Category: How-to

  • Automatic svn file addition/removal

    Automatic svn file addition/removal

    You have files under version control, which are updated through a different mechanism (software update, another VCS such as git, …) or are using svn to archive automatically generated files? Then you are likely to constantly manually determine the appropriate svn add and svn rm commands. This can be automated…

  • svn log message updating script

    svn log message updating script

    Here is a simple script to allow updating your Subversion commit messages and have the repository admins receive a nice email message with the change.

  • VirtualBox DHCP nameserver for NAT network

    VirtualBox DHCP nameserver for NAT network

    VirtualBox is a great environment for testing networking tools such as opDNS. However, I did not get the VirtualBox DHCP server for NAT network to provide nameserver information, even though the client asks for it. Here’s a simple solution to this problem.

  • Compact Archives Widget for WordPress

    Compact Archives Widget for WordPress

    The standard Archives Widget looks like the image right here. It works well when only a few months are to be displayed. However, it fails if your blog’s history goes back a long way. Here is a  quick way to get down from 12 lines per year to 1, increasing usability and page size.

  • Adding your FRiTZ!Box as a “secure” DNS resolver for the fritz.box pseudo-domain

    Adding your FRiTZ!Box as a “secure” DNS resolver for the fritz.box pseudo-domain

    Your FRiTZ!Box maintains a useful list of names of machines in your local network in its pseudo-domain fritz.box, based on DHCP requests and web interface. This information is useful, but adding the pseudo-domain “fritz.box” to your own DNS hierarchy is no longer straightforward in the days of DNSSEC. Here is how to include it into…

  • Disable client certificate requests for Cyrus IMAP

    Disable client certificate requests for Cyrus IMAP

    Cyrus IMAPd always asks for a client certificate. This can be unnerving for users running Thunderbird as their mail client which have a user certificate installed and are thus always asked whether they want to send it. (There is no way to tell Thunderbird not to send a client certificate, you can only select which…

  • Using TLS Interposer with OpenSSL 0.9.8g (Debian Lenny)

    Using TLS Interposer with OpenSSL 0.9.8g (Debian Lenny)

    Older installations, such as trusty Debian Lenny, come with versions of OpenSSL 0.9.8. The default cipher suite used by TLS Interposer is very restrictive, on purpose. For OpenSSL 0.9.8g, the only remaining cipher is RC4-SHA. Especially when configuring XMPP servers such as ejabberd to use TLS Interposer, RC4-SHA alone can be not enough (e.g., when…

  • Securing fetchmail with improved TLS parameters

    Securing fetchmail with improved TLS parameters

    fetchmail is the workhorse for downloading mail from legacy addresses. This does not mean that you want to be limited to legacy security for your passwords or mail contents. TLS Interposer helps upgrade security.

  • Upgrade ejabberd to the latest TLS security [UPDATE#2, 2014-06-05]

    Upgrade ejabberd to the latest TLS security [UPDATE#2, 2014-06-05]

    ejabberd is a very fine XMPP server. However, it has very few options to configure its SSL and TLS security settings away from the very weak OpenSSL defaults. The TLS Interposer makes securing TLS used by ejabberd a breeze.

  • Upgrading Apache 2.2 OpenSSL security with TLS Interposer

    Upgrading Apache 2.2 OpenSSL security with TLS Interposer

    Undoubtedly, you will have heard about the weaknesses of old SSL and TLS protocol versions and ciphers. Web browsers have been updated; but the server administrators are left alone: For stability reasons, many run long-term support editions such as Ubuntu 12.04 LTS. Even without that, most will stick to the reliability of Apache 2.2, hesitant…