Falena

Security

There's a saying a good admin has to be something of a paranoid freak. So here is my little rant for telling you not to follow the man giving away sweets.

Password and user accounts

When you subscribe, you'll get passwords for whatever services you asked for. Those password are generated with security in mind and I won't replace them for anything like "letmein". You can try to memorize them but don't force yourself to, remember a good password is a password you don't ask your admin to change every week. The best solution to store passwords is an encrypted file but let's face it, I don't expect anyone to do that. Writing it down is an okay solution as long as your trust the people around you. Or you can store it on a thumbkey. It's your own security I'm talking about so choose whatever suits you the best. Just remember, you're responsible for whatever happens with your account.

Regarding that, don't give your password to anyone. You want a friend to help you? That's fine, ask me and I'll provide him with it's own login. This way I can tell exactly who did what, and you won't have to change your own password if you change your mind on this friend of yours.

Encrypted communications (SSL/TLS)

Most of the services are provided with encryption capabilities. Of course, you will have to buy your own certificate if you want anything signed with your own domain name. Our HTTP server is SNI-enabled, thus capable of serving multiple HTTPS certificates, but you have to accept the drawback of incompatibility with old HTTP clients, most notably any Internet Explorer on Windows XP or Android 2.x phones.

Anti-virus, emails and TLS upgrading

Some anti-virus like Avast have a very stupid way to filter emails, which conflict with TLS connection upgrading. Keep that in mind if you can't get encryption to work. A sure way to tell if you're affected is to force TLS upgrading and see what happens. The solution is either to turn off email filtering or to use the SSL-dedicated ports (respectively, IMAPS/993 or POP3S/995). Your choice.

Digital signatures, end-to-end encryption (OpenPGP)

I have an OpenPGP key (ID E5654709) and actively use it to digitally sign my emails and Jabber messages. I'm not going to waste my time on a paranoid rant like "If it's not signed, IT DID NOT COME FROM ME", but keep in mind this signature is the closest thing you'll ever get from an absolute proof I was the one who sent this message. Consider it like a token of good will.

• About
• Terms of service
• Technical specs
• Members
• Security
• Apply

Service and lack of design provided by Johann Queuniet since 2006, server hosted in France by Online