This section contains notes on various services and systems I've explored or setup. These are frequently stream of conciousness notes and may have dead ends, multiple attempts, or be outdated. I periodically go through them and attempt to rewrite them to make them more consumable by others and myself.
I hope these can help guide people on their own attempts to understand the services that they host. Please always double check the facts and don't take a random netizen's personal assessment will match your use cases.
DANE is an extension to certificate validation allowing DNSSEC to protect SSL fingerprints, reducing the overall reliance on the public CA infrastructure. It does this by creating a new DNS record type 'TLSA' for storing the raw value or hash of either the complete certificate or the public key.
Syslog-NG is a fast, reliable, and secure syslog daemon that can do advanced processing and log centralization while maintaining a sane configuration file syntax. I've recently come to vastly prefer it over my previous long term favorite Rsyslog.
Kerberos is a secure network authentication system.
GRE encapsulates all layer 2 traffic, but does so through an unencrypted tunnel. Sensitive traffic should exclusively go through a lower level encrypted tunnel like IPSec.
Open source best in class 3D Art and modelling program.