Security

A colleague looked at my pf.conf last month and said, “That’s it? I thought it’d be longer.”

I took it as a compliment. She didn’t.

She was expecting something impressive. Hundreds of lines of rules, maybe some complex queueing disciplines, an IDS integration, traffic graphs rendered in real time. What she got was about sixty lines of pf rules, two third-party packages, and a box that’s been quietly routing packets for months without anyone noticing it exists.

Last July, my firewall rebooted itself at 2pm on a Tuesday. No warning, no panic log, just a clean reboot. I was in a call, so I didn’t even notice until my VPN dropped and I found myself staring at a spinning reconnect icon.

Turned out the CPU had hit 92 degrees. In a fanless box. In a house in Larnaca. In July. The ACPI firmware did exactly what it should do and yanked the power. But 92 degrees means the silicon had been cooking for a while before the hardware killed it, and I hadn’t set up a single layer of monitoring to catch it on the way up.

Right. So last Tuesday, a contractor on one of our projects — smart bloke, solid engineer — sends me a Slack message asking if I can “PGP encrypt” a document before sending it over. For security, obviously.

I sat there for a bit. Stared at the cursor. Made another coffee.

Then I typed: “I’ll send it on Signal. What’s your number?”

He was confused, and honestly, I get it. PGP feels like the serious, proper option. It’s been around forever. It’s got “cryptography” written all over it — key rings and fingerprints and ASCII-armoured blocks that look impressively incomprehensible. If you learned about encryption at any point in the last thirty years, someone probably told you PGP was the gold standard.