SSL configuration for this site was way behind the times so I decided to tune it up a notch. Results are not too shabby if I can say so myself 🙂

For the copy/paste inclined these are the magic incantations for the apache web server:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache-path(150000)"

Three months have past since I did an (rather abrupt) shift in the focus of my career. Specifically from net to sys. I’ve learned a lot since then and I encountered a very different set of challenges than in the last 15 years. Fun.

Unfortunately that also meant that I did not have too much time to cater for this page. I finally managed to put all the things in order in my mind and chill a bit. So from now on I will talk less about networking stuff and more about systems stuff.

To signal this I decided to reflect the change also in the name and subtitle of this site.

So, goodbye packets, say hello to processes.

Later edit:
After two and a half years I’m back to net. ‘Nuff said.

It’s a long time since I wanted to start a blog, but for some reason I never got around to do it. I finally convinced myself to allocate a little time for this.

You will find here mostly rants about computer networks and server technologies. I’m not too used to write in complete sentences (I’m more accustomed in the arcane languages of the CLI world) so I hope you will cut me some slack.

Let the rants begin.

Dumitru