Rspamd seems to be common, it’s included in the mailcow stack and others. Seems to work pretty good, I’ve been on Mailcow for several years now with no major spam issues after I dialed it up a bit.

Upside down so I get a good undercarriage wash.

The term you would search for here is “split-horizon DNS”. Assuming you’re using a real domain name with hosts, you want a DNS server inside that resolves the LAN address, and the outside DNS server for everyone else resolves your WAN address (which presumably you reverse-proxy to inside host).

Even better is to not expose the service at all from the outside, use a VPN like Tailscale, and then use their MagicDNS service on the tailscale network to keep everything behind the firewall.

Every service you expose to the outside is more attack surface.

I had a car dealership I was to add new servers into a new rack and recable it. I walked into a room with about half a dozen servers balanced on a pile of cat5, BNC and serial cables about 4’ high. I spent 3 weeks untangling cables, removing dead cable, decommissioning serial and token ring networks and re-terminating or re-running ethernet that didn’t test well.

Pretty much everything was done by scream test because nothing was marked. I found an ancient server that was still used for manuals occasionally that was drywalled into a old closet in the shop when I traced down a line I disconnected and one of the mechanics asked where his manuals had gotten to. That server was shut down every night when they turned off the shop lights and booted back up every morning for who knows how many years when someone came in to work and turned on the lights.

I eventually got to the point I could set up my rack and SANs/servers, patch everything over from the network rack I mounted on the wall, and get guys going on the workstations.

We had a series of meetings after that with the sales team about getting a technical appraisal before we sold our equipment into dealerships. And every dealership I worked in after that was pretty similiar.

Honestly, it was an amazingly satisfying feeling at the end to look in that room after I was done. I get a little shiver 20 years later thinking about it now.

Yah, you’ll want a thick skin around this group and don’t get herded into groupthink, but you seem to have that covered already.

There are places to look for help if you need it (I’m happy to take DMs) but unfortunately I’d have to recommend reddit/r/linuxquestions as probably the most welcoming. While the ArchWiki is a great source of information, stay far away from the Arch forums unless you’re wearing blast armor. Format a question the wrong way and you’ll get fragged. I’d say the Debian forums are probably the easiest to get along with, it seems populated with adults.

Finally, someone that actually RTFA.

The systemd fiasco really tore the heart out of my respect for the Linux community, especially the one right here. One asshole out there pretty much doxxing an opensource developer for putting a field in the same PII area as address and phone number, and the rest of the assholes were looking to crucify the guy instead of shaming the doxxer for it. And nobody (well, few people) saw what was wrong with that.

And then, yes, the init wars, and shitting on devs for their choices about packaging, and shitting on them for not liking how they run their project, for using AI, and and and.

The downvotes on this comment garnered tells me it hit a nerve, and that’s why I posted it. I don’t expect anyone to actually take it to heart and change, but when I was pushing back here against the pitchfork mob over the age verification thing, I hoped for a better response. Typical, as the linux community likes to shoot the messenger.

In the end, driving people away from desktop Linux works in our favor, because it puts off the day that Linux enshittifies. So I can’t be too upset.

I thought it was quite eloquent. The downvotes tell me it hit a nerve, and as another commenter says, the recent “field added in systemd so let’s hang someone” fiasco lines up.

A: It’s not my blog

B: The author’s point was that Flatpak solves a lot of pain points for developers on Linux with distribution that Appimage doesn’t, and package managers certainly don’t, and that if there’s going to be companies like Valve and Redhat that are going all-in on that method, it would benefit the Linux ecosystem that’s currently driving away developers in droves with fragmentation to consider that.

Personally I like Appimage for just being able to grab a file and run it, and I integrate Gear Lever updates by building my own repackaging infra to keep projects that use it updating via Gear Lever’s Update All button. But I can completely commiserate with the idea that it isn’t very useful for most users to have to come up with things like that themselves when Flatpak is easily integrated with Discover and other packagekit software updaters.

it was the largest display of pointless pearl clutching I’ve witnessed in years.

On the plus side, my block list got a lot of new additions.