Circular dependency Yak-shaving. - The Yak that keeps on keeping on.

#SysadminLife IMAP migration 

So there's this *really* old IMAP server, running MDaemon 6.8.5 (ca. 2003) and I need to migrate the data away to something more modern.

imapsync is unable to authenticate successfully, no matter what I try. (Thunderbird is able to connect, authenticate and sync, so I am certain the credentials I got are correct.)

offlineimap crashes from package, and from source.

I've never been let down by offlineimap.

I guess that's a client side migration.

Wie lange dauert dieses „just a moment…“ so im Schnitt?
Sollte ich mir nach mehreren Stunden Warteanimation beginnen Sorgen zu machen oder kann das auch mal länger dauern?


tech I had to deal with during the last weeks

- L2TP/IPSec
- IPSec IKEv1 PSK (with ciphers like PSK_LOLCAT_ROLLINGSUM)
- IKEv1 EAP-MSChapv2
- IKEv2 EAP-TLS (PKI/Certs)
- OpenVPN
- Wireguard
- PPTP

People expect that
- you know each from the top of your head in and out
- they work on every device
- all vendors are compatible with every other vendor
- it's free
- it's instant
- it works flawlessly on every broken, triple NATed, censored network

What I actually prefer: ssh

Dear npmjs: Please get rid of your active attacker, that means Cloudflare.

npm update fails because Cloudflare is actively blocking updates meaning more vulnerable systems out there.

Access denied | registry.npmjs.org used Cloudflare to restrict access


Trying to figure out a way how to bootstrap PostGreSQL database creation and separating the databases into their own ZFS dataset each.

Meaning I would need to know where a new db would get created in advance so I can mount a dataset there.

If you're providing online services, communications or network infrastructure for other people and you have any kind of basic ethical foundation for what you do:

This talk by Paul Vixie gives a good overview about the problems with the current DoH (DNS over HTTPS) advancements by commercial traffic interceptors like Cloudflare and how Mozilla/Firefox is selling you and your private data out to them.

This is an hour *really* well spent!

invidio.us/watch?v=ZxTdEEuyxHU

Some “installation documentations” of open source projects really makes me wonder if anyone ever tried to use them to actually install said application.

And then, there's these bonmots in the “activate background jobs” section:

[root@all] su - openproject -c "bash -l"
[openproject@all] crontab -e

Sadly Tor Project removed the .wmi file which contained just the version numbers of the current tor stable and alpha releases (#404) which kills my version alerts.

For those who wonder what a .wmi file is, that is a WAP file. If you wonder what WAP was…
en.wikipedia.org/wiki/Wireless

Why did I use that .wmi file in the first place? Because it was super-easy to grep. Don't ask why I grep in XML…

To protect their users, postmasters should bounce emails that are sent from noreply@<domain.tld>.
The sender clearly indicated that they don't give a fuck about dialog and only want to either shove their marketing shit at recipients or that it is automated stuff that isn't working anyway.

In other terms this is just plainly unfriendly behaviour towards the (intended) recipients, who may even be their customers.

It's 2020 and medical institutions are using PPTP in production. How is this even legal?

Oh… wait…

2019… and we have so called “Business Internet” access, which gives me 4KiBi/s … FOUR kilobytes…

Have you ever tried updating macOS over such a connection? Or Adobe products? Or anything at all?

I mean, even my shell is stuttering here…

Current status: "message":"unprocessable mails: 7;

Sometimes is a big black box of nobody has an idea why (kinda unspecific thing related to email) doesn't work.
Nope, it does neither log which email account is affected nor which messages nor why at all or what is happening.

It logs:
fetching imap (<server>/<email address> port=993,ssl=true,starttls=false,folder=INBOX,keep_on_server=false)
- no message
done

for all configured accounts.

Current status:

"Your ansible version is too old, please upgrade to v2.8.4 or newer. Exiting."

I hate you ansible, there's no update available. I'm on 2.8.2 and this seems to be a breaking change.

RANT: Fedora Installer 

What the hell's wrong with Fedora's installer? It's most inefficient, slow, unhelpful and constantly gets into my way of actually installing an OS.

It's a graphical installer, that's already a negative. It *requires* a mouse, no way to use it with a keyboard alone. The mouse arrow is too jerky to be called usable.
It lies about the ways it will setup disks.

Restart at the end must be done via Terminal since there's no button in the GUI.

What's the (free as in gratis) Dynamic DNS Service one would want to use these days?

I don't care for the available domains at all and I only need a single hostname.

Turns out I forgot how to sysadmin.
There were two homeserver.yaml files and I was editing the the one not used by synapse, but the one that I had expected for reasons.

Meaning, my matrix-synapse is currently catching up with synchronisation and running 0.99.5.2 which is the latest package available for FreeBSD at the moment.

I'll start tackling to switch to a pip installed more current version next.

at 30°C

Show thread

I finally killed my Matrix-Synapse server into catch22.

Can't federate with the outdated packaged version 0.34.1.1, because it crashes talk gin to newer servers.

I can't upgrade to latest available package 0.99.5.2 which crashes upon launch because twisted cannot bind to :::8448 with a Protocol not available error 43.

IPv6 is currently unavailable on that machine. Twisted also crashes when I DO IPv6 because infinite-loops.

Seems I cannot force matrix onto IPv4 either.

FM

Show more