Comment by wruza
1 month ago
As a non-email guy, I can tell you that if a system that boils down to having an (optionally certified?) key requires much more than just putting it into a folder with a domain name and running a service, it’s badly designed and has unnecessary complexity. Which will result into abusers having more expertise than legitimate users. The fact that you can “get” DMARC SPF DKIM wrong, while it’s basically a hard requirement for operation, is just screaming something important to the email software.
As a generalist admin, would you say the same about DBA operations or would you say that's just not my specialty?
The reasoning you provide doesn't differentiate, and speaks more of frustration which naturally comes with any area you aren't steeped in, or knowledgeable about.
Frustration doesn't come naturally. It comes with shitty software design.
"I don't know" is not a problem, you learn and you know, no frustration.
The problem is "I spent N hours/days on a thing that everyone does and which is a 99.99% of use cases and boils down to just having a keyfile in a proper(?) location and this knowledge doesn't translate effing nowhere".
would you say the same about DBA operations or would you say that's just not my specialty
It depends on the absurdity of the complexity of setting something up, not on operations themselves. Getting some results is absurdly complex -- not naturally complex and not necessarily very complex, just much more complex than the nature of the result itself.
For example, that's how you were supposed to install openvpn before angristan scripts: https://www.digitalocean.com/community/tutorials/how-to-set-... . To save someone a click, it's 50 pages "installation tutorial" with around 50 commands and a dozen of config files. And guess what, it uses "easyrsa" package to "set up RSA PKI easily". So it's not how openvpn meant to be installed, but an "easy" way.
You are mistaken. Your reasoning is flawed because the heuristics you use are flawed, and the consequences of the heuristics are the reason you are frustrated.
There are critical tools that you clearly have not learned, and likely were never taught. Tools that have been around since the time of the Greeks.
This is evident in your use of poorly defined language running you indirectly in a circular path (trauma/torture loop).
There is irreducible complexity in software. Domain knowledge is needed to use complex software for purpose.
The script you say makes assumptive choices for you. What will you do now that RSA has practically become broken at small key sizes, and instead you need to use a different algorithm?
Do you know how to transition this without starting from scratch, or have you become corrupted by dependency, on someone who provided that for you that did have that knowledge? Are you helpless to do anything but wait.
If you want to correct the underlying reason for your troubles, I'd suggest going over the associated material covered in a Trivium based curricula.
It will require unlearning bad heuristics and re-learning good heuristics. It requires a lot of effort and constant attention until you've got your thought processes fixed and these provide the basics for rational thought.
You should have been taught these things in school.
Logic (Aristotle), Philosophy (metaphysical objectivity, identity and its requirements), Argumentation, Descartes Method, and Kant with regards to A priori knowledge, reasoning, and argumentation.
Small things with an outsized bigger impact.
If you can't understand what is written in the whitepapers, you have no hope of following the conformant requirements.
Software reduces to practice the requirements of business logic, which is described in those whitepapers.
Sometimes its irreducible, and you have to approximate, and they won't hand this ready-made to people that aren't willing to put the time cost and professional skill needed to do so correctly.
You have to offer tribute, in the form of expertise, and time to benefit from these systems. As you have to do for any other specialized career.
6 replies →