Wandering Thoughts archives

2017-12-31: Understanding IMAP path prefixes in clients and servers
2017-12-28: How our IMAP server wound up running out of inodes
2017-12-27: When you have fileservers, they naturally become the center of the world
2017-12-22: Our next generation of fileservers will not use any sort of SAN
2017-12-15: How we automate acmetool
2017-12-09: You don't have to authorize a machine for Let's Encrypt from the machine
We've switched over to using Let's Encrypt as much as possible
2017-12-01: I'm basically giving up on syslog priorities
2017-11-27: The dig program now needs some additional options for useful DNS server testing
2017-11-17: When you should run an NTP daemon on your servers
2017-11-16: I think you should mostly not run NTP daemons on your machines
2017-11-15: I've switched from ntpd to chrony as my NTP daemon
2017-11-09: Why I'm not enthused about live patching kernels and systems
2017-10-25: Having different commands on different systems does matter
2017-10-17: My current grumpy view on key generation for hardware crypto keys
2017-10-14: A surprise about which of our machines has the highest disk write volume
2017-09-20: Wireless is now critical (network) infrastructure
2017-09-15: Ignoring the domain when authenticating your Dovecot users
2017-09-11: Giving users what they want and expect, IMAP edition
2017-08-28: OpenSSH has an annoyingly misleading sshd error log message
2017-08-08: We care more about long term security updates than full long term support
2017-08-06: Our decision to restrict what we use for developing internal tools
2017-07-29: The differences between how SFTP and scp work in OpenSSH
2017-07-28: Our (Unix) staff groups problem
2017-07-26: The continuity of broad systems or environments in system administration
2017-07-12: Understanding the .io TLD's DNS configuration vulnerability
Recursive DNS servers send the whole original query to authoritative servers
2017-07-02: Moving to smaller fileservers for us probably means no more iSCSI SAN
2017-06-30: Our current generation fileservers have turned out to be too big
Why big Exim queues are a problem for us in practice
2017-06-26: Our MTAs should probably be able to create backpressure
2017-06-25: Thinking through issues a mail client may have with SMTP-time rejections
One tradeoff in email system design is who holds problematic email
2017-06-19: How I'm currently handling the mailing lists I read
2017-06-11: Why filing away mailing lists for a while has improved my life
2017-06-09: My .procmailrc has quietly sort of turned into a swamp
2017-06-08: In practice, putting SSDs into 3.5" drive bays is a big hassle
2017-05-15: How we failed at making all our servers have SSD system disks
2017-05-08: Some things I've decided to do to improve my breaks and vacations
2017-04-14: Sometimes laziness doesn't pay off
2017-04-12: Generating good modern self-signed TLS certificates in today's world
2017-04-08: Doing things the clever way in Exim ACLs by exploiting ACL message variables
2017-03-31: I quite like the simplification of having OpenSSH canonicalize hostnames
2017-03-29: The work of safely raising our local /etc/group line length limit
2017-03-26: Your exposure from retaining Let's Encrypt account keys
2017-03-22: Setting the root login's 'full name' to identify the machine that sent email
Making sure you can identify what machine sent you a status email
2017-03-13: OpenSSH's IdentityFile directive only ever adds identity files (as of 7.4)
2017-03-05: Why I (as a sysadmin) reflexively dislike various remote file access tools for editors
2017-03-04: Should you add MX entries for hosts in your (public) DNS?
2017-02-28: Using Certificate Transparency to monitor your organization's TLS activity
2017-02-22: Sometimes it can be hard to tell one cause of failure from another
2017-02-17: Sometimes, firmware updates can be a good thing to do
2017-02-06: Our advantage in reliable backups is that we get restore requests
2017-02-02: Sometimes you get lucky and apparently dead disks come back to life
2017-01-18: Exim, IPv6, and hosts that MX to localhost
2017-01-05: Mail submission by users versus by your machines
2017-01-04: Make sure that (system) email works on every machine
2017-01-02: Software should support configuring overall time limits

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.