The Grumpy Troll

Ramblings of a grumpy troll.


Mum had layers, strong opinions, and an unwavering moral compass. When she set her mind to a matter, no institution of man could turn her aside. I once, as a compliment, told her that she presented a sweet little old lady exterior, but that she was like a shark underneath, comparing her to Agatha Christie’s Miss Marple. Mum took this as the intended compliment, with a smile on her face which still shines in my memory.


Synology NAS & rsync

I own a Synology DS413j NAS (home fileserver, four disks); this is mostly a rather nice box, albeit with some quirks. Some quirks might drive me away from buying a replacement box from this manufacturer; I am perplexed that to fix two-factor authentication sign-on, using a locally generated TOTP code, I had to clear cookies for Google. This is a home box and there should be no third-party tracking cookies for how I access devices within my own household.


PGP & TLS updates

Some changes in local anchors and identity. PGP I am now completely cut over to using my PGP key generated in 2013, as a 4096-bit RSA key, to replace the previous 1024-bit DSA keys from long ago. The new key, 0x4D1E900E14C1CC04, is in the strong-set: I took care to ensure that was the case before cutting over to it. It has been signed by both my older keys, with a Signature Policy URL which ends /self and the text retrieved therefrom asserts that it’s an “it’s me” binding.


Four miscellaneous things

Four small things, none on their own worthy of a blog post; the first three are debugging notes from the past week or so and the last is … stunned admiration for PR skill. First up: FreeBSD Jails and nullfs and ZFS ZFS is very handy in FreeBSD 10, where you can now boot from ZFS. Note though that zfs maintains its own internal mapping of where names should be mounted, used via zfs mount -a in /etc/rc.d/zfs.


XMPP & DANE with Prosody

Last night (or very early this morning), the XMPP service for (this grumpy troll’s primary domain) received an upgrade. TLS trust verification for outbound connections can now be performed via DANE lookups. DANE is a mechanism, using DNS, DNSSEC and a TLSA record type, to provide verifiable information in DNS about the trust anchors for reaching a particular service, such that verifying the certificate or public key identifying the remote end of a TLS connection need only rely upon the data in the DNS.