Okay so a few days ago I posted about adopting Caddy.

Of course, anyone who hosts anything knows that accessible services on the internet will start getting hit by scanners within literal moments of being accessible. On the very first night of having my site live on the new VPS, Logwatch informed me of a bunch of attempts to access wp-admin.php. Sigh.

Well, this entire site is built with my favourite static site generator Pelican. That means I don't have any PHP on my site whatsoever. Why not just …

For the last couple of years I've been running this site, as well as my friend's site (Under The Umbrella) on Nginx. Recently my VPS host decided to do away with their cheapest tier, so instead of doubling my annual cost, I hopped onto https://www.lowendbox.com and found myself a replacement Cheaps McGee VPS to host this.

Well, a major change like that is a great time to learn about something new, so I took the opportunity to get started with Caddy. If you don't already know about …

It's the first weekend of New Zealand's COVID-19 lockdown, and having already been working from home for a week I decided I'd get energetic in the kitchen.

Last night, with some guidance from my mate Nevyn, I put a couple chickens into a brine. I've brined before, but this one was super experimental for me, as usually my brines are just that one top result on AllRecipes.com, which is about as inspired as plain mayonnaise on pizza.

Well, holy shit I just finished dinner and it was good enough …

Quite a long time ago, I posted my recipe for smokey BBQ-baked beans. It's still one of the only recipes I've seen which starts with dry beans, and includes slow-cooking in a smoker. Most of the recipes I've found are either for oven baking, or start with a literal can of baked beans (wtf).

Well I'm making baked beans again for the first time in ages, and I've taken the time to write down my tweaks. This is primarily around my BBQ sauce, hence the title of this post!

Just …

(Reposting from Facebook - originally written 2020-02-19)

Tonight I've got something a bit special for my #shavingPost... A few weeks ago, I offered to help beta test a new product - a shave soap in a cup - for Grere Coutie of The Artsy Moose.

The Artsy Moose is actually a really groovy little artisan handcraft shop, physically located here in Hamilton, but Grere sells most of her work online as well. Primarily focussed on soaps, there are all sorts on offer - from activated charcoal soap, to gardeners soap, to BEER soap... even …

I’m a bit over halfway through a brilliant set of particle physics lectures by Don Lincoln, called The Theory of Everything: The Quest to Explain All Reality. Don has spent many years as an experimental particle physicist, and has worked with particle accelerators at both at Fermilab and at CERN. You may remember him from his co-discovery of the top quark in 1995, or from his membership on the CERN team when they discovered the Higgs boson in 2012. Or heck you might have seen one of his TED …

After hosting a mail server for a few years, I've gotten tired of seeing alllll the 404 attempts in my daily logwatch. Fail2Ban can help here really well, and it turns out to be really easy.

Start with nano /etc/fail2ban/filter.d/nginx-4xx.conf (I'm counting on your running Debian and having things in default locations here), and enter the following:

[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =

Note: Make sure you use a capital 'D' in Definition there.

Now, edit your /etc/fail2ban/jail.conf …

I just spent an hour troubleshooting the most ridiculous thing. I guess to help people search, I'd describe this as "dpkg failing at sa-compile in Debian 10" but that's really not a good picture of what's happening here...

Setting up sa-compile (3.4.2-1~deb9u3) ...
Running sa-compile (may take a long time)
/bin/sh: 1: x86_64-linux-gnu-gcc: Permission denied
make: *** [body_0.o] Error 126
command 'make PREFIX=/tmp/.spamassassin22062Ifq5yDtmp/ignored INSTALLSITEARCH=/var/lib/spamassassin/compiled/5.024/3.004002 >>/tmp/.spamassassin22062Ifq5yDtmp/log' failed: exit 2
dpkg: error processing package sa-compile (--configure …

Woo! FreeNAS finally supports ECC crypto for it's SSL certificates in 11.3!

I reported this as a bug almost exactly two years ago, and kept having to do nasty workarounds to make it work every time I installed an update. Very happy that it's finally sorted and I can use my proper shiny elliptic curve SSL setup! :)

If you're setting up a new SSL VPN with certificate authentication, and if you already have an internal PKI, you're probably considering using your internal certification authority to create the SSL keys and certificates for your VPN clients. Awesome! This is a great and easy way to do this job.

But there's a dearth of information on the Interwebs regarding what Extended Key Usages you need to have enabled in your Certificate Template for these. There are a heap available, including Email Signing, Timestamping, Code Signing, IPSec SSL things (about …