The short answer is “Yes”. I’ve opted to rebuild the site, but I’m keeping my baby CMS.

For many, many years, I’ve run this customized site based upon TextPattern. I presumed that it’d be easier to scrap it than to rebuild, having given up on my own CMS years prior for similar compatibility and maintenance concerns (and lets’ face it- poorly written spaghetti code by a PHP3 compliant non-templatable system).

Last year about this time, I stated I was looking for alternatives. I tried Ghost, Grav, and a ton of everything else in between. I just didn’t like them. Still, I started working on HTMLy.. sorry, still not my style for blog posts.

I trudged on, telling myself “another day”. After all, I could always export my content, or just use the old RSS 0.92/2.0 format (there is a long story that goes along with that), and import into virtually anything bloggy- even though RSS is pretty much unheard of now.

Well, it ended up being quite a bit easier than I thought. Not only that, but the community went out of their way to assist me with finding plugins I relied upon which were deprecated, and even some suggestions on moving forward in Web 3.x CSS designs. Thank you, TXP Community!

“Why would I care about running KernelCare on an unsupported distribution”, you might ask me. “What are you talking about? Why are you here?! Get off my lawn!” might be another.

KernelCare is a great idea which sometimes breaks, but usually keeps you well within your SLA. It lets you do nearly-realtime half-week-or-so (I won’t claim 0-day) patching of the kernel without rebooting. This gets your kernel safe enough for the majority of issues – fairly consistently.

KernelCare supports Debian (Kind of), and by proxy- Devuan (Kind of).

For starters, you’re going to need to have the prerequisites installed- Python 2.7 (standard) with a few support tools. I’ll help you get those running (Kind of).

Although soon to be out-of-date, the easiest ways to get this handled is with pip 19. Obviously, I’d strongly suggest checking the base85 code before running it blindly as root, but for the sake of convenience:

pip:

$wget https://bootstrap.pypa.io/get-pip.py -O - | sudo python

Finally, we need an old version of cryptography to work with this older framework (I’m not the biggest fan of this design, either):

$sudo pip install 'cryptography<2.2'

Finally, you can install KernelCare! My modified installer script lives here for now. You’ll want to read the code, then run that, too- if you trust it. The default installer doesn’t work for Devuan. Since there is no direct numeric ID in the os-release file used by CloudLinux, I made it parse $PRETTY_NAME. It only understands ascii (Debian 9), and defaults to jessie (Debian 8) if it doesn’t match.

In the end, you’ll end up with something like this:

# kcarectl -i
Unknown kernel (debian 4.19.0-0.bpo.1-amd64), no patches available

OK, so this isn’t the best example, since I’m running a nonstandard kernel in this example, but it works!

Welcome, one, and all to 2019. Kicking, screaming, and otherwise- we’re all here.

Well, I wanted to bring you something from the archives of “Wait, that happened?”

Here’s an Atari ST demo song by Mad Max. It was so good that I encoded it to MP3 20 some years ago so I could save it to play on my CD MP3 player. Yeah, those were a thing.

Here is a direct link. Enjoy!

We’ve entered an interesting time on the internet.

I’ve always been a proponent of free speech- whether I agree with you, or not. I’ve never tried to do more than ridicule people who have a differing opinion.

We’ve entered another era.

People are no longer content making fun of, teasing, or otherwise. They’re now deplatforming them. What does that mean?

Well, after ridicule, then they went on to contacting the internet providers to try to get them kicked off.

A few years later- employers, to attempt to get them fired.

Skip a few years forward- and now they’re trying to remove them completely from the internet. They’re getting them removed from Facebook (see my earlier post about this). They’re removing them from YouTube. They’re getting their funding removed from crowdfunding sites. They’re removing their abilities to say whatever stupid things they should have the right to say, no matter how much it might be disagreed with.

I don’t care how slow you are. I don’t care how much I disagree with you. I don’t even care how much of a jerk you might be- The internet is still yours. This is wrong.

I manage many services for others on the internet, as well as my own.

Most people are happy with fairly basic security, but I prefer to tiedown my own servers- I only like to leave the ports open that I have to, and now that I’m back on a static network, I can start to block things more effectively (no, you don’t need to portscan me; I’ve still got ssh enabled globally, but it’s without-passwords, sorry).

Today I ran into an issue which I created by myself which caused an issue with my IPv6 nameservers. I probably would have found this sooner, but since I didn’t have access to debug on the hypervisor, I just assumed it was a problem with the host. Oops I broke the cardinal rule!

Long story short, I adapted my IPv4 iptables rules to IPv6 without thinking too much about it. I actually had this evilness in the wild:

ip6tables -A INPUT -p icmpv6 -m icmpv6 --icmpv6-type 8 -j ACCEPT

I swear I thought that I had thought about this. The problem with this is that ipv6-icmp is protocol 51, and I didn’t really think this through. I broke NDP with this, and didn’t notice that it happened immediately, since it took awhile for IPv6 services to completely drop. Silly me.

Thank you, RAMHost, for being more clueful than myself on this stupid I created by politely informing me of my errant ICMP block.