Wary why? I work remotely in IT and manage a ton of Linux systems with it. Because my company has a large number of remote employees they limit us to Windows or Macs only, and have pretty robust MDM, security, etc. installed on them. Since MacOS is built on top of a unix kernel it’s much more intuitive to manage other unix & linux systems with it.

Personally I haven’t used Windows really since before Windows 10 came out, and as the family tech support department I managed to switch my wife, parents, brother, and mother in-law all to Mac’s years ago as well.

DigiCert recently was forced to invalidate something like 50,000 of their DNS-challenge based certs because of a bug in their system, and they gave companies like mine only 24 hours to renew them before invalidating the old ones…

My employer had an EV cert for years on our primary domain. The C-suites, etc. thought it was important. Then one of our engineers who focuses on SEO demonstrated how the EV cert slowed down page loads enough that search engines like Google might take notice. Apparently EV certs trigger an additional lookup by the browser to confirm the extended validity.

Once the powers-that-be understood that the EV cert wasn’t offering any additional usefulness, and might be impacting our SEO performance (however small) they had us get rid of it and use a good old OV cert instead.

Back in the 90’s before the days of Windows 3.0 I had to debug a memory manager written by a brilliant but somewhat odd guy. Among other thing I stumbled across:

• A temporary variable called “handy” because it was useful in a number of situations.
• Another one called son_of_handy, used in conjunction with handy.
• Blocks of memory were referred to as cookies.
• Cookies had a flag called shit_cookie_corrupt that would get set if the block of memory was suspected of being corrupt.
• Each time a cookie was found to be corrupt then the function OhShit() was called.
• If too many cookies were corrupt then the function OhShitOhShitOhShit() was called, which would terminate everything.

If you have ssh open to the world then it’s better to disable root logins entirely and also disable passwords, relying on ssh keys instead.

Port 22 is the default SSH port and it receives a TON of malicious traffic any time it’s open to the whole internet. 20 years ago I saw a newly installed server with a weak root password get infected by an IP address in China less than an hour after being connected to the open internet.

With all the bots out there these days it would probably take a lot less time if we ran the same experiment again.

She talks about it in this video.

Back in the late 90’s I worked for an internet search company, long before Google was a thing. We would regularly physically drive a dozen SCSI drives from a RAID array between two datacenters about 20 miles apart.

I loved the bit where he spent a small pile of that money on an Inverted Jenny postage stamp then used it to send a postcard.

I don’t understand why Cloudflare gets bashed so much over this… EVERY CDN out there does exactly the same thing. It’s how CDN’s work. Whether it’s Akamai, AWS, Google Cloud CDN, Fastly, Microsoft Azure CDN, or some other provider, they all do the same thing. In order to operate properly they need access to unencrypted content so that they can determine how to cache it properly and serve it from those caches instead of always going back to your origin server.

My employer uses both Akamai and AWS, and we’re well aware of this fact and what it means.

I’ve heard of all sorts of issues with my fiber ISP (Verizon Fios) rolling out IPv6. It’s been years that they’ve been slowly rolling it out for testing in a few places. There’s virtually no useful documentation on their website about it. And it’s still not available where I am.

My employer has a pretty large presence in AWS. We finished migrating to Amazon’s Corretto (based on openjdk) months ago. It was pretty painless given we already use Amazon’s Linux distros.

Doesn’t prevent Amazon from occasionally sticking smaller packages in our mailbox…

My only problem is our driveway is 700 feet long, uphill & through trees. I seriously doubt my WiFi reaches it…

Our house has 5 heating & 2 AC zones that I installed Ecobee thermostats on. Three rooms also have skylights that can be opened. When we open the skylights the thermostats all turn off, and when closed they turn them back on to the mode they were previously set to.

Our house is set back in the woods on a long driveway. When either me or my wife arrives home after dark all the driveway / walkway lights turn on. And when we’re both away they all turn off.

I also have a “bedtime” button on my phone that turns off all the lights, locks the doors, turns off our WiFi speakers, puts all the Ecobees into sleep mode, etc.

I think this is what I used: https://pimylifeup.com/cloudflare-tunnel-on-home-assistant/

I use home assistant and found some instructions on how to set up a free-tier cloudflare reverse proxy to access it from outside my home. Works like a charm.

SSH keys should always have paraphrases.

It was pure c code that was used to print reports, and included the date in a header. Whoever wrote it miscalculated the size of the buffer for the header by one byte. When the date was the longest month & day spelled out plus a two digit day of the month then it would overflow the buffer, resulting in the program crashing.

Decades ago I had to debug a random crash. It only happened on Wednesdays. On Wednesdays in September. On Wednesdays in September after the 10th…