I own a Synology DS413j NAS (home fileserver, four disks); this is mostly a rather nice box, albeit with some quirks. Some quirks might drive me away from buying a replacement box from this manufacturer; I am perplexed that to fix two-factor authentication sign-on, using a locally generated TOTP code, I had to clear cookies for Google. This is a home box and there should be no third-party tracking cookies for how I access devices within my own household.
Some changes in local anchors and identity. PGP I am now completely cut over to using my PGP key generated in 2013, as a 4096-bit RSA key, to replace the previous 1024-bit DSA keys from long ago. The new key, 0x4D1E900E14C1CC04, is in the strong-set: I took care to ensure that was the case before cutting over to it. It has been signed by both my older keys, with a Signature Policy URL which ends /self and the text retrieved therefrom asserts that it’s an “it’s me” binding.
Four small things, none on their own worthy of a blog post; the first three are debugging notes from the past week or so and the last is … stunned admiration for PR skill. First up: FreeBSD Jails and nullfs and ZFS ZFS is very handy in FreeBSD 10, where you can now boot from ZFS. Note though that zfs maintains its own internal mapping of where names should be mounted, used via zfs mount -a in /etc/rc.d/zfs.
Last night (or very early this morning), the XMPP service for spodhuis.org (this grumpy troll’s primary domain) received an upgrade. TLS trust verification for outbound connections can now be performed via DANE lookups. DANE is a mechanism, using DNS, DNSSEC and a TLSA record type, to provide verifiable information in DNS about the trust anchors for reaching a particular service, such that verifying the certificate or public key identifying the remote end of a TLS connection need only rely upon the data in the DNS.
Had an interesting spot of debugging today, which highlighted a few issues. One of them is my “Oh, I knew about that feature, interesting to see how it interacts here.”, which might cause some programmers to chuckle darkly. One server component which my employer maintains talks to a third-party API for an ancillary service; this is over HTTPS with secret API keys. All certificates and hostnames are validated, etc. Recently, the connectivity broke.