the phantom remailer

The Phantom Remailer is a pseudonymous single-blind remailer that runs as a delivery agent on a mail server. It was designed for use with Sendmail and other mail transfer agents that support the Sendmail standard. This remailer implements fully SPF and DKIM compatible mail forwarding with a low Spamassassin score.

The remailer works as a transparent forwarder for incoming emails and an anonymizing remailer for outgoing emails. This means you get the full benefit of Multipart/MIME email messages as an incoming address and a stripped down text/plain experience for outgoing messages, even when your reply contains a Multipart message.



I started The Phantom Coder as a place for me to share pseudonymous insights but then I realized there may be other people like me who would like to share their knowledge or stories with similar anonymity.

I am inviting contributors to anonymously write for The Phantom Coder and scratch an itch to be an author. If you are interested, please read our Code of Conduct and if you agree, send a DM to @DerPhantomCoder.


haproxy certificate reloading

This post continues the discussion on dynamic SSL certificate reloading when a certificate is renewed. I already discussed keycloak, this post is about HAProxy.

I use HAProxy for an ingress controller in my Docker swarm, much how traefik is used as an ingress controller for Kubernetes. I have both a Docker swarm and a Kubernetes cluster, but I prefer to do development in Swarm, though there are some nice features of Kubernetes. My k8s environment is a cluster of k3os VM instances running Rancher and Longhorn. I also have cert manager configured, which seemed like a simple no-effort solution to managing SSL certificates.


The Perks of NOT Being An Employee

The value of my time as a consultant is not a sunk cost.

This was years ago, and the company in question no longer exists as an ongoing entity, but… my client’s top management, in its infinite wisdom, decided that they needed to have an “all hands on deck” meeting. Literally, everyone in the company, from the CEO down to the receptionist at the front desk, was expected to attend. This meeting started at 9 a.m. and lasted till 11 a.m. EVERY DAY. For SIX MONTHS. Not kidding.


Your UPS Needs A Service Contract. Seriously.

“Maintaining” the 50,000 kVA UPS system that keeps your 24/7/365 production floor running (and generating millions a day in revenue) by replacing the batteries as they fail is not a “best practice”.



Login name: notabro
In real life: Ghost In The Shell
On since 1978 on pts/0 from
0 seconds Idle Time
Unread mail since Thu Jan 1 00:22:52 1981

Old man from the mountain, yelling at clouds

             |                |
    .-._     |-.            ./
   /''  `.   |  `-._.--._.-' |  .-.
   |:.    `-./               |.`  .)
   \ `-._    `---..__..----._/   .'
    '-.._'-`-.-._    _..----.__.'
         `-.-..-.`--`   .-.  \
           'o/o`\  /     >)) /
           `-..-.( \    `-' |
   .----._.-`     .'     _).-.
  (           ) .`      _)/   `.
   `-._--._ -'.`    .-._).      \
        (_.-._)    / |  |        \
       (_          /_|   \        |
      (_           / |    `._/     \
     (_           _/ \      |      |
    (_           _)   |     /      |
    (_           _)    \    |      \
   (_            _)     `._ \      |
  (_           _)        |@ /_..--'
 (_           _)         |@  |   |
(_            _)         \   / ..\_
 (_           _)           .'_ '`. `-.
  (_        _)            (_/ ) \\\ \ \
    (_    _)                 (_/ /| /\_)
     (_.-_) LGB               (_/(_/

I once had a beard almost this long, and wore a 
black leather cowboy hat to work.

I'm here to talk about sysadmin, and grumble about
how you could once run an entire graphical
operating system in 512k of memory, including a
web browser, but today, it takes over a gig of
ram just to display a single web page. You want
the truth? You can't HANDLE the truth: it's a 
gorram fraking miracle that our society continues
to function as well as it does, considering how
little skill or effort it would take to "crash"
it (and no, I'm not going to go into the details 
of how that might be done). Log4j is a recent 
and highly visible demonstration of this. You
really don't want to know how the sausage is
made. Really.

keycloak certificate reloading

In my post on container lifetimes I discussed how I wanted to make keycloak perform dynamic SSL certificate reloading. The maximum lifetime of an SSL certificate is no longer dictated by the Certificate Authority, but rather a cabal of web browser developers who wield a big schwartz. I am using free certificates provided by Letsencrypt, you may think that is amateur or juvenile, but I think it’s extortion what CAs charge for a certificate.


on container lifetimes

My project uses containerization extensively and during development I’ve formed some opinions. I’ve learned that my views on process management are different than what seems to be the accepted standard.

The stack I’m working with consists of Keycloak for authentication, MySQL for database storage, Apache for HTTP, and Django to run the backend, with React on the frontend.

I’ve recently been working on orchestration, the “infrastructure as code” part of making my project run with templatable YAML files. I have a reasonably fast computer that I do primary development on, but even with that speed it takes a while to build containers and do other tasks.

The direction of containerization seems to be towards a tear it down and build a new one philosophy instead of trying to reuse existing container instances.



Some day I may be able to reveal who I am, but you will have to wait.

I created this Blog to talk about a stealth project I have been working on since the Pandemic started. I want a place I can anonymously share problems and solutions, design and architecture, ideas and opinions.

It is my hope this site offers help and can be a place for discourse on subjects like Linux, MySQL, Containerization, and industry practices.