tag: #linux

On January 3, three vulnerabilities in modern CPUs reframed two decades of assumptions about hardware-enforced isolation. The patches are landing. The deeper lesson — that speculative execution as currently designed is fundamentally hostile to security — is what we are still working out.

Debian 9 Stretch released two weeks ago, ending Jessie's reign as stable. Most servers will upgrade through the year. Here is what is genuinely new, what is worth knowing before you migrate, and what is going to bite you.

Self-hosting email used to mean installing Postfix and pointing an MX record at it. In 2017, the deliverability fight against Gmail and Outlook is the real work, and most of the difficulty is not the mail server itself.

Borg 1.0 has been stable since February. If your backup strategy is still rsync to an external drive, you are leaving real safety on the table. Encryption, deduplication, and compression are not optional anymore.

Let's Encrypt left beta last week and entered general availability. Free, automated, ninety-day certificates from a CA that browsers actually trust. The change is bigger than the price tag suggests.