Gentoo recently marked Tor 0.3.4.7 as stable on amd64 so without further ado I’m launching my v3 onion. This hidden service is available at the following 56 bit long address: 4hpfzoj3tgyp2w7sbe3gnmphqiqpxwwyijyvotamrvojl7pkra7z7byd.onion

I recently got the opportunity to discover how long Google would keep showing my content on the search engine result pages when my web server was unavailable. Predictably, I only had a short window of time before my content got removed. And the first content to go was my top ranking pages.

Last month I was managing some DNS records and accidentally wiped the A-record for blog.paranoidpenguin.net, making this blog effectively unavailable. I noticed the issue but thought it would be interesting to see how much time Google would grant me before starting to de-index my pages. Entering the unknown, I proceeded to delete the remaining sub domains from my DNS to remove any trace of life.

So I had just implemented DomainKeys Identified Mail (DKIM) on a Postfix server and was confident that the signing process was correct, but on testing, the recipient’s SMTP server insisted that the message had failed authentication due to an invalid public key.

I have previously postponed the removal of my Google account from my Android phone as I expected it to be a troublesome and tedious process. However, last week I spent a day removing apps installed through Google Play and replaced them with free and open-source software alternatives as provided by F-Droid.

I’m currently experimenting with a few rule conditions to explicitly whitelist the resources I want clients to be able to retrieve on my server. The initial target for this exercise was my onion site which has an issue with misbehaving (poorly written) Tor bots, but I thought it would be fun to extend the experiment to paranoidpenguin.net.

In the last two weeks I’ve seen a steady increase of bots trying to exploit a remote command execution flaw on D-Link routers. The majority of the attacks are originating from IP blocks belonging to Telecom Egypt Data.

Shortly following the distribution’s 25th year anniversary, Slackware maintainer Patrick Volkerding has shared some insight into his current financial situation and the issues he’s facing due to a lack of revenue from the Slackware store. According to Volkerding, the store has not forwarded any founds from sales or donations for the past two years.

At the end of last year, I decided to install an interesting looking operating system named GuixSD. This was to be my first experience of running a system consisting entirely of free software. Unfortunately, the absence of non-free firmware also meant that I in 2018 would be giving up on wireless internet.

After a long rebuild session yesterday due to the Python 3.6 upgrade, I was not overly impressed when issuing emerge --sync eventually resulted in a proposition to revert yesterdays work:

Python 3.6 recently replaced Python 3.5 in the default Python targets on Gentoo systems. The change was announced a month ago, which provided more than enough time for me to forget all about it. Because of this, I was somewhat surprised today as Portage complained about unmet requirements for the fail2ban-0.9.6 ebuild.

As a firm believer in online privacy I refuse to use Skype, Google Hangouts or whatever non end-to-end encrypted service “normal people” are using for their online communication. As a consequence, friends who wants to message me are “encouraged” to install and use Signal. Recently this backfired as one friend insisted it was my responsibility to backup and restore messages on his new Android phone.

I recently learned that it’s possible to use Google Authenticator (or any other authenticator app) with Office 365 for 2-step verification. That’s great as I’ve always believed it was Microsoft Authenticator or the highway. I’m sure Microsoft Authenticator works fine, but I don’t want multiple authenticator apps on my phone.

A month ago I issued a wildcard certificate for *.paranoidpenguin.net and patiently awaited the expiration of my old HPKP policy. Eventually the time to install the new key and certificate arrived, but to my great dismay, things did not turn out according to plan. Upon restarting the Apache web server, I got served with the following (epic) failure:

While configuring my first Gentoo VPS I somehow managed to crash a service and discovered that I had actually no idea how to recover it. The service no longer had any matching processes but it still refused to stop, and simultaneously insisted it was already started. Severely embarrassed I made sure nobody was looking and rebooted the server.

I recently read a thread on reddit titled “A Privacy & Security Concern Regarding GNOME Software” that addressed a few issues regarding the fwupd daemon. The developer eventually responded and was able to justify and debunk most of the claims made against his software. However, that prompted me to have a closer look at the traffic originating from GNOME Software.