Great job! Maybe it would be worth putting it on the Gentoo wiki?
Anafroj
joined 2 years ago
17 years here. :) I did a bit of distros hopping (surprisingly, the one I loved the most beside Gentoo was KDE Neon, for how polished the interface experience was), but always had a least one gentoo running home. Now all my machines are Gentoo again, it's just the most stable distros for me (if anything, because it doesn't try to be smart and let me configure things my way).
Also, now that I'm confident patching big C programs, this is the dream distro for tinkering. I just fork ebuilds in my own portage tree, add my patches in the ebuilds, and just like that, I have patched programs managed by my package manager. Still need to do it with each program update, though, so it's cool, but not perfect.
Thanks for mentioning it, I didn't know about it. Protecting against CVEs sounds indeed awesome. I took a more brutal approach to fix the constant pentesting : I ban everyone who triggers a 404. :D Of course, this only work because it's a private server, only meant to be accessed by me and people with deep links. I've whitelisted IPs commonly used by my relatives, and I've made a log parser that warns me when those IPs trigger a 404, which let me know if there are legit ones, and is also a great way to find problems in my applications. But of course, this wouldn't fly on a public server. :)
Note for others reading this, the correct link is CrowdSec
Gladly, fail2ban exists. :) Note that it's not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I've actually set up fail2ban rules to ban anyone who is querying / on my webserver, it catches of lot of those pests.
This. Also, anybody who can identify you as the owner of the host (be it through Whois or through hosting service records) can associate your name to everything posted on that instance, thus profiling you, your tastes and your opinions easily (it's insane the amount of personal information we can leak on social media, even when thinking we're not). Clearly not something to do in countries where you can be harassed or worse for your opinions, and probably best avoided everywhere, if privacy is a concern for you. There is some virtue in being immersed in the masses (that's actually a common anonymisation strategy, from merging streams comes plausible deniability).
Reading lots of code is the most important, at this point, so you see how the code is actually written in the industry.
An other good way to get started is to try to change some software you use, to add a feature you want in it. It's challenging to get your head around someone else's codebase, and yet it's a very important skill, since you'll need that in most jobs you'll find. Education tends to assume you're the one starting the codebase, but it's rarely the case in real life.
And when you feel confident enough making those small changes, you can try to submit the most useful ones to the project. :) This will teach you collaboration, which is an other very difficult and very important part of the job. Plus, it will get you contacts and contributions to show off.
Ahah, so that's what initrd are called on Pi. :P Good catch!
Funny enough, I don't have such file on mine, the only *.img I have is the kernel, kernel8.img. I guess it's OS specific.
The .bak things sound like an interrupted update, or something. Like if the updater moved the current initrd as a backup file, then started building the new initrd and crashed or was rebooted before completion. That's what I really dislike about automatic updates, I prefer to be sure to know it's running, and see the output. :)
Congrats on sorting it out!
Oh I see. That sounds cool, thanks for mentioning it. ποΈ
I feel you, been there. :) I now use Gentoo on my Pi and it is stable, but I can't recommend that to anyone who is not already used to Gentoo, it's challenging to install it by itself.
Regarding the SD card, I have no problem anymore since I stopped using the cheapest brands. I now use only Sandisk Ultra microSDXC, and the oldest ones have been working for four years without issue. It's still basically a NAND (same stuff than in SSD drives) soldered on pins, though, so it's very fragile. Care should be taken to neve bend them : they look flexible, but the NAND really isn't.
It's also a good idea to backup the whole card. As they usually weight way less than hard drives, it's easy to backup on your system and flash them back, mounting the sdcard on your desktop/laptop:
lsblk # find the device name, let's say it's mmcblk1
dd if=/dev/mmcblk1 of=./backup-file bs=1G # making a backup
dd if=./backup-file of=/dev/mmcblk1 bs=1G # restoring the backup
if means "input file", of means "output file" and bs is the buffer size (how many bytes are copied at once, the more the faster, but it will use that amount or RAM at each iteration). dd is just copying input to output, bs bytes by bs bytes.
If you do that regularly, even using cheap sdcard that fail after a year will be less of a setback : you can just flash the last saved version of the system on a new card. It's probably better, though, to keep only the OS on the sdcard, and store important daily updated data on a usb drive or key.
That's true, but only initially. Once you get SPF/DKIM right, that you domain name grows a few years old (enough to be considered established) and that you nailed your configuration, there is no issue anymore. I've been running my own Postfix on a Pi in my home for about 5 years, and It Just Works β’. The only maintenance I do is updating the software (done when updating the rest of the OS), and I don't get shadowbanned mails anymore, even when sending to outlook.com (which is. by far, the worst peer when self-hosting emails).
EDIT : by the way, fun fact : it seems not as related to IP reputation as it's often said (well, unless the IP has bad reputation, of course). I changed my ISP late last year (thus changed my IP), I was very afraid I would lose my good reputation and have to start over with getting my mails shadowbanned, and⦠nothing happened. My mails just got delivered as usual. So I bet the domain name is at least as important as the IP.
Oh my bad, I missed that. Telling it to the OP. ποΈ