I use Tor onion services (location-hidden services) to manage a lot of my servers, since some are behind NAT or have dynamic IP addresses and onion services do excellent NAT traversal and allow access without knowing IP addresses. Alas, for security reasons the older v2-style onion addresses will deprecate in 11 days. I thought it would be trivial to generate v3 addresses for all my servers, and for most it was, but I ran into some grief.
The Junkyard Server Farm has grown up. The primary data center has over 30 servers and serves a number of diverse users. As it has grown from a couple of old, junked machines on a desk, to taking up most of a walk-in closet, to a growing motley collection of machines on the floor, to getting a formal equipment rack (not a 19″ EIA rack; rack mount equipment is still way too overpriced for us), I have had opportunity to re-cable everything. Between times, as machines get added or replaced and new networking requirements (IPv6!) come into play, cables get added without the benefit of careful dressing through established channels, and things begin to look rather a mess.
the (skippable) background
I am a fan of whole-disk encryption. It is just about the only way to insure that a lost, stolen, confiscated, or discarded machine doesn’t leak information.
I have been running my own mail server for an eternity. For the last decade or two, it’s been Postfix with Spamassassin (invoked via spampd) for spam control. I then ran the most-excellent SpamSieve on my laptop to catch the spam that Spamassassin missed.
For a long time, TLS (née SSL) certificates were out of reach for the low-budget network admin. They got cheaper and easier to get, but it was still a hassle and an expense. Then came Let’s Encrypt, which offered no-cost certificates that you could obtain using fully automated tools.
Journalist Sydney J. Harris said “Once we assuage our conscience by calling something a ‘necessary evil,’ it begins to look more and more necessary and less and less evil.” I think that may be where we’re at with psychotropic medications for depression.
I just renewed my membership to TidBITS. If you’ve never heard of TidBITS, you should check them out. They have been publishing continuously online for 28 years, and their content is second to none. They also host an amazing online discussion list, TidBITS-Talk. The site’s content is focused on Apple news and technology, but the quality of the journalism is so high and the coverage is broad enough that there is likely something there for everyone.
Membership is completely optional, so check it out. It is not hyperbole to say that TidBITS has improved the quality of my life every week for the past quarter century.
I’ve been using the TWiki collaboration platform since at least 2004. It has always been a bit of a trial—it doesn’t create terribly pretty sites, and it has been a bear to maintain. Its real strength is collaboration, but I used it mostly as a site-creation tool.
A bootable clone is a disk that holds a complete copy of a running system that’s ready to boot. Bootable clones can be a critical part of your backup strategy.