A black-and-white drawing of Tux, Linux mascot.


Profile for Oleksandr Natalenko. Username @oleksandr, natalenko.name. Role: admin


GPG 1436E96DB2B2D60D494BA341D95AE3051E67707F

🇺🇦 🇬🇧 🇨🇿 🇪🇺 Senior Principal Software Maintenance Engineer, Linux Kernel, at Red Hat Czech s.r.o. Opinions are my own.

Joined on Dec, 2022. 1003 posts. Followed by 47. Following 53.

Recent posts

Oleksandr Natalenko . @oleksandr,

So, there's Opočno town in Czech Republic, and there's Opišňa town in Ukraine. Both names are derived from the same term: opuka/opoka aka a sedimentary rock or an easily worked building stone. The towns are ~1500 km apart.

Open thread
Oleksandr Natalenko . @oleksandr,

Relatively old Androids got a bug in their DNS-over-TLS (aka "Private DNS") stack that prevents trusting Let's Encrypt certificates after an old root expiration. If caddy is used to obtain certificates for your DoT server, the following trick is needed:

tls {
    issuer acme {
        preferred_chains {
            root_common_name "ISRG Root X1"

This makes me sad, actually. First, the cross-signing was meant to be a compatibility trick that broke some older devices instead. Second, older devices are slowly becoming a material for landfill with no updates.

Yes, I use my own DoT server for adblocking.

Open thread
Oleksandr Natalenko . @oleksandr,

Trying to replace nginx+certbot+hooks with caddy and systemd.path to allow using retrieved TLS certs by non-HTTP daemons. There's a .json file in a cert folder that is written after both .crt and .key (non-guaranteed behaviour, btw), hence this can be used as a trigger for a script that gathers cert files, places them somewhere else and restarts/reloads respective services. I wonder how well it will work.

Open thread
Oleksandr Natalenko . @oleksandr,

Just for your information, wikimapia.org is a muscovian resource. It is known for accommodating a very detailed info about industrial objects, and I can only guess why Kyiv, Ukrainian capital, was mapped on this site in great details. Don't use wikimapia.org. At least, don't contribute to it. Especially if your country borders Muscovy.

Open thread
Oleksandr Natalenko . @oleksandr,

Trying limine instead of GRUB. I wish VPS providers supported UEFI, I'd just default to systemd-boot everywhere instead then. So far, limine looks and works nice, and the only thing that freaks me out is devs using Discord, and I hope I will not have to contact them.

Open thread
Oleksandr Natalenko . @oleksandr,

📨 Mail Client: KMail
📮 Mail Server: self-hosted (dovecot/postfix/rspamd…)
📝 Notes: Trello
✅ To-Do: Trello
📷 Photo Shooting: Fujifilm X-T2, phone
🎨 Photo Editing: GIMP
📆 Calendar: self-hosted Radicale
📁 Cloud File Storage: Backblaze for backups
📖 RSS: self-hosted FreshRSS + FeedMe
🙍🏻‍♂️ Contacts: self-hosted Radicale
🌐 Browser: Firefox
💬 Chat: Signal, Telegram, Matrix, IRC
🔖 Bookmarks: Firefox
📑 Read It Later: browser tabs
📜 Word Processing: LibreOffice Writer
📈 Spreadsheets: LibreOffice Calc
📊 Presentations: LibreOffice Impress
🛒 Shopping Lists: Trello
🍴 Meal Planning: N/A
💰 Budgeting and Personal Finance: spreadsheet + mobile banking app
📰 News: FeedMe (RSS)
🎵 Music: Navidrome, Clementine
🎤 Podcasts: N/A
🔐 Password Management: Bitwarden
🧑‍💻 Code Editor: Neovim
✈️ VPN: tinc, yggdrasil

Need to finally get rid of Trello, Telegram and Matrix.

Open thread