However, this only works as long as the other party actually internalizes the risk and liability. Since there are no consequences for mishandling data, operating IT services you’re not structurally competent to operate, and eventually having your crown jewels stolen - the contractor doesn’t really internalize risk, has no incentive to mitigate it.

I will assume you have a working DNS server listening on the default port, 53, and that you have certbot or some other means of acquiring SSL certs.

• Install stunnel4

• Create a config file in /etc/stunnel4/dns.conf

pid = /var/run/stunnel4/stunnel.pid

[dns]
accept = 853
accept = :::853
connect = 127.0.0.1:53
cert = /etc/letsencrypt/live/randomstring.org/fullchain.pem
key = /etc/letsencrypt/live/randomstring.org/privkey.pem

Substitute the locations of an appropriate SSL cert and key.

• Start stunnel4.

That’s all.

My work-issued MacBook Pro (Retina, late 2013) began to break down: the speakers fried, it was running out of memory (8GB), and then it started rebooting spontaneously. I mentioned this and work bought a replacement. Since I’m capable of working around exciting new bugs, they sent me the newest M1 MacBookPro, with an Apple-designed and -produced M1 8 core CPU.

Herewith, a micro-review.

I don’t know about your mother, but my mother is not even a power user – Windows, hunt-and-peck typing – and she taught herself to use IRC because that’s what the other people in her social group were using.

I assume she didn’t use any /command except /join – maybe not even that, because if you’re only using one channel then you can have your client autojoin – but that was enough to get her in. Presumably she learned group etiquette on the fly, the way most people do.

In the beginning of my experience, it wasn’t that computers had fonts so much as each computer had A Font, and that was how the computer talked to you. All of them were quite low resolution; blocky and bad.

Now I expect every character to be drawn in an appropriate, smooth, curved, and informatively differentiated typeface.

When did that change start, and when was it complete?

What’s running on the firewall? A big list follows, with discussion.

For every computer system, someone needs to know what they are doing, and check up on it when something goes wrong. That person is the sysadmin.

If you don’t know who the sysadmin is, it’s you.

It’s just like everything else in life: if you care about a thing, you are responsible for taking care of it. If nobody takes care of it, it decays and dies.

Today I replaced the last spinning root disk in the house. The media server still has 4x3TB spinning disks, but the old 120GB spinning boot disk has been replaced by a cheap 1 TB SSD. Boot times improved dramatically, and the database access for various things now feels instantaneous.

Process follows, but it’s nothing extraordinary.

One thing that UNIX users have that Mac and Windows users don’t: it’s generally quite easy to change their window manager theme – and to write/draw their own.

Window decorations – a frame, a titlebar, some buttons – are handled by the X11 window manager, which is itself a replaceable part. Window managers range from minimalist exercises in reductionism through gaudy feature-festivals like Enlightenment, the original perpetrator of shaped, translucent and transparent effects. But…

“Magic”, applied to technology, is an indictment, not a compliment.

– me, July 15 2020.

Internet Fast Lanes: Every time somebody says “Fast Lane” in this argument, I get a little more upset. The Internet doesn’t have fast lanes and slow lanes.

The Internet is not a highway.

The Internet is a railway system.

Perl is the best language if it’s the language that you remember well enough.

My father loves math puzzles. He told me about one he was working on, and I did a quick estimate of how complex the answer space was and told him that it would be faster to have a computer try out every answer than to be clever about solving it.

Of course he wanted me to prove that, so I had to brush off Perl or Python. For some reason, Perl felt better.

I got spammed by Privado – no link, they really want a link – which claims to be a privacy-enhanced search engine. Investigating their privacy policy, you can see that they are a proxy for Microsoft Bing. In effect, they exist in order to put ads in front of Bing searches: it’s another company eking out a profit margin between ads from ad networks and paying AWS fees.

Anti-recommended.

In the spirit of “the best way to get a correct answer is to post an obviously wrong answer on USENET”, I hereby present the most efficient method of mass-alteration of LDAP user entities I can think of.

You probably shouldn’t do this.

Who do you trust? And do you trust them indefinitely far into the future?

If you have specific reasons to believe you will be targetted by an interested, competent, resourceful attacker: you need serious information security measures, which will be painful and potentially expensive in both time and money. I have no such specific fears, so I’m merely interested in protecting my household against generalized attacks, the sort of thing that Google and Facebook and Amazon and every advertiser in the world carries out as a matter of course.

In this installment, I’m going to increase the difficulty of tracking my household network via intercepting DNS requests. I will assume you know a fair amount about DNS and feel comfortable configuring daemons and running them – this isn’t a step-by-step HowTo.