Recent comments on posts in the blog:

Thanks for the great guide
One addendum though. In my case at least grub threw an error regarding null devices or something (I don't recall exactly what it was). If that happens you need to blockdev --flushbufs [device] for your involved devices. After that everything worked perfectly.
Comment by Rincewind
traduction en fr

Bonjour,

Je suis très interressé par cet article mais ne comprend pas bien l'anglais. existe t'il une traduction fr quelque part.

Merci.

Comment by Anonymous
worked fine in ubuntu server 16.04 64bit, not in 32bit

I have tried this patch in both versions of Ubuntu server 16.04 (32 and 64 bit) in a Virtual Box vm. I found that the 64 bit editions it's fine, but the 32 bit edition does not boot up. It stops with the message "cryptsetup: lvm is not available" Perhaps there is a way to solve this, but is far from my knowledge. Thanks for the patch.

Kind regards

Comment by julio
Transitional packages

I found that on my system all cases when your rm-and-reinstall procedure failed to clear the file off the obsolete list was exactly because of what you suspected—some other package than the one given by dpkg -S had installed the file in the first place. So for the record, dpkg -W can tell you which package to look for:

dpkg-query -W '-f=${Package}\n${Conffiles}\n' | awk '/^[^ ]/{pkg=$1}/ obsolete$/{print pkg,$0}'
Comment by klg
Let's make it obsolete files

Often I forget to clean up things like /etc/ssh/ssh_host_ecdsa_key (or dsa) or similar pieces that should be. Maybe you can include those (and other) as well.

Thanks for your insightful post.

Comment by Anonymous
Healthchecks

Recently I've discovered healthchecks.io, which is a free (and also FOSS) service that can check whether your mail server can deliver email.

The way it works: you configure a cron script on your server to send email to <uuid>@healtchecks.io, and if that email doesn't arrive for a set period (say, 24 hours, if you want one daily check), healtchecks.io will drop you a notification.

Comment by Marius Gedminas
Why encrypt DNS?

Why encrypt DNS when your browser still leaks the domain name via SNI extension, even though it runs over https? https://wikipedia.org/wiki/Server_Name_Indication

Comment by Jonathan