After a long rebuild session yesterday due to the Python 3.6 upgrade, I was not overly impressed when issuing emerge --sync eventually resulted in a proposition to revert yesterdays work:

Python 3.6 recently replaced Python 3.5 in the default Python targets on Gentoo systems. The change was announced a month ago, which provided more than enough time for me to forget all about it. Because of this, I was somewhat surprised today as Portage complained about unmet requirements for the fail2ban-0.9.6 ebuild.

A month ago I issued a wildcard certificate for *.paranoidpenguin.net and patiently awaited the expiration of my old HPKP policy. Eventually the time to install the new key and certificate arrived, but to my great dismay, things did not turn out according to plan. Upon restarting the Apache web server, I got served with the following (epic) failure:

While configuring my first Gentoo VPS I somehow managed to crash a service and discovered that I had actually no idea how to recover it. The service no longer had any matching processes but it still refused to stop, and simultaneously insisted it was already started. Severely embarrassed I made sure nobody was looking and rebooted the server.

Arch pushed out Gnome 3.28 today but unfortunately for me, my system failed to boot properly after the upgrade. The system simply locked up after the “Reached target Graphical Interface” stage. GDM (The GNOME Display Manager) was a prime suspect in my book, so the first order of business was booting into a lower runlevel to figure out what was going on.

I’m using systemd-boot (because you can never have enough systemd…) so to enter the kernel command line, I simply hit the “e” key from the boot menu. Adding the kernel parameters systemd.unit=multi-user.target will boot the system into runlevel 3 (no display manager).

Importing signed certificates on BlueOnyx has always been somewhat of a challenge and it’s not well documented. The gist of it is that the certificate you want to import needs to consist of both the certificate and the corresponding private key, and it must have an extension that BlueOnyx understands (*.crt or *.cert works). Even so, my attempt to import a signed certificate from RapidSSL failed with a message stating that the imported certificate did not contain the correct private key.

So I was minding my own business while connected to my VPN service when I noticed several blocked outbound network connections appearing in my firewall log. For some reason my wifi adapter (wlp3s0) was trying to connect directly to the internet without having traffic routed through my VPN interface (tun0). Was this my reward for not reviewing AUR PKGBUILD files, or was there another explanation as to why wlp3s0 wanted to disclose my real IP address?

There has been a long and tedious debate among slackers over whether the distribution should stick with KDE4 or move to Plasma 5. According to Slackware’s KDE maintainer Eric Hameleers, a decision has been made and Slackware 15.0 will ship Plasma 5.

So today I’ve experienced a more significant than usual attack against WordPress installations hosted on one of our company servers. So far I’ve blocked more than 17000 21000 unique IP addresses, but the attackers seem to have an endless supply and they’re not slowing down. Note: This article was updated on January 27, 2018.

I recently added support for the HTTP/2 protocol on this server and I am really pleased with the additional performance gains. This VPS was already running a functional LAMP stack, so the following steps describe the necessary configuration changes for my setup which relies on Apache with PHP-FPM.