Building git 2.x from source on Debian

For most, the version of git available with your distribution is sufficient. I, however, like to make things interesting for myself. Accordingly, neither the git build available in wheezy main nor wheezy-backports meets my needs (Jessie also doesn’t provide the latest release). Provided are 1.7 and 1.9, respectively; I need at least 2.41.

Fortunately, building git from source isn’t particularly challenging.

Continue reading Building git 2.x from source on Debian

  1. Owing to GitLab, which deserves its own post.

Creating Public Key Pinning headers (HPKP)

In my post two weeks about setting consistent headers in nginx, one of the headers I was concerned with was the Public Key Pinning header (HPKP). This, and the Strict Transport Security header (HSTS) are both defensive mechanisms meant to increase the reliability of secure connections to a given site.

Continue reading Creating Public Key Pinning headers (HPKP)

Todoist: finally, a task manager I may actually stick with

I’ve never found a good system for managing tasks and reminders, despite searching about once a year for a better solution. Each time I look for a new approach, I seem to find something that’s just enough of an improvement in some way that I get excited and switch.

Continue reading Todoist: finally, a task manager I may actually stick with

Authoritative DNS with redundancy, using nsd and Debian Wheezy

Following up on yesterday’s post about what motivated me to host my own DNS, I’ll do my best herein to detail how I pulled this off. This is written for Debian Wheezy because I haven’t finalized an upgrade plan for Jessie yet; with Wheezy LTS extending support to 2018, I hope some find this useful.

Continue reading Authoritative DNS with redundancy, using nsd and Debian Wheezy

DNS is scary, so I decided to run my own nameservers

Fear was both a reason for and against hosting my own nameservers. The idea began when I grew uncomfortable with my registrar also hosting my DNS. I feared the single point of failure that my account credentials represented, and the risk of losing control of both my domains and DNS–and by extension, email–that that scenario posed. I’d also tired of the ever-increasing cost of Amazon’s Route 53 service, which while reliable and a remedy for my first concern, was also quite excessive for my needs.

Continue reading DNS is scary, so I decided to run my own nameservers

Four techniques for monitoring server logins

With four Debian servers, each available over both IPv4 and IPv6, login attempts come from many sources. Gabriel Koen, in response to my backups post, asked what I do to monitor logins.

Currently, I use four tools to deal with login monitoring, equally split between proactive and reactive solutions. I don’t believe that any of these are Debian-specific, but I have no relevant experience with other distributions.

Continue reading Four techniques for monitoring server logins

Assuaging my paranoia with redundancy and many, many backups

Along with the joy and burden of running my own servers comes a great deal of paranoia. Are my machines secured against unauthorized access? Is my mailserver an open relay? Will DNS for ethitter.com keep working if my primary machine is down? What happens if something crashes? Do I have all of my configurations tracked should I need to rebuild one of the boxes?

These, and many similar questions, are so frequently thoughts of mine that I had no choice but to establish many layers of redundancy and backups, lest I be unable to focus on anything else.

Continue reading Assuaging my paranoia with redundancy and many, many backups

Economically monitoring SSL certificate expiration

As noted previously, I’ve opted to serve all of my sites securely. I even went to far as to get ethitter.com on Chrome’s preload list, meaning no major browser even attempts an insecure connection to my site. Try loading https://ethitter.com/ in Chrome, Firefox, or Safari, and the browser will redirect to https://ethitter.com/ before my nginx configuration ever tells it to.

That vaguely-entertaining detail aside, this means that I’ve reason to be concerned about how soon my SSL certificates expire. The HPKP headers I set have 60-day lives, which I need to account for any time I renew the certificate for a pinned domain.

Continue reading Economically monitoring SSL certificate expiration