 4am UTC.
I blocked all Chrome user agents older than 120 at about 10:45 UTC.
These AI bots aren't using "nice" names like ChatGPT or AmazonBot. No, more like Chrome/116 or similar and they come from ALL OVER.
I am so tempted to put Iocaine or Nepenthes on the machine to generate Markov Chain garbage to poison the well, but I'd have to have Nginx map the older user agent string with regex. It probably could be done but this might piss off my employer. 
System Administration
Week 8, HTTPS & TLS
After discussing HTTP in the previous week and seeing how we used STARTTLS in the context of #SMTP, we are now quickly reviewing HTTPS, TLS, and the WebPKI. While we don't have a video segment for this, here are slides, including this handy diagram illustrating the CSR process:
For many years, I’ve been silent - but I’ve been doing a lot. Some of it I’ve shared, some I will.
One project has already been partially revealed: ITNBlog, my Python-based static site generator that’s been quietly building my blog for a while now. I haven’t (yet) published the code - it’s not exactly beautiful (I’m no coder, and it’s not a daemon, it just spits out HTML) - but there’s some info here: https://itnblog.dragas.net
But there’s another “program” (though calling it that says a lot about my approach 
), which I started back in 2015 for personal use - and I’ve been using it ever since. Over the years, I’ve expanded and reshaped it so much that it’s grown into something big. Big enough that some people might raise an eyebrow at how it’s structured. But it works. And considering everything, it’s efficient enough. Plus, it has a little bonus that I think some of you will appreciate.
I’ve used it for years on macOS and FreeBSD. This morning, I re-tested it on OpenBSD - and it ran flawlessly, thanks to the OS’s rock-solid stability. It also works on Linux, and I plan to try it again on NetBSD - though I’m pretty sure it’ll be fine there too.
I’m considering releasing it before ITNBlog - but I’d like some time to review it properly. Still, I think it’s coming soon… and it might be a curious little surprise 
Stay tuned!
Become a better #developer without coding more.
- Go on walks to retreat from your battlefield and observe your work from a higher perspective. 
- Toot your things on the #fediverse to benefit from
the exp of multiple passionate makers. 
- Exercise, so your back can stand heavy duty coding sessions.
(Lift heavy weights -> push heavy commits. )
Gah. Spinning wheels of zero progress for hours on end. How is Microsoft still.. why.. why? They've had decades to get better at building operating systems & yet updates still frequently freeze up and systems are *wildly inept* at displaying a modestly accurate progress bar. It's actually sort of impressive how much Windows continues to suck.
Just give me ssh access and root 
#sysadmin #Microsoft #windows #Linux
Celebrating 22 years today since @SteveBellovin solved the problem of internet security in one fell swoop with the publication of RFC3514.
A fancy tool to check disk usage! 
(replace df)
- Progress bar
- Shows tabled results
- Colors according to space left
alias dufl = duf --only local
System Administration
Week 8, The Simple Mail Transfer Protocol
Shared by a student of mine: Email vs Capitalism, or, Why We Can't Have Nice Things, a talk given by Dylan Beattie at NDC Oslo 2023. Covers a lot of our materials and adds some additional context.
System Administration
Week 8, The Simple Mail Transfer Protocol, Part III
In this video, we look at ways to combat Spam. In the process, we learn about email headers, the Sender Policy Framework (#SPF), DomainKeys Identified Mail (#DKIM), and Domain-based Message Authentication, Reporting and Conformance (#DMARC). #SMTP doesn't seem quite so simple any more...
System Administration
Week 8, The Simple Mail Transfer Protocol, Part II
In this video, we observe the incoming mail on our MTA, look at how STARTTLS can help protect information in transit, how MTA-STS can help defeat a MitM performing a STARTTLS-stripping attack, and how DANE can be used to verify the authenticity of the mail server's certificate.
This is one of those post-migration mornings when you wait for the phone to ring because someone might have had/have a problem, but you hope it doesn't ring because that would mean no one has had any issues. So far, everything is fine. 
Another round of “hey, your server is down!” drama from the "we need moar kubernetes!" crowd.
“I can’t reach your server, it must be down.”
I connect. Everything’s fine.
A few emails later, I ask to access the container. The dev says he can’t - doesn’t know how. He’s a nice guy, though, so he gives me the credentials.
I log in and find the issue: someone pushed a workload to production (cue Kubernetes! Moooaaarrr powaaaarrr! We have the cloud! Who needs sysadmins anymore?!) with DNS set to 192.168.1.1.
Of course, it fell to me to investigate, because the dev couldn’t even get a shell inside his container. And it's ok, as he's a dev - and just wants to be a dev.
Once I pointed it out, they rebuilt the container with the correct config and - TADA! - everything worked again.
Then he went to check other workloads (for other clients, not managed by me) that had been having issues for weeks... Same problem.
It was DNS.
But it wasn't DNS.
