According to Jim

Season's greetings from the Chaos Computer Club

So the 34. Chaos Communication Congress is currently in progress and the boys (and girls) attending were kind enough to send some thoughtful wishes to working sysadmins around the globe. The following entry appeared in my server log earlier today:

Wordfence warns against a massive brute-force attack campaign

On the 18th of December Wordfence posted the following entry describing an ongoing distributed brute force-attack campaign targeting WordPress installations. It was accompanied by a dramatic chart highlighting the number of attacks per hour. According to Wordfence, it was the most aggressive campaign they’ve seen so far. However, as a WordPress hosting provider I’ve found no data to support these claims. I’ve not experienced any increase in dictionary attacks or other malicious traffic against WordPress installations on our web hosting platform.

I bought a new domain name through Njalla

I wanted to register a new domain name and decided to go with the privacy-aware domain registration service from Njalla. Unlike other domain registration services, Njalla actually purchases the domain for themselves and acquires full legal ownership and responsibility for the domain name. Njalla however grants you full control over the domain as long as you abide by their terms and conditions.

A year of hosting an onion site

A short story detailing my experiences with hackers, SIGINT and the inherent depravity of humankind. In truth though, this story may lack all the aforementioned ingredients. The lonely onion A year ago I decided to offer my visitors “absolute” privacy in the shape of a Tor hidden service. Believing others were as fed up as myself with the constant mining of our personal data, I was eager to see what kind of traffic my hidden service would receive.

Do we need a Slackware Enterprise Linux?

So the annual “Slackware needs PAM and Kerberos” thread is going strong over at at the moment. This particular topic always seem to awaken a collective inferiority complex within the Slackware community, where users are aggressively refuting any claim that Slackware is not a viable choice for business use (you can do anything with some lines of bash right?…). At the opposite side you have users arguing that Slackware has become a niche hobbyist distribution due to its reluctance to implement mainstream technologies.

Let's Encrypt goes TITSUP

Let’s Encrypt suffered from a major service disruption today leaving users unable to access various services. The cause of the problem seems to have been an update to Boulder (ACME CA) which has since been reversed.

HPKP has been deployed

It’s live, prepare to self-destruct in 3..2..1.. HTTP Public Key Pinning (HPKP) A new HTTP header that allows web host operators to instruct user agents to remember (“pin”) the hosts’ cryptographic identities over a period of time. During that time, user agents (UAs) will require that the host presents a certificate chain including at least one Subject Public Key Info structure whose fingerprint matches one of the pinned fingerprints for that host.

The scam

Referrers from a domain called have been filling up my logs lately. I initially believed it was visitors using an anonymizing service, but alas, it’s yet another referrer scam.

Entering the Dark Web

It’s time to take privacy to the next level and ship this website off to the dark web. As a longtime Tor user it has been a source of embarrassment to not have my content available in onionland. However, that’s all in the past and this website is currently available at slackiuxopmaoigo.onion I’ve also mentioned a few times that I’m sick and tired of WordPress so I’ve gone and replaced it with the Hugo website engine (on the new site).

I’m sick of WordPress so I wrote a new theme to make it worse

In an attempt to have a WordPress theme optimized for running on the Raspberry Pi 3, I went through the hurdles of writing my own theme. Among my goals was to create something entirely free of third party CSS and JavaScript frameworks. Actually, I wanted a theme free from JavaScript altogether and in my opinion there are already more than enough websites built on the Bootstrap framework (you’ll recognize them, they all look the same).