Category: How-to

  • Eliminate BEAST, CRIME, Lucky13, RC4, SSLv3 weaknesses from binary/legacy applications

    Security is hard. Security that works with a variety of platforms under a flurry of circumstances with an endless choice of applications is practically impossible. SSL and TLS, the Internet security workhorses, try to achieve this feat … and fail from time to time. While some software has been updated, not all of it has.…

  • Keep Time Machine backups from slowing down your server

    Time Machine backups to a Linux machine running Netatalk is a very convenient way of safeguarding your data. However, the I/O load on the server machine can sometimes become very high. Here is a quick hack to improve this, if you need AppleTalk AFP services mostly for TimeMachine.

  • School vacation calendar for Stein am Rhein

    The two schools in Stein am Rhein, primary school Schanz and secondary school Hopfengarten, both publish their vacation calendars online. However, these calendars are written as formatted text and published as PDF. This post describes how you can import their calendars into your electronic calendar, such as Outlook or iCal. [This article is also available…

  • TimeMachine corruption: Use btrfs 🙂

    I do run TimeMachine backups from my MacBook to my Linux server, which is very convenient. However, I sometimes close the MacBook while the backup is going on and walk away. I believe this is the cause for the TimeMachine corruptions that I have once in a while. Even though I tried fixing these TimeMachine…

  • Simple versioned TimeMachine-like backup using rsync

    Over many years, I have dealt with scripts that do backup versioning, i.e., maintain multiple backups. Due to their flexibility, they have been complex to understand and configure. Here is a simple rsync-based tool with a different focus: The experienced systems administrator who wants to keep his system’s complexity down.

  • Using passwordless PostgreSQL login with ownCloud

    I like PostgreSQL and ownCloud, but I do not like passwords, especially if they have to stored in plain text in a widely readable configuration file. So, I wanted to use PostgreSQL peer authentication with ownCloud as well.

  • Ubuntu Apache update broke “Listen” command

    [Updated 2013-07-28: Corrected “https” to “http” in Listen] After a recent Apache update, Apache 2.2.22 (on Ubuntu 12.04 LTS “precise”) the following message appeared in the Apache error log: [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

  • Dealing with Apple .mobileconfig Configuration Profiles Quirks

    During the preparation of the iOS/OS X SOGo autoconfiguration tool, I noticed a few quirks. In order to make it easier for others to use these profiles, I am documenting what is missing in the official documentation or does not work according to specs (i.e., which is broken), in the hope that .mobileconfig files will…

  • Automatic SOGo configuration for iOS (iPhone/iPad) and MacOSX (and more)

    Automatic SOGo configuration for iOS (iPhone/iPad) and MacOSX (and more)

    Apple provides a lot of autoconfiguration for their groupware (Mail, Address Book/Contacts, iCal Calendar) on their Desktop OS X systems and their mobile devices. However, some of this autoconfiguration was there before there were agreed-upon standards, which especially plagues Contacts and Calendar when working with the excellent SOGo groupware. Especially the AddressBook on OS X…

  • How to create DNSsec DANE TLSA entries

    How to create DNSsec DANE TLSA entries

    Rationale One of the most promising features for DNSsec is the ability to tell a client which certificate to expect when connecting via Transport Layer Security (TLS). RFC 6698 specifies how TLS Authentication information can be put into DNSsec. So when you ask for the IP address of the server, you can simultaneously obtain the information which…