The death of a smartphone, and the liberation it brings.

posted 10:16PM May 22, 2017 by Craig Stewart

I knew I relied heavily on the access that I get by carrying around a smart phone, I read my emails, send and receive text messages, look things up on the internet, etc. It is a very useful tool, but I didn't realise how much of an impact it has on my life until it died. So I immediately ordered a replacement, but that took two whole days to arrive. The fix for my old phone was outside my ability level, and I couldn't find anyone who could fix it in a hurry, so I elected to spend two days without it, or any other phone. And it has been two of the least stressful days I have had in a very long time. Disconnected from the world, I didn't need to worry about things I could do nothing about, or keep abreast of the latest goings on on twitter. I almost regret getting a new phone, the old one is off for repair, and will be back in two to four weeks. I can hardly imagine spending that much time without a smartphone. Before the old one broke it was because I thought I would become overly stressed, and fail to cope, but having spent two days with only having the internet when tethered to a desk I can't imagine how relaxed I may get without a smartphone. Maybe in future I shall turn the phone off for periods of time. Maybe too much connectivity is a bad thing?

Tags: breaking comment oops opinion

Comments [0]

So I decided to join a professional body.

posted 09:55PM May 10, 2017 by Craig Stewart

I have for a long time thought that the IT industry has an issue with how people within it present themselves to the rest of the world. Everyone wants to be an "Engineer", indeed my current job title is "DevOps Engineer" (a title I am not particularly enamoured with, but that is a matter for another time). We all know that Engineers create clever solutions to otherwise very difficult problems. The issue I have with this is that in many other fields where you find Engineers there are rules, and regulations, and bodies that decide who gets to call themselves "Engineer" and what standards those people must meet. In most of these other fields there are highly defined Engineering Standards against which we can measure the ability and performance of these Engineers. In IT this is not enforced, now I have been very lucky to work with some incredibly talented and intelligent individuals, and I do not wish to deride their contributions in anyway, but without the standards to measure ourselves against, using the term "Engineer" just cheapens it. Unfortunately I have no idea what the standards should be in IT, and I have no idea what the underlying problem with the way many working in IT think that I feel is not proper Engineering, after all I am no more an "Engineer" than anyone else in IT using that title, and claiming otherwise would be a lie. And so I have joined BCS in order that maybe I can get more exposure to the rest of IT and perhaps learn more about what the standards I feel are missing should be.

I shall probably write more on this in the future, but for now here's to hoping that membership of a professional body is going to be a positive step towards understanding my industry, and how I can make it better.

Tags: bcs opinion reflection sysadmin thinking

Comments [0]

Should have seen it coming!

posted 07:04PM Mar 13, 2017 by Craig Stewart

So the SSL certificate that I used to secure my website (and other things) is no longer trusted by Chrome (as of version 57), and so I have been forced to upgrade to a Lets Encrypt SSL certificate. It's almost as if I could have predicted this state of affairs in advance. At least I can now rest assured that my SSL certs will be easy to keep up to date (I have set up what I believe to be the required automated steps to do just that, time will tell).

Tags: fail ssl sysadmin

Comments [0]

3 years on

posted 07:35PM Mar 12, 2017 by Craig Stewart

So I started this blog just about 3 years ago now, and despite my intent to use it to encourage me to do something with electronics, and to show case my progress, I have done nothing much since I bought a Raspberry Pi and got it running. Indeed it is still sat in a box waiting for me to motivate myself to get back at it. I have used this blog to rant about politics far more than I have done any electronics. It doesn't help that I have hardly been out on my bike once since I started this blog, so the project I intended to build I have had no need for. So based upon my initial intentions I must count this blog as an abject failure. However, as I pointed out at the time I started this blog I have attempted to do so before, and those prior attempts always ended empty, and pathetic, killed off due to a lack of content. I have at least managed to create content sporadically for this blog. The difference this time around? I am no longer trying to post stuff that I think other people will find interesting, so I am no longer holding back when I just want a rant, or to post about an "oh shit" moment. Granted I don't have the broadest readership in the world, but that doesn't really matter, I have an outlet, and if people read it, and find it interesting, great, if not then at least I still said what I wanted to. So this time around I'm not going to delete this blog, just yet, I'll give it another few years, and see how it goes. Who knows, maybe I'll start cycling regularly again and actually do something about that cycle computer (probably not though).

Tags: comment embarrassing reflection stuff

Comments [0]

God Damn it Plus net

posted 07:46PM Feb 20, 2017 by Craig Stewart

So recently I changed my mail server over to postfix, this not that long after I ranted about e-mail security with plusnet. It turns out this has led to an interesting problem. So SSL settings were set pretty strictly on the smtps port, so only strong TLSv1.2 ciphers were available. On the smtp port I was a little more permissive, as long as it was TLSv1.2 it would accept even very weak ciphers (well a weak cipher is better than no cipher at all, and I was accepting mail that didn't use the starttls command) and everything was good. Accept that it turns out emails coming from Plusnet's mail servers was failing, they would connect, try to starttls, not like any of the ciphers and fail, breaking the connection. Once they tried again they didn't remember that starttls didn't work so they tried again. Until the mail timed out, and was bounced. So I've had to make the setting even more permissive, as getting emails from people I know on plusnet (like my Father for example) is sort of important.

Tags: email fail not-good-enough rant security sysadmin

Comments [0]

New Mail server

posted 04:31PM Dec 31, 2016 by Craig Stewart

Not so long ago I suggested I may change my mail server software. I have recently done so, moving from a highly customised qmail installation to postfix. I have done so for a number of reasons, but that is not to say I dislike qmail.

What did I get out of qmail?

  • Easy to configure, all the configuration was done using flat files, named for their purpose, there was no monolithic and confusing config file to search through
  • Highly customisable, I had applied many patches, and made alterations to my specific installation that served my needs
  • multi process mail system, this one mattered to me, and is why when I switched I switched to postfix, there is no single binary running as root, that does everything, each process runs with the privileges it needs.

So why did I want to change?

Well qmail, and specifically my installation, had become unwieldy to add new functionality to, I wanted to add greylisting, and there were many ways to do this, but they all required adding yet another patch, and out of laziness I had not committed all my changes to any sort of source control. I couldn't stomach manually going through another patch and seeing where it didn't apply cleanly and why, and fix it again. So I had a choice stomach the pain of another round of patching, rebuilding, and testing, and make things worse for myself, set up source control for my qmail set up, or move to something better supported in the community, and with more features.

Postfix suited my needs reasonably well, it is a multi-process mail system, using the idea of least privilege, it has a modular design allowing the addition of extra features much more quickly and easily. It is also better supported, and even has pakages within debian, my operating system of choice. Greylisting was added easily by simply installing another package (postgrey) and altering the config of postfix to use it. By setting up postfix to allow access over ssl on port 465 (as I had previously on qmail) it has also enabled opportunistic encryption for any mail servers sending email to me (something I had considered adding to qmail, but had decided wasn't worth the effort) and I have also been able to easily enable opportunistic encryption for when my server sends email out to other servers that support it.

So do I regret using qmail in the past? Not at all I learnt a great deal from using qmail, and I still prefer it as a basic mail system to postfix, it was just becoming too much hassle to support new features.

What mail server would I advise others to use? For the most part I would suggest google apps or office365 if you want your own domain, or any of a number of other paid for mail hosting solutions, very few poeple have the time and skills and patience to run their own mail server. It started as a learning exercise for me, and I like the control I have over my set up. If someone genuinely wanted to run their own mail server my advise would be to find out what suits their needs best, qmail is great if your needs are simple, and is relatively easy to learn if you have some basic knowledge of how networks and specifically email work, but everyone has different needs, and those needs can change over time, my certainly have.

Tags: email opinion sysadmin

Comments [0]

Brexit, democracy, and priorities

posted 09:33PM Dec 02, 2016 by Craig Stewart

So, I once again find myself in despair at what is being said by people on the side of the brexit debate that I occupy. It turns out that when a Lib-Dem MP stands in a by-election, on a campaign about objecting to brexit, in a constituency that largely voted remain, against an independent, who was pro-brexit and taking a single issue stance, that the Lib-Dem candidate also held, the Lib-Dem candidate might win. Now this is being touted as a major upset, as it was a Conservative strong hold before, and the independent candidate held that seat as a conservative, but in respect of his position (or more likely because they couldn't find a suitable replacement in time) the conservatives did not field a candidate against him. What annoys me isn't the crowing from those who are holding this as a major victory for remain (it isn't) but the response I am seeing along the lines of "you lost, so put up with the result and shut up" coming from the pro-brexit side of things. Yes the campaign to leave the EU won the referendum, but, by a rather small margin, and the leave side isn't a single group with one single goal, so to say "We won" rather misses a very important point, which is whatever "We" you may belong too may not be bigger than the "they" you want to shut up. And democracy has never been about "majority rule above all else" (we wouldn't have first past the post as our electoral system if it was) it is a compromise, we all have ideas and thoughts on where we want to go, and we must as a society move in the direction that is closest to the greatest number of people's desires. The most vocal that I am seeing in this debate from Brexit are calling for the extreme option for brexit, and the 48% of people who voted remain are rightly pissed off by this, telling them to "get over it" is neither helpful or much of a compromise. Personally I voted leave, I still believe that the EU is not what we need from a combined European Government, and I still cannot see the incentives to reform it to what I believe would work being there for those who run the show. I therefore still think we should Leave the EU, and from their maybe we can start to build a new European Government that is better suited to the needs of the European people, and is better equipped to represent their needs, and change with them as they change. So I am galled at the arguments that "Leave the EU" (which was what we were asked if we wanted) is being used to leave not only the EU, but the EEA (a common interest in trade being the best way to unite countries) the ECHR (which the UK was instrumental in forming, and is one of the best things about Europe in terms of doing what is right for the people in my opinion) and just about everything else Europe has to offer (some times I think the nutters crying "We won! respect us" want to stick a massive out-board motor on dover and sail us into the atlantic ocean). As someone who voted Leave I feel I have far more in common with those now shouting to remain than those trying to shut them up, so as a negotiating stance the Leave camp are only weakening their stance by not listening to the complaints of those who wish to remain. Also I fear we have got more important things to deal with in the UK than if we should remain a member of the EU or not, like getting rid of the tory government.

Tags: comment politics rant stupid

Comments [0]

Oh Shit, perhaps I should change career?

posted 09:44PM Nov 30, 2016 by Craig Stewart

So the government have passed the Investigatory Powers Act, which is pretty terrible, but it turns out it is worse than I realised! So perhaps it is not a good time to work in IT in the UK?

Tags: comment not-good-enough politics security

Comments [0]

Free SSL certifcates and Trust

posted 09:16PM Nov 02, 2016 by Craig Stewart

So, not very long ago I renewed the SSL certs for my website, I was happy with the changes that StartCom made to their free SSL certificate offering at the time. It turns out, however, that I should start looking at finding an alternative as StartCom are apparently being put on the naughty step. At least Let's Encrypt is up and running now. I'm also looking at changing my e-mail server, but more on that another time (maybe).

Tags: fail regret ssl sysadmin

Comments [0]

Free SSL certifcates in a post "Let's Encrypt" world.

posted 09:27PM Sep 22, 2016 by Craig Stewart

So, about a year ago I renewed my SSL certificates, and I was using StartSSL as my certificate provider, because they were free, if a little awkward to use. One of the limitations they placed on the free certs is that they could only be valid for a year. At the time I was interested to see what would become of Let's Encrypt as it promised not only free certificates, but a much easier way to get, and manage those certificates. They went live in April this year. I have been considering setting up my cert through Let's Encrypt, and renewing my SSL certificate was the perfect opportunity to do so, however, I have not got myself into a possition to fully automate the renewal of all the places I use my SSL certificate, so while it is still a manual process, and I got the reminder from StartSSL I figured why not give them another go.

[Read More]

Tags: opinion security ssl sysadmin

Comments [0]