So, last post, I suggested that a VPN was simpler than setting up my home email server to relay when I'm not at home. It was simple, but, when running on a Rasberry Pi, it's awfully slow. To the point of despair. And that's when I'm standing still. If I move around, my android phone has a tendency to disconnect from one wifi hotspot, and connect to another, which disconnects the VPN (admittedly, this may be because I'm in a large building, with eduroam. But at the end-user interface, the cause is irrelevant). All in all, it works, but not brilliantly.

Since I'm off to Redemption '13 this weekend, and the VPN set up is looking a bit untenable. Admittedly, it'll mostly be twitter, but I figured I'd get the email working.


Turns out that, in fact, it was trivial. I'd done all the work before, but, ahem. Forgotten to open the port...
( preambleCollapse )

( Configuration AuthenticationCollapse )

( Encrypting communicationsCollapse )

( The magic portCollapse )

Interestingly, it turns out that authenticate email over TLS uses exactly the same communication irrespective of the port: it starts off in plain text, swapping EHLO acknowledgements, and it's only the STARTTLS instruction that turns the encryption on. Obviously, the server could refuse to allow TLS on port 25, and refuse to continue conversations on port 587 if the client doesn't activate TLS, but if these are left optional, there's no difference between the two ports. So blocking port 25 doesn't stop people running their own SMTP servers. It just means they've got to offload their communications to port 587, and everything else is unchanged (well, you might need to find a different server to off-load to. But the port number doesn't magically ensure a sensible configuration).

I've been running postfix as my home mail server for the last several years, and prefer to have that configured as the mail server on my phone. This is actually a hang-over from having multiple ISPs (and multiple people in the house, all with their own existing mail accounts). Having various things dynamically reconfigure the mail server just seemed a daft idea.

In theory, I had Postfix configured to allow any of the machines on my home network to send email, and any of the machines which weren't at home would then use Dovecot to authorise the connection, so that I don't have to change my phone configuration, just because I'm not home. Unfortunately, I don't think that worked for more than the day that I set it up. I need to get around to sorting it out.

( Or, a simpler wayCollapse )

SSH Authorized Keys not working, in an entirely unique way!

I'd relocated my /home directories to an NFS mount, and then found out that my Public Key login had failed, so I have to type my password every time. Whilst this is a very minor inconvenience (in the grand scheme of things), it's more annoying on my phone, with the virtual keyboard, fat fingers, and no visual feedback on pressing the wrong key.

( And Google couldn't help me!Collapse )

I use autofs.

( Fly, you fools!Collapse )
( And the fixCollapse )

Before Christmas, I acquired a couple of Raspberry Pis. Which, if you've got the right setup of computer kit, absolutely rock. Or, if you just like poking at computer hardware, and have no budget. That's their intended use, but they're getting a lot of people doing other things with them.

In my case, I already have two NAS boxes, which have all of my media (DVDs and MP3s) on them, so I can access them from any computer in the house. In addition, they've now got the file system for the two Pis (how does one punctuate that? Definitely needs *something* in there ;) so they don't have to continually update their Flash SD storage cards (which, I believe, have a limited write life expectancy. Which is probably fine if it's a camera, but less fine if it's got a swap file from a Linux system).

And I've then moved some other bits of storage (my home directory and mail spool) onto the network storage. And lo and behold! I can then have a Raspberry Pi as the main network server in my house. Previously, I've had "proper" full sized PCs (as cheaply as I can get them). But, since they're powered up 24/7, they eventually die. Admittedly, it's probably just the power supply, but in practice, it's quicker and simpler to just buy a replacement for 200 quid from PC World than it is to diagnose the fault properly.

Except now, I don't even have to do that. I don't know what the life expectancy is of a Raspberry Pi, but there's just so much less to fail. No fans, no memory cards. No honkingly large PSU (I've actually got it plugged into one of the USB ports on the back of one of the NAS boxes. Which has been happily powered up non-stop for about the last four and a half years). And even it it does die, replacing it will only cost 30 quid. And a trip downstairs at work, to the Computer Shop :)

Anyway, I figured that some of the things I'd tripped over were probably were recording. So those will pop up in subsequent posts. Some of the stuff I suspect I've already forgotten. So I'd better get on with it, before I forget any more!

ETA: Apparently, the pluralisation of Raspberry Pi is an Official issue, and unfortunately just appends the s.

WorldCon 2014 (an annual sci-fi convention, which moves around) is likely to be in London.

It's not been in London since 1965.

And some stuff has happened since...



(Yes, I know. Two posts in one day. I'm sorry. Normal Rock-service will be resumed shortly ;)

Long time, no update.

Don't knock it: it's not been sufficiently interesting to write home about.
Well, until the last month or so, during which time I have:
Been to Tunisia (which isn't very warm in March, despite being on a different continent!)
Spent four days on a product training course, where I managed to point that every single feature (under the right circumstances) was inadequate, and probably insecure. To which the answer was "You can disable it, and we can write a custom fix for you". Hmm, no :(
Went to Eastercon, which rocked :) And has, coincidentally left me feeling much better than I have done for months, if not years. Kind of hope that lasts, but dreading the inexorable crash.
That all finished a week ago, and I'm now back in work, as usual. And not quite wanting to kill people here. Yet.

Anyway, that wasn't what woke me up, to post (although it helped :)

The Child Exploitation and Online Protection (Ceop) centre wants such a "panic" button link on every page of Facebook.

( Read more...Collapse )
ETA: I've just heard an update on the radio: Facebook are not adding a panic button, but are, allegedly, going for a major overhaul of their security. The relevant point though is that there's going to be a 24 hour police hotline. Sounds like a correct solution to me (so I can now go back under my rock). Odd that it should be announced so soon after the previous item though. You'd have thought somebody working on the CEOP story would have been aware of the possibility of the other option coming together...

ETA 2: The Register (and the comments) agree with me about this being problematic. Including citation of a case on MSN, where the victim (as allusive and venta suggest) simply ignored the button.

I've been introduced to the delight (or distraction) of "The Guild": a geek sitcom about a group of MMO players who make the mistake of meeting each other for real, and finding out that they're unfortunately too much like their characters.

http://www.watchtheguild.com/category/episodes/

Episodes are only 3 to 6 minutes long, so you can watch one during the recompilation.

If you don't want to watch the episodes, at least watch their new video: Do you want to date my avatar? (http://www.youtube.com/watch?v=urNyg1ftMIU)

I have 1337 unread mails in my inbox (by unread, this actually means not-dealt-with).

Just saying.

Our leave year finishes at the end of August. So 3 months from now.

I can carry 5 days over. I currently have 20.

So I need to use 15 days leave in the next 3 months.

You may now make suggestions on where I should go. I don't promise to pay attention, but you might vicariously enjoy sending me to strange places :)