Category Archives: cloud


Today I turned on onedrive on my Windows box. Actually two windows boxes, one 10 and one 11. And also, to be accurate, on the Windows 10 box I had to go to some trouble to actually reinstall onedrive which I had long ago completely removed in a fit of pique.

Most of the stuff I write in this blog is about technical stuff I have figured out, and want to record so I can read about what I did later on after I have inevitably forgotten it. This is different. This is more like a cathartic confession, hopefully with the side-effect of purging myself of an unhealthy attitude I have. My confession is that I am unfairly biased against Microsoft, and I tend to automatically reject as unworthy almost anything they create, and I do so sometimes without giving it a fair shake.

Here is the quintessential example. Onedrive is (IMHO) yet another in a long line of ideas which Microsoft rips off from Apple. E.g., in the recent past, Apple created Timemachine, whereupon Microsoft introduces Filehistory. Then Apple creates iCloud, and thereafter Microsoft introduces Onedrive. I don’t love Apple, but that is for industrial policy reasons. When it comes to innovation, though, one has to admit that Apple is constantly innovating. Apple is a visionary innovative engineering company excited by new ideas, which happens also to be excellent at marketing. Microsoft, in my opinion, is a marketing company which is seldom innovative and mostly copies (or buys) other people’s ideas.

I don’t really use iCloud very much, but mostly because I don’t do much actual work on any Macs, and because I don’t take a lot of pictures or listen to a lot of music. I have the default free amount of iCloud storage, but don’t pay for more.

But the important point is that I don’t “resent” iCloud. It doesn’t make me angry. It is there, and like most Apple engineered products it is somewhat seamless. On the other hand, I resented One Drive. I resent that it superimposes itself on Windows, and cannot be ignored. I resent that it is always whining about my not having logged in, and nagging me. I resent most of all that it actually changes the way the file explorer/file system works — once One Drive was implemented, what I used to know about how my friends files were set up became wrong. So typical of Microsoft… they know best, they change things fundamentally and the user must adapt. Reminds me of the old jokes about AT&T pre-breakup. Rule 1: We are AT&T, we don’t care, we don’t have to, we are AT&T. Rule 2: Screw you, see rule 1.

But as time has gone on, I have stopped tilting at this particular windmill. Microsoft may have copied the idea from Apple, but it does make a lot of sense in some ways, like some other changes in the Microsoft experience. I have begun to use a Microsoft account for login on Windows boxes. That also, for a long time I refused to do. And I am letting the Windows boxes do their backup on Onedrive. Because — leaving aside the uber-paranoid reactions that many of us feel about all the big companies having all our data, the fact is that this is a far easier way to do backup. It is a far easier way to reinstall a new machine. All the mumbo-jumbo one used to have to do with windows license keys and licenses for other microsoft products (if one is so unfortunate and foolish to still be paying them for Office for example, which I am not) — all that stuff becomes automatic.

So, grumble, grumble… I am signing my windows boxes in with a microsoft account, and I am letting them back up on onedrive. Grumble, grumble.

Switching Mail Sending to Amazon

This is another aide-memoire about changes in mail on Tarragon.

Some weeks back a change in one of the website contact pages was done and the captcha code was inadvertantly omitted. There followed a period of massive junk email directed at the owner of the site, on her google gmail account. Google decided to cut off tarragon’s ip address.

Although the problem is fixed, google has not relented. And this is the same kind of issue I have had in the past with microsoft. Although I have never been a source of spam, the big mail outfits are quick to ban the ip address of any small personal smtp server, and it takes a lot of effort to convince them to release the ban. I am tired of it. Despite my quixotic desire to run my own mail server as a symbolic cry against the erosion of personal services on the internet, I am tired of fighting, and I think it is time to stop.

Continue reading Switching Mail Sending to Amazon

Adding mail accounts

This is a memory aid, like a lot of these posts. Because I forget how to do things and have to figure it out again.

Adding mail accounts on a virtual mailbox domains requires two things: a) make an entry in /etc/postfix/virtualmb and posthash it, b) ensure the username exists in the users database on tarragon.

Adding mail accounts on the primary domain (without creating a login account and home directory, etc.) requires a) make an entry in /etc/postfix/localrecipientsmap and posthash it, and b) adding the username to the users database.

IPv6 implementation

This post describes my first attempt at implementation of IPv6, a process that took place over a span of a couple of months. After this was done, and was working, a “better way” emerged, which will be the subject of an additional post. I leave this in here for the sake of documenting what I did the first time, but in the unlikely event that anyone finds this while looking on the net for information about implementing a similar arrangement, I urge you to find the other post, and read it as well. This implementation was fragile.

A few weeks back (10 Feb) my friend Mr. G and I exchanged an email in which he said of a possible project “…but this would be an opportunity to learn IPv6”, reminding me that I have for a long time wanted to learn more about IPv6. Part of the genesis of that email conversation was a recent switch by my brother-in-law to a new ISP that employed CGN, so called Carrier Grade Nat, which had disrupted arrangements I had in place for reaching my brother-in-law’s home network. Mr G. opined that the move towards CGN, and other things the ISPs were doing, raised the specter that someday, perhaps sooner than we expect, anyone desiring to do more with their network than occasionally use a browser would find ourselves having to move to ipv6.

More, I have actually wanted to use IPv6 for a long while, but had been under the impression (erroneously) that Comcast really wasn’t ready for this, that all they would give me was a 6to4 tunnel, which I barely understood anyway.

Continue reading IPv6 implementation

The working environment

I’m an old guy, and I mostly use pretty old stuff, but occasionally I think I should migrate to more up to date tools. I’ve used svn for 20 years. I know I should have moved to git long ago. I have also been using Eclipse as an IDE since forever. I run on apache. My systems aren’t virtual. One of my main websites is still hand wrought in PHP, and another is using an ancient and obsolete version of zend framework which has been abandoned by Zend. I think of moving it, maybe to laravel, maybe even to ruby on rails.

This documents my effort to modernize, if only a little. This is a very uncomfortable process because there are times when I’m sure I’m going to foul up the running sites, and be unable to get them up, or that I’m not going to be able to fix the next bug that comes along.

Continue reading The working environment

Apache certificate chains

When I switched my main server to CentOS, described in an earlier post, one of the big pains was that I had to use CentOS 7, and there was a lot of software which had come a long way since CentOS 7, and I had to upgrade a log of things from upstream to get functionality that I had grown reliant upon.

I didn’t realize that Apache itself was one of those things that was sufficiently backwards in CentOS 7 that I would have trouble.

Ever since I move the server to CentOSdid that “upgrade”, I’ve been struggling with problems with the certificates not being honored. For the last few days I have been working pretty diligently to try to figure out this nagging problem, and today I finally figured it out. It is owing to an old Apache.

Continue reading Apache certificate chains

Clamd signatures and Apache memory

After implementing the new tarragon the biggest problem I had involved the clamav package, and its loading of signatures. If clamd doesn’t come up and open its socket, then amavisd (the daemon who is consulted by postfix to handle all the checking of each piece of mail on input and output) will fail (assuming he is configured to do virus checking), This results in various problems. Amavis will mark the mail as “unchecked”, but worse, it will report failure back to postfix who gets confused and very often the message is delivered two or three times.

Clamd, the clamav daemon, now has over 6 million signatures. There are a lot of bad boys out there. The signatures are loaded by clamd from its database (in /var/lib/clamav) on startup, into memory. As a result, clamd has a large memory footprint, almost 800Mb on my system. The first issue, discovered before going live, was that systemd’s default parameters expect any daemon he starts to load within 90 seconds. If it fails to check in within that time, systemd considers it broken and terminates it. Clamd takes at least 3 minutes to load. I had to set a special TimeoutStartSec value in the systemd service script for clamd@.service.

Whew! I thought, boy I’m glad I figured that out. Hah!

Continue reading Clamd signatures and Apache memory

Tarragon Rebuild 2019

This server, on Amazon, hosts my website and a dozen others, provides mail service for several people’s email including my own with postfix, dovecot, opendkim, amavis, spamassassin and clamd, provides contacts and calendar service using radicale, provides vpn service with openvpn, provides a tor relay, provides nextcloud service, and hosts my svn repository.

The server was last rebuilt in 2017. Long, long ago when I built the first version of it, I was most familiar with Red Hat/Fedora, and since then it has been easiest just to upgrade it with Fedora, always grumbling to myself that someday I’m going to change it. The problem with being on Fedora, of course, is that Fedora changes every 6 months, so I’m constantly behind. And after a year I’m at end of life. This is dumb for a server that I don’t want to be messing with all the time.

Continue reading Tarragon Rebuild 2019

Setting Up Openvpn Server

The objective of this project was to install a vpn server on one of the boxes in the cloud (initially asafoetida, then moved to tarragon), in order to provide a VPN server service for a friend who was traveling. My friend uses the name Darrell for his client, so in what follows the vpn is called by this name.

Create a Certificate Authority

A lot of the instructions, even from openvpn site, say to use the “easyrsa” package to generate the certificates for openvpn. This package seems to be put out by the openvpn boys, or at least with their cooperation. But I didn’t do that. I created a ca with raw openssl.

Continue reading Setting Up Openvpn Server

Certificates Redux

An earlier post talked about switching my server tarragon (where this blog sits) to a wildcard certificate from letsencrypt. There were two reasons why I was using a wildcard certificate. One had to do with test versions of websites that run on this server, and the need that some of those sites have for wildcards, of the form:,, etc. The other reason was that I have a lot of hosts (oregano, cinnamon, paprika, lemongrass) in addition to tarragon that “need” to have a certificate, for https, for imap, and for smtp, and when I was having to pay for them, it was cheaper to get one wildcard for Continue reading Certificates Redux