This is an example of a socket-activated per-connection service (which is usually referred to as inetd-like service). A thorough explanation can be found at 0pointer.de. Define a socket unit The key point here is to specify Accept=yes, which will make the socket accept connections (behaving like inetd) and pass ...
This is similar to my previous article Encrypting Filesystem in Void Linux but for Alpine Linux The point of this recipe is to create a encrypted file sytem so that when the disc is disposed, it does not need to be securely erased. This is particularly important for SSD devices ...
In void Linux, the default is without logging. Most cases it is OK for desktop use. If you want to enable syslog service in void, you need to install: socklog-void Also to let your user have access to the logs, use: ...
Some hints and tips foor doing SSL related things: Netcat for SSL This command lets you connect to a SSL server (a-la netcat): cat request.txt | openssl s_client -connect server:443 Creating self-signed certificates This is a single command to generate a self-signed certificate: ...
My ISP provider is KPN. They recently enabled IPv6 in my street. I was using before a IPv6 Tunnel Broker, starting with SixXS and after they went out, with Hurricane Electric. So naturally, I decided to switch to KPN's native IPv6 service. They provide a /64 prefix, which is reasonable. Would be better ...
Alpine Linux Quick installation See wiki For Alpine Linux > 3.8 Un-comment community repo from /etc/apk/repositories apk add docker rc-update add docker boot ...
Keep your data and accounts safe by using a secure open source password manager to store unique, complex passwords. Maintaining complex, unique passwords for each site and service you use is among the most common pieces of advice that security professionals provide to the public every year. Yet no matter how many times it is said, it seems like a week doesn't ...
If you often mount and access a remote NFS share on your system, you will probably want to know how to improve NFS file access performance. One possibility is using file caching. In Linux, there is a caching filesystem called FS-Cache which enables file caching for network file systems such as NFS. FS-Cache is built into the Linux kernel 2.6.30 and higher. ...
So I finally tried my hand at 3D printing. Obviously I did not buy at 3D printer. These are either quite expensive or you need to assemble them yourself, which I don't think is in my capacity level. To get started, you first need a 3D model to print. There are several 3D models available in Thingieverse, however I actually wanted to make my own model. After all, that is the whole point of 3D printing. Custom made parts/objects that can be printed as needed. To create a 3D model you need some 3D modelling software. For my very first model I opted for TinkerCAD. This is software that runs on the cloud that lets you create your own 3D models. This is particularly interesting because you don't need to install anything on your computer and it would essentially run on anything where a web browser runs. For a web based application, it is quite responsive and feature-full. You can use (like me) a facebook account to sign-in. Models can then be downloaded as an ".stl" file (the format used by 3D printers) or send directly to 3D printing service such as 3D Hubs. 3D Hubs, is an online 3D Printing service which facilitates transactions betwen 3D Printer owners (Hubs) and people who want to make 3D prints. Printer owners can join the platform to offer 3D printing services while customers can locate printer owners to get their 3D models printed nearby. ...
Windows system administration is very mouse driven and to reach all tools you need to browse through Windows explorer. If you are like me and prefer to log on a limited privilege account and use Runas to perform admin tasks, you can open these consoles with the .msc file names. Here is a list of admin tools with their .msc file names. domain.msc: AD Domains and Trusts ...
This article goes over how to implement Single-Sign-On on Linux. It goes over the integration around the Kerberos service and the applications, like for example FireFox. Pre-requisites ...
This is a service that let's you get SSL certificates for HTTPS. These certificates are trusted by major browsers. See Let's Encrypt This is a barebones howto to get SSL certificates: git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt This contains the client software for let's encrypt. ./letsencrypt-auto certonly --manual This will start by updating and getting any needed dependencies and then jump to a wizard like configuration to get this done. Follow the prompts and pay special attention on the prompt used to validate your domain. (You need to create a couple of folders and a file with the right content). Afterwards your certificates will be in: ...
In Linux, there is a caching filesystem called FS-Cache which enables file caching for network file systems such as NFS. FS-Cache is built into the Linux kernel 2.6.30 and higher. In order for FS-Cache to operate, it needs cache back-end which provides actual storage for caching. One such cache back-end is cachefiles. Therefore, once you set up cachefiles, it will automatically enable file caching for NFS shares. ...
So I have signed up 0ink.net to use the CloudFlare service. CloudFlare is a reverse proxy service that is supposed to speed up and improve web server security. This is done by: globally distributed reverse proxy cache network ...
This article is about integrating OpenSSH in a kerberos environment. Allthough OpenSSH can provide passwordless logins (through Public/Private keys), it is not a true SSO set-up. This article makes use of Kerberos TGT service to implement a true SSO configuration for OpenSSH. Pre-requisites First off, you'll need to make sure that the OpenSSH server's Kerberos configuration (in /etc/krb5.conf) is correct and works, and that the server's keytab (typically /etc/krb5.keytab) contains an entry for host/fqdn@REALM (case-sensitive). I won't go into details on how this is done again; instead, I'll refer you to any one of the recent Kerberos-related articles (like this one, this one, or even this one). Just be sure that you can issue a kinit -k host/fqdn@REALM and get back a Kerberos ticket without having specify a password. (This tells you that the keytab is working as expected.) ...
So one weekend went by and managed to finish up my 0ink.net web site. So now I have: wordpress For main content. tt-rss This is my answer to Google's shutdown of the Reader service. ...
Kerberos is a network authentication protocol which works on the basis of "tickets" to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. (Source Kerberos_(protocol) ) Backups Create backup: ...
So finally took the time to re-launch the 0ink web site. This time used more off-the shelf software. So this site is just a another plain wordpress powered site. Actually I have to thank my son for introducing me to wordpress. What happened is that my son, who is only seven wanted to have his own web site. (Due to peer pressure, kids these days...) He has an Android tablet that he uses quite often. Since I knew that wordpress can be used to make decent looking web sites and there even was an Android app. Also knew that free **wordpress* hosting sites can easily be found... Make a story short, I set him up with a http://wordpress.com/ account and he was live on the 'Net in a matter of minutes. His website can be found here. This first foray got me intrigued, so I tested it on another free hosting site (here) and found it quite powerful so decided to use it for 0ink.net which seriously needed to move to a new host. The old hosting service 110mb had been taken over by a new management team and the new free hosting service was not as appealing as before. Add in a little bit of bit-rot and that site quickly became an ugly mess. So now we are back again, and hopefully will be more maintainable. ...