In our company we (at least IT department) get to choose our own bags (within reason). I have some generic lenovo backpack they had laying around when I started and it’s decent enough. Maybe a bit smaller side on what I’d like, but it carries my laptop, headset, random cables, power supply, notepad and stuff like that just fine. And it doesn’t have any kind of visible logo on it at all, unless you count the Think® colour scheme on zipper tabs.

And it’s also a security thing. Should someone steal my backpack it does not have any logos to pinpoint which company it belongs unless I’ve left my lanyard in the pocket with my rfid-tag. And of course if you open the laptop it has AD forest name on there, so it’s pretty trivial to figure out, but at least I’m not advertising ‘steal my things if you want access to this company’ everywhere.

I’ve been writing a small powershell script at work lately and as vscode now offers their AI bundled in I just tried it out of curiosity. It does a half decent job. Nothing I couldn’t write on my own, but on a simple script it saved some time as I’m a long term linux guy and just getting my toes wet with powershell so I need to dig up proper functions and syntax pretty often.

But it also created a script which would have broken syntax and errors in it, so it still needed manual tweaking, but as long as you know what you’re doing it can be useful. And also potentially dump your company data to some learning database.

Is my current set up secure, assuming strong passwords were used for everything?

Network security is a complicated beast to manage. If general public can access your services over the internet, that’s a threat you need to mitigate. Strong passwords is a good start on that, but it doesn’t take into account if there’s a flaw or bug on the service you’re running. Also if you have external users, they might reuse their passwords and leak for those might cause a threat too, specially if there’s privilege escalation bugs on the software you’re running.

And so on, it’s a too wide field to cover in a short comment here, but when you’re building your stuff, and what is maybe the most disticntive feature on a good professional between a not so good one, is to think ahead and prepare for every imaginable scenario where something goes wrong. Every time you add a way to access your network, no matter how minuscle, think what happens if that way gets compromised and what it might mean on the very worst case.

Maybe you want to add another access point to your network since your terrace isn’t properly covered. That’s nice to have, but now everyone around 100 meters around your house/apartment might have access to your stuff if they can break your wifi security. Maybe you set up a reverse proxy or tailscale on the stack. Now the whole internet can at least probe your stuff and try to find vulnerabilities, try to use stolen credentials and even try to social engineer their way into your stuff. Or maybe you made an mistake and left something open that shouldn’t be.

I’m not trying to scare you off out of anything. Go ahead and play with your stuff, break things, learn how to fix them, have fun while doing it. Just remember to think ahead about worst case scenarios, weigh their risks, think ahead and then go on. Learn about DNAT, reverse proxies, VPN and network layers and whatever you come across on your adventure but keep in mind that shit will hit the fan at some point. And learn to accept that, learn from your mistakes and do better next time.

The option to run one cable to the monitor, or reversely charge your laptop with one docking cable.

USB-C docks can already do this. Obviously with less power and it’s not perfect by any means, but we don’t need another technology for this. And sure, it’s two cables, one from wall outlet to integrated dock/monitor and usb-c from dock to laptop, but no matter the technology you still need something to plug in to wall outlet.

Hetzner provides managed web hosting too. For emails I think you need to look for some other provider.

I’ve seen some shit. But I’m also old enough to not care. I’m a freaking system administrator, not a surgeon. No one has died if their email is unreacable for an hour or two. Shit happens, then you deal with it and that’s all. Difference between a junior and a seasoned veteran is that old guys with battle scars is that the seasoned guy knows that something will break, shit will hit the fan and everything might turn up into a chaos and plan accordingly. Juniors will either endure and learn along the way or crumble.

When you’ve been in the business for few decades it’s not that big of a deal to cause an outage. You know how to fix your shit, you know how to work with a severely crippled environment and you know how to build the whole circus from the ground up. And you also know that no matter how disappointed or loud the C** suits are, they’ll calm down once you get them out of the hole.

Just today I had a meeting with discussion on what to do if some obscure edge-case ruins our ~5k users and few continents wide AD tree. Sure, if that would happen, it would most definetly suck balls to get back up and it would hurt the company bottom line and it would mean few nights with very little sleep, but no one would still die and our team is up to the task to build the whole crap out of nothing if needed. So, it’s just business as usual. But all of us have been in the business long enough that we know how to avoid the common pitfalls and we trust eachother enough that should the shit hit the fan in the big way we could still recover the whole situation.

And still, even if the whole thing burns up in the flames, I’ve got the experience and skillset under my belt which will be valuable to some other business entity. I just don’t care if the main office building is on literal fire. It’s not my problem to fix immediately and when it is it’s still just work. I put in the hours they pay for me and do whatever I can but when I’m off the clock the employer doesn’t really exist in my world.

Without any expertise, I’m going to say that minuscule amounts of radioactive nickel from your CR2032 replacements compared to wasted lithium on pretty much every battery your all current devices have plus single use LiIon-cells on e-cigs, single use toys and whatever is a pretty good improvement. In 100 years or so all that nickel is converted to copper with small amounts of radiation and heat as byproducts, in today’s technology, is pretty good.

And the radiation is beta-negative. I’m not an nuclear physicist, but if I’m not mistaken your common 3032 cell has enough metal to shield pretty much all of the radiation. Just don’t eat them and maybe stick with li-ion on your wrist watch.

I’ve been a happy customer with joker.com (Germany) for at least 10 years.

I think it was some XMPP related server I ran quite a few years ago which had ‘i_have_read_the_manual = 0’ or something similar buried into default configuration file. And it would just silently exit if that variable was not set properly.

Maybe we need more things like that.

And me.

Don’t know what Elmos minions are doing, but I’ve written code at least equally unefficient. It was quite a few years ago (the code was in written in perl) and I at least want to think that I’m better now (but I’m not paid to code anymore). The task was to pull in data from a CSV (or something like that, as I mentioned, it’s been a while) and it needed conversion to XML (or something similar).

The idea behind my code was that you could just configure which fields you want from arbitary source data and on where to place them on the whatever supported destination format. I still think that the basic idea behind that project is pretty neat, just throw in whatever you happen to have and have something completely else out of the other end. And it worked as it should. It was just stupidly hungry for memory. 20k entries would eat up several gigabytes of memory from a workstation (and back then it was premium to have even 16G around) and it was also freaking slow to run (like 0.2 - 0.5 seconds per entry).

But even then I didn’t need to tweet that my hard drive is overheating. I well understood that my code is just bad and I even improved it a bit here and there, but it was still so very slow and used ridiculous amounts of RAM. The project was pretty neat and when you had few hundred items to process at a time it was even pretty good, there was companies who relied on that code and paid for support. It just totally broke down with even a slightly bigger datasets.

But, as I already mentioned, my hard drive didn’t overheat on that load.

1. VM running on a proxmox host. Tips: make sure you know your backups are in a state you can restore data from them.
2. Nightly backup via proxmox to Hetzner Storage box with 2 day retention. I’d like a local copy too but I don’t currently have hardware for it.
3. Don’t know. Personally I have a DNAT rule on firewall and my instance is directly open to the internet. You might not want that and I might not recommend it, but right now, for me, it works. I’d need to look in a VPN solution for android I could replace the current ‘open for all’ situation.

Actual shortage. Performance drops significantly when zfs doesn’t have enough memory. It might have been an option to tweak configuration for zfs pools, add SSD for caching and so on, but I needed to change drive configurations anyways for other reasons so for me it was easier to drop zfs and switch to software raid.

How much RAM your system has? Zfs is pretty hungry for memory and if you don’t have enough it’ll have quite significant impact on performance. My proxmox had 7x4TB drives on zfs pool and with 32 gigs of RAM there was practically nothing left for the VMs under heavy i/o load.

I switched the whole setup to software raid, but it’s not offically supported by proxmox and thus managing it is not quite trivial.

Robbers roast (rosvopaisti) in Finland. I suppose other countries have something similar, but it’s a piece of meat cooked in a ground oven. First dig up a small hole, line it with rocks, keep bonfire going in the hole for couple of hours, scrape the coals out and put meat wrapped in parchment paper, wet newspapers and foil in to the hole, fill it with sand and set up a new bonfire on top of the sand. Throw onions, garlic, carrots and whatever you like to accompany/season the meat while you’re at it. Things like potatoes or sweet potatoes doesn’t really work as they just turn into a mush, at least unless you individually wrap them, but the process isn’t consistent enough, just cook whatever sides you want separately.

With meat include pieces of fat on top of it and season however you like. It’s traditionally made out of lamb, but I prefer cow (or moose if it’s available). Pork works just fine too. The whole process takes 10-12 hours, so it’s not for your wednesday dinner, but it’s very much worth the effort.

When the weather is good and you do it right the meat just breaks down and you’ll almost need a spoon to eat it. Absolutely delicious. And as you have bonfire going for all day you can cook sausages on a stick and have a ‘few’ beers while feeding the fire. It’s an experience with absolutely delicious food in the end.

Just be careful that you don’t pass out on all the beer while cooking and miss the fun part.

I mostly use battlestar galactica ship names for my own hardware, but it’s been mixed with boring ‘<function>.mydomain.foo’ names as well. I should rename a bunch of stuff around and include them in my DNS.

The exchanged mails between the IMAP host and the MTA need a unique identifier to organize contents of the DB, and this would not be possible or automatic if your switched the upstream MTA.

It sure is possible. I’ve copied maildirs over different software, different servers, local copies back to the server and so on. Also if you just rely on your own IMAP server the upstream doesn’t matter as fetchmail (or whatever you choose to use) anyways communicates between hosts on their preferred protocols.

Obviously there’s a tradeoff since now you’re responsible for your backups and maintaining your server, but it can sit nicely on your private LAN with access only locally or via VPN without direct access to the internet. And you don’t need MTA to run IMAP server in the first place.

You can run a dovecot (or any IMAP server) where ever you want and use fetchmail to pull data from POP-server into it. There’s plenty of discussion and instructions around the web so I won’t copy’n’paste them here, search for ‘fetchmail dovecot’ or something similar.

I meant that the technology itself is reliable. And you can do self hosting just fine too, I’ve been doing it since 2010 or so, but running a local smarthost which sends messages via reputable SMTP provider works just fine too. Or even directly interacting with the SMTP provider from all the applications you’re running.

Advertising spam.