Patrick Volkerding has finally confirmed the authenticity of the Slackware Linux Patreon page in a post over at LinuxQuestions.org.

After the Slackware Patreon page was initially discovered in mid-June 2019, it has been the source of quite a bit of debate regarding its authenticity. Anyhow, with that question out of the way, the bigger question now is whether there is still enough interest in Slackware Linux to make it a sustainable business for Mr. Volkerding.

In preparation for my move from WordPress to Hugo, I read a few blog posts on the subject to make sure I wouldn’t run into a brick wall. After all, Google had already indexed over 3000 posts covering the subject in detail so what could possibly go wrong?

I was spending an evening window shopping for a future BSD hosting provider when I came across ARP Networks and its list of VPS plans. What caught my attention was not the technical specifications, but rather the naming scheme that I found to be simply astounding.

Last week I noticed yet another ongoing brute-force attack against our managed WordPress hosting. The botnet is very low key and each bot connects on average only once per day. Up until now, I’ve collected in the ballpark of 3100 unique bots.

Your favorite privacy-aware domain registration service now supports DNSSEC with the click of a button. I’m not exactly sure when this got added, but DNSSEC is now available for selected TLDs.

I figured it was about time for this Gentoo powered blog to enjoy the security and performance enhancements provided by TLSv1.3. However, that meant leaving “Gentoo stable” behind and travel on a journey of discovery into the land of the unmasked and dangerous.

I was unaware that Facebook recently had started to add a unique click identifier to all outbound links on facebook.com. Coincidentally, one of the security measures of this server is to disallow query strings as part of the URL. Thus, any visitors coming over from Facebook were suddenly blocked and banned on sight.

The Android Oreo update has been rolled out to Honor 8 smartphones all over the world, but for some reason, mine got left behind. I feared it might be related to my effort with disabling Huawei and Google services on the phone, but as it turns out it was rather easy to correct.

A while back I lost access to the email address with which I had subscribed to the slackware-security mailing list. This does not please Bob, so today I logged into my webmail account and sent along a new request to join slackware-security and slackware-announce. The response I got in return gave me a good laugh and a swift feel of nostalgia.

Even though I really enjoy the new Gutenberg experience from a content creator’s point of view, I’ve come to the conclusion that it’s not the right editor for me. My dear Gutenberg, it’s not you, it’s me.

I’ve never really felt all that good about storing my passwords on the public cloud, but after we started using LastPass at work I somehow got lulled into adopting it for personal use as well.

Almost a year has passed since I bought a new domain name using the privacy-aware domain registration service from Njalla. Based on my experience with the service, I felt confident enough to go ahead and transfer my primary domain from Namecheap to Njalla.

After the GhostProject started offering access to 1.4 billion credentials in the form of usernames with clear text passwords, I’ve seen an expected increase in attacks against customers e-mail accounts.

This week Google went ahead and removed support for HTTP Public Key Pinning (HPKP) from Chromium after some initial stumbles. The change was committed and tagged for Chromium 72.0.x and can now be observed by users of Chrome Canary.

I recently got the opportunity to discover how long Google would keep showing my content on the search engine result pages when my web server was unavailable. Predictably, I only had a short window of time before my content got removed. And the first content to go was my top ranking pages.

So I had just implemented DomainKeys Identified Mail (DKIM) on a Postfix server and was confident that the signing process was correct, but on testing, the recipient’s SMTP server insisted that the message had failed authentication due to an invalid public key.

I have previously postponed the removal of my Google account from my Android phone as I expected it to be a troublesome and tedious process. However, last week I spent a day removing apps installed through Google Play and replaced them with free and open-source software alternatives as provided by F-Droid.

I’m currently experimenting with a few rule conditions to explicitly whitelist the resources I want clients to be able to retrieve on my server. The initial target for this exercise was my onion site which has an issue with misbehaving (poorly written) Tor bots, but I thought it would be fun to extend the experiment to paranoidpenguin.net.

In the last two weeks I’ve seen a steady increase of bots trying to exploit a remote command execution flaw on D-Link routers. The majority of the attacks are originating from IP blocks belonging to Telecom Egypt Data.

Shortly following the distribution’s 25th year anniversary, Slackware maintainer Patrick Volkerding has shared some insight into his current financial situation and the issues he’s facing due to a lack of revenue from the Slackware store. According to Volkerding, the store has not forwarded any founds from sales or donations for the past two years.