Email!

Email sucks It really does, and yet we still need it. I’ve been hosting my own for over a decade now, although for the bulk of the time I outsourced most of the mail server smarts necessary to do so to the excellent Symbiosis virtual hosting package, although I switched to @tomav’s docker-mailserver about six months ago. Today, I finally switched to running my own mail server, directly on the server with no third-party configuration or any docker.

Read More

New, New Blogging Platform

It’s just over a year since I last changed blogging software! The new model integrates blog into website and the whole thing is based on Hugo, a static site generator of some class. The theme is called grid-side and the big painted wall background is on someone else’s fine Creative Commons work. I’ve not been writing much recently, not even about PigDog, but I have been thinking and doing instead. Big changes are afoot, and I’ll write about what I can, when I can.

Read More

York Festival of Ideas 2015

Users vs. Techs This year, I learned about York’s Festival of Ideas. Started in 2011, this year’s theme was “Secrets and Discoveries”, which included a whole day (today) on Surveillance, Snowden and Security. Right up my alley, so off I went. This article is really about things that were brought up in a panel discussion, entitled The Future of Cyber-Security. I don’t know if these things are being recorded and uploaded, but I’ll link if it becomes available.

Read More

New Blogging Platform

Alive again So, back to blogging. I’ve tried to run a blog since the dawn of time, more or less, and it’s always been a bit of a failure, partly for lack of anything interesting to write about, and partly because blogging software is uniformly awful. Typo, Wordpress, Zotonic, various home-grown bits and pieces… always a hassle to install, maintain and publish to. The latest attempt is also slightly home-grown, but based on the go.

Read More

DNSSEC + DANE: Part 2

Setting up DNSSEC + DANE ( + SSHFP ) Assuming you’ve been convinced that it’s a good idea to set up DNSSEC and DANE, the point of this article is to demonstrate how I did it for my own domain - the individual steps to get from nothing to valid DANE records weren’t very difficult; just not documented in a recipe-style guide anywhere. Hopefully, this will help you get set up.

Read More

DNSSEC + DANE: Part 1

Problem Communications on the Internet overwhelmingly rely on SSL/TLS for protection. There are two forms of protection this is meant to provide - from snooping of traffic, and from impersonation. The first of those gets a lot of attention but, unless we have the latter as well, an attacker can snoop on your traffic by performing a man-in-the-middle attack on you with a dodgy certificate. Unfortunately, the current method of providing protection-from-impersonation is terrible.

Read More