Spent a few ghastly hours the other day trying to figure out why a VPS would get IPv6 addresses on boot, but then fail to renew, dropping its ULA and global IPs. Finally deduced that not a one of the "basic firewall :D" examples I perused when creating my nftables setup considered an environment using DHCP6. Turns out for that case, in addition to allowing some ICMP types, you need to punch a link-local hole for new incoming connections, on UDP port 546. ip6 saddr fe80::/10 udp dport 546 ct s...

Silly me, thinking paying money for an egg-protection service would make keeping them all in one basket okay. Well, now I have new eggs, fresh eggs, better eggs; and, they're all split up, in New And (Hopefully) Improved Baskets™! If it's not clear, this is referring to the latest Lastpass breach. This June would have marked my tenth year as a paying customer. I don't even recall when I actually started using the service, but looking back at emails it was at least since 2011. It's not just ...

I decided to learn a bit more about PKI, SSL certificates, CAs, x509, etc. I've had Let's Encrypt certs on all of my servers for a good while, done self-signed certs for some personal authentication stuff, had a vague knowledge of trust chains, but was weak on the details and methods. Towards fixing that, I've set up my own Root CA, with determination to do it some form of 'properly'. That is, to do everything decently securely, use intermediate authorities with a well-defined structure and n...

Finally finished restoring and updating my homepage. What a mess. Had to restore mysql server for the dynamic elements, as it had been wiped at some point (presumably by a bad update), and get a local version back up for testing. Redid all colors with variables and added dark mode, consolidated a lot of messy styles and javascript that had accumulated over time, and generally made the style more consistent and unified. Updated PDF versions of my resume & cv too, which was another mess, a...

Spent way too much time fiddling this blog's style. Always a blend of frustrating and fun to work within the bounds of a fixed page, and hella mess it up with CSS. Notes: Do not care about word count. Didn't like the default giant mostly-empty 'above the fold' setup, so it's compacted. The collapsing header uses sticky positioning and three layers: header/menu, author info, and then the main page beneath. The bit of extra starting margin above the header is achieved by having the parent con...

I guess I'm trying this out. May copy some back-dated posts from my old blog. May not. ...