Today I updated and rebooted a bunch of servers - all in a day's work. Everything went fine, until one of the hosts (the big one) didn't boot up again properly.

I've got two hosts, both running ProxmoxVE (version 7.1) and Microsoft Defender for Endpoint (version 101.61.69-insiderfast). On reboot, one of the hosts came up fine; the other didn't.

Long story short, uninstalling mdatp fixed the problem - wild hypothesis, but I suspect it was interfering with either network bridge or interprocess communication.

The rest of this post is …

I know Goldenhorse didn't get particularly huge, but I always really enjoyed their work. Wake Up Brother is one of those ones that really feels like an achievable song for a small band - it's got solid, driving bass; a groovy bright guitar line; and requires quite a dynamic singer to pull it off.

Some friends and I are planning to add it to our band's repertoire, but the bassline is a bit too complex for us to transcribe properly. And the song wasn't particularly well-known, so there's really only one …

I got into brewing seltzer during the spring of 2021, and these are my notes. They're in descending order, so the most-recent are at the top. The notes got progressively less-detailed as time went by, so those looking to actually learn things (e.g. "How much yeast nutrient should I use in a seltzer that's 100% dextrose") should read the highlights and then read from bottom-up. :)

Highlights:

• Kveik Voss is fast-fermenting and relatively transparent flavour. Excellent for seltzer
• It does take a couple days post-fining for the yeast scent to …

A few months ago, I published what I learned from playing with the Linux version of Microsoft Defender for Endpoint a few months back. If you're here, you'll have possibly already read my original post. There was a bit of tuning required to get it to behave nicely; just adding some sensible audit logging exclusions.

Well the Acronis Cyber Protect backup platform has recently been added to the bundle, and it had a few specific requirements, so I've documented them here.

There are four Acronis processes which MDATP will spend …

2021-08-01 Update:

This is a better string to find out what's hitting your audit log: cat /var/log/audit/audit.log* | cut -d ' ' -f26 | sort | uniq -c | sort -n | tail -n 6 | head -n5

Linux doesn't have many great antivirus options available.

Don't get me wrong, there are actually a few options nowadays. We've got the ever-present ClamAV; BitDefender has a good reputation, but I haven't played with it yet; Sophos AV for Linux seems to be in limbo. ESET for Linux exists, as does Symantec Endpoint Protection for Linux …

Had a hankering for a Satay Chicken tonight and kinda whipped something up based on a couple different things. This is more of a saucy satay, not a dry skewer-type. This takes a bit of juggling; I had three elements on the stove, and a few stages. Worth it, tho.

I've broken this into stages: the sauce, the veggies, and the noodles. For the benefit of shopping lists (and Whisk!) I've provided an awful monolithic pile of ingredients up-front. Yay.

Ingredients

• 2 large chicken breasts
• 2 Tbsp fish sauce
• 2 …

Zuper-quick post for when this bites me again in the future!

Tonight I upgraded from Zentyal 6.2 to Zentyal 7.0. Smooth as butter, everything went great.

Until I logged in, and my shiny Actual Paid Money SSL certificate had vanished, replaced by a self-signed commoner's certificate. Piffle.

Instructions for installing a custom SSL certificate in Zentyal are actually kinda shaky, so here you go:

cd /var/lib/zentyal/conf/ssl/
mkdir old
mv * old
nano ssl.key
nano ssl.cert
cat ssl.cert ssl.key > ssl.pem
chmod …

Turns out this is my third Amavis article. I guess it's just one of those systems.

Heads up, if you're trying to do this, make sure you also read my other article about the "banned_files_lover" thing.

Today I'm on a mission to: 1. Drop all incoming Office '97 files (they're predominantly malicious these days) 1. Drop all incoming Macro-enabled Office 2007+ files (there aren't legitimate reasons to receive these in my scenario) 1. Drop any emails containing a .onion address 1. Drop any emails containing a bitcoin wallet

Dropping Attachments …

About 7 months ago, I left Nginx and moved to Caddy. I've found it super easy, and have now experienced using it as a reverse proxy, a static site server (this one!), as well as a hosting a handy place for me to copy my favourite Kaomoji.

Update 2021-01-20: I had a bug! By default, Caddy serves this without a Content-Type header. However, the RFC specifies that the response should be explicitly Content-Type "text/plain". Thanks to klausenbusk for letting me know!

Note: the Caddyfile fragment to generate https://shrug …

TrueNAS, and FreeNAS before it, has supported UPS via the NUT software package since forever. But most people using it seem to be using USB-connected UPS devices. I don't have one of these. I'm dealing with an IPv4-based APC ups, specifically the Smart-UPS X 1500 (SMX1500RMI2UNC), with an AP9631 NMC2 card.

You're probably here because you're in the same boat: trying to set up a non-USB or Ethernet-based UPS under FreeNAS/TrueNAS, and you can't. You've noticed the TrueNAS console will not shut up about errors which read something like …