skarnet.org will be down until further notice - it may take up to 10 days (!)
-
skarnet.org will be down until further notice - it may take up to 10 days (!)
I wanted to reboot the server on a newly tailored kernel to avoid CopyFail shenanigans. The shutdown failed right before rebooting (because of a small oversight in s6-linux-init that is easy to fix and will not impact anyone else). Normally that wouldn't be a problem: log in to the web interface to the VPS administration, press the reboot button, done.
Except, Gandi added 2FA since I last logged in, and did not notify their users. And they decided that by default, the verification code would be sent to the registered primary e-mail address.
My registered primary e-mail address is hosted on skarnet.org. Because it was never a possibility that it would be needed for the bootstrap chain. Except that now it is, and I can't access it.
This is the dumbest catch-22 in the history of catch-22s. And the recovery procedure, when you have to prove your identity when writing to the support outside of a logged in account, can take up to 10 days. And tomorrow is a holiday. Fuck me, I guess.
I should have paid more attention, but the consequences of my not paying enough attention should definitely not be so vast, and I have choice words for several of the decisions that were made.
-
skarnet.org will be down until further notice - it may take up to 10 days (!)
I wanted to reboot the server on a newly tailored kernel to avoid CopyFail shenanigans. The shutdown failed right before rebooting (because of a small oversight in s6-linux-init that is easy to fix and will not impact anyone else). Normally that wouldn't be a problem: log in to the web interface to the VPS administration, press the reboot button, done.
Except, Gandi added 2FA since I last logged in, and did not notify their users. And they decided that by default, the verification code would be sent to the registered primary e-mail address.
My registered primary e-mail address is hosted on skarnet.org. Because it was never a possibility that it would be needed for the bootstrap chain. Except that now it is, and I can't access it.
This is the dumbest catch-22 in the history of catch-22s. And the recovery procedure, when you have to prove your identity when writing to the support outside of a logged in account, can take up to 10 days. And tomorrow is a holiday. Fuck me, I guess.
I should have paid more attention, but the consequences of my not paying enough attention should definitely not be so vast, and I have choice words for several of the decisions that were made.
@ska my first thought for stuff like this would be to quickly setup one of those mail services that allow custom domains for free
make the MX entries, get the recovery code, and remove the entries
that is assuming dns access isn't also tied to the email address -
@ska my first thought for stuff like this would be to quickly setup one of those mail services that allow custom domains for free
make the MX entries, get the recovery code, and remove the entries
that is assuming dns access isn't also tied to the email address@navi well, alyss is also the DNS server for skarnet.org, so.
-
@navi well, alyss is also the DNS server for skarnet.org, so.
@ska can't that be temporarily changed w/ the registrar?
i'm completely unaware of how hosting a dns server works -
@ska can't that be temporarily changed w/ the registrar?
i'm completely unaware of how hosting a dns server works@navi Gandi is the registrar, I'd need to access my account to change that
-
@navi Gandi is the registrar, I'd need to access my account to change that
@navi Really, the system is perfectly elegant and self-contained, and has one outside line to bootstrap from: my access to the web interface to control the VPS.
And they decided to move that access into the closed loop, without notifying me.
-
@navi Really, the system is perfectly elegant and self-contained, and has one outside line to bootstrap from: my access to the web interface to control the VPS.
And they decided to move that access into the closed loop, without notifying me.
@ska i would honestly be a bit worried about putting all my eggs in a single basket like that tbh -
@ska i would honestly be a bit worried about putting all my eggs in a single basket like that tbh
@navi What's the alternative? Paying for a second VPS hosted elsewhere? Having to manage another e-mail address?
One of the points of skarnet.org is maximum independence. And really, it has worked pretty well so far: I could always recover from mistakes.
Now my new recovery address will be my gmail one. Lovely. I could change and ask for some hosted address somewhere else, but that defeats the purpose of being self-reliant.
Really, it all comes down to "don't cut my lifeline without telling me you fucking clowns".
-
@navi What's the alternative? Paying for a second VPS hosted elsewhere? Having to manage another e-mail address?
One of the points of skarnet.org is maximum independence. And really, it has worked pretty well so far: I could always recover from mistakes.
Now my new recovery address will be my gmail one. Lovely. I could change and ask for some hosted address somewhere else, but that defeats the purpose of being self-reliant.
Really, it all comes down to "don't cut my lifeline without telling me you fucking clowns".
@ska@treehouse.systems @navi@social.vlhl.dev you could have added a second, lower-priority MX record, which points to some server that doesn't even have to be on all the time, but worst-case scenario you can fetch your mail through it
of course, not a solution for right now...
-
@ska@treehouse.systems @navi@social.vlhl.dev you could have added a second, lower-priority MX record, which points to some server that doesn't even have to be on all the time, but worst-case scenario you can fetch your mail through it
of course, not a solution for right now...
-
@ska@treehouse.systems @navi@social.vlhl.dev well, now you know! ^^
i think i had those thoughts when I changed my ovh mail address to the domain bought on OVH. my solution is having all my resources shared to another OVH account... and paying for the domain 5 years in advance XD
-
@navi What's the alternative? Paying for a second VPS hosted elsewhere? Having to manage another e-mail address?
One of the points of skarnet.org is maximum independence. And really, it has worked pretty well so far: I could always recover from mistakes.
Now my new recovery address will be my gmail one. Lovely. I could change and ask for some hosted address somewhere else, but that defeats the purpose of being self-reliant.
Really, it all comes down to "don't cut my lifeline without telling me you fucking clowns".
@ska honestly having the registrar somewhere else, and a backup mail account
my registrar is separate from my vps provider, and doesn't have my self hosted email as primary, solely because i was afraid of messing up smth and being locked out of their dns panel with a broken mail setup -
@ska honestly having the registrar somewhere else, and a backup mail account
my registrar is separate from my vps provider, and doesn't have my self hosted email as primary, solely because i was afraid of messing up smth and being locked out of their dns panel with a broken mail setup@navi Spreading your dependencies is clearly a more resilient setup and you're right to do so.
But the thing is, this incident also confirms me in my belief that it's a good thing for me to have control on as many things as possible, because as soon as I depend on one external entity, they fuck something up. So I want to be self-reliant even more.
And I guess my external line will now be gmail, for the sole reason that they're too big to fail. Which I don't like, but I'm going to use that property.
-
@ska honestly having the registrar somewhere else, and a backup mail account
my registrar is separate from my vps provider, and doesn't have my self hosted email as primary, solely because i was afraid of messing up smth and being locked out of their dns panel with a broken mail setup@navi @ska Also reminds me of why I don't put all my domains at the same registrar, way too many stories of accounts being locked/closed/β¦
But well I started with hosting almost everything at home, and then had to get a VPS for sending out emails and when I did that also put a secondary MX at home (and made DNS redundant around the same time). -
@navi Spreading your dependencies is clearly a more resilient setup and you're right to do so.
But the thing is, this incident also confirms me in my belief that it's a good thing for me to have control on as many things as possible, because as soon as I depend on one external entity, they fuck something up. So I want to be self-reliant even more.
And I guess my external line will now be gmail, for the sole reason that they're too big to fail. Which I don't like, but I'm going to use that property.
@ska oh yes, i want control of every bit i can get
what i can't get i try to distribute and setup redundancies -
@navi Spreading your dependencies is clearly a more resilient setup and you're right to do so.
But the thing is, this incident also confirms me in my belief that it's a good thing for me to have control on as many things as possible, because as soon as I depend on one external entity, they fuck something up. So I want to be self-reliant even more.
And I guess my external line will now be gmail, for the sole reason that they're too big to fail. Which I don't like, but I'm going to use that property.
@ska @navi Considering Gmail "too big to fail" is very... optimistic.
Google can and will destroy anything in their control, up to and including Google Search. Look at the Google Graveyard! Is Google really a company you should trust with anything? https://killedbygoogle.com/
I also use Gmail and I'm typing this from Android, but I live in fear of these becoming untenable overnight. I would spend a lot of time, money and effort to achieve stability elsewhere. Google may continue, but will Gmail?
-
@ska @navi Considering Gmail "too big to fail" is very... optimistic.
Google can and will destroy anything in their control, up to and including Google Search. Look at the Google Graveyard! Is Google really a company you should trust with anything? https://killedbygoogle.com/
I also use Gmail and I'm typing this from Android, but I live in fear of these becoming untenable overnight. I would spend a lot of time, money and effort to achieve stability elsewhere. Google may continue, but will Gmail?
@skyfaller @ska considering how much data they get by hosting gmail, yeah -- while both google is alive and email is used by people, gmail will last
it'll get shittier tho, but that doesn't matter much -
@skyfaller @ska considering how much data they get by hosting gmail, yeah -- while both google is alive and email is used by people, gmail will last
it'll get shittier tho, but that doesn't matter much@navi@social.vlhl.dev @ska@social.treehouse.systems @skyfaller@jawns.club people don't actually use gmail so it getting worse won't do much as long as it still sends and receives emails
if the ui becomes utter garbage people will use external clients like when they did the initial redesign like 15 years ago -
@ska @navi Considering Gmail "too big to fail" is very... optimistic.
Google can and will destroy anything in their control, up to and including Google Search. Look at the Google Graveyard! Is Google really a company you should trust with anything? https://killedbygoogle.com/
I also use Gmail and I'm typing this from Android, but I live in fear of these becoming untenable overnight. I would spend a lot of time, money and effort to achieve stability elsewhere. Google may continue, but will Gmail?
@skyfaller @navi For all intents and purposes of this conversation, "too big too fail" means that gmail will be adequate to receive recovery e-mails, and that if Google kills it, it won't be overnight, and I'll have ample warnings and time to modify my setup.
The lifetime and management of Google projects is something I'm well aware of, but isn't exactly relevant to my current predicament.
-
@navi@social.vlhl.dev @ska@social.treehouse.systems @skyfaller@jawns.club people don't actually use gmail so it getting worse won't do much as long as it still sends and receives emails
if the ui becomes utter garbage people will use external clients like when they did the initial redesign like 15 years ago@navi@social.vlhl.dev @ska@social.treehouse.systems @skyfaller@jawns.club people are still using outlook/hotmail after all
