Netfuture: The future is networked

Tag: Linux

  • Generating Multi-Architecture Docker Images Made Easy

    Generating Multi-Architecture Docker Images Made Easy

    Docker is cool and portable, but distributing Dockerfiles comes at a disadvantage: The demands on the build environment are high. Distributing Docker images solves this, but building them for an architecture other than your CPU architecture seems complicated. Here is a simple solution.

  • Modern ejabberd configuration

    Modern ejabberd configuration

    ejabberd is one of the most widely used XMPP servers. It is easy to get it running for text-based messaging with a few configuration changes. However, to obtain a smoothly running modern feature set is harder. The configuration documentation is detailed, but even for a seasoned systems administrator or XMPP guru, a lot of questions…

  • DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND

    DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND

    DNSSEC — the security extensions to the trusty Domain Name System (DNS) upon which almost all Internet transactions rely — is often considered hard to set up. My own setup has been very dated, using complicated scripts which needed to run after every change to the zone file. There was time to change this. Modern…

  • pselect() Pitfalls

    pselect() Pitfalls

    When dealing with multiple network connections or timeouts, the select() Unix system call is still the workhorse for many applications. Its well-known and frequently used interface beats the learning curve on the more scalable poll(), epoll(), or /dev/poll interfaces, especially if only a few file descriptors have to be monitored. select()‘s younger sibling, pselect(), adds…

  • svn log message updating script

    svn log message updating script

    Here is a simple script to allow updating your Subversion commit messages and have the repository admins receive a nice email message with the change.

  • VirtualBox DHCP nameserver for NAT network

    VirtualBox DHCP nameserver for NAT network

    VirtualBox is a great environment for testing networking tools such as opDNS. However, I did not get the VirtualBox DHCP server for NAT network to provide nameserver information, even though the client asks for it. Here’s a simple solution to this problem.

  • Adding your FRiTZ!Box as a “secure” DNS resolver for the fritz.box pseudo-domain

    Adding your FRiTZ!Box as a “secure” DNS resolver for the fritz.box pseudo-domain

    Your FRiTZ!Box maintains a useful list of names of machines in your local network in its pseudo-domain fritz.box, based on DHCP requests and web interface. This information is useful, but adding the pseudo-domain “fritz.box” to your own DNS hierarchy is no longer straightforward in the days of DNSSEC. Here is how to include it into…

  • Securing fetchmail with improved TLS parameters

    Securing fetchmail with improved TLS parameters

    fetchmail is the workhorse for downloading mail from legacy addresses. This does not mean that you want to be limited to legacy security for your passwords or mail contents. TLS Interposer helps upgrade security.

  • Upgrade ejabberd to the latest TLS security [UPDATE#2, 2014-06-05]

    Upgrade ejabberd to the latest TLS security [UPDATE#2, 2014-06-05]

    ejabberd is a very fine XMPP server. However, it has very few options to configure its SSL and TLS security settings away from the very weak OpenSSL defaults. The TLS Interposer makes securing TLS used by ejabberd a breeze.

  • Upgrading Apache 2.2 OpenSSL security with TLS Interposer

    Upgrading Apache 2.2 OpenSSL security with TLS Interposer

    Undoubtedly, you will have heard about the weaknesses of old SSL and TLS protocol versions and ciphers. Web browsers have been updated; but the server administrators are left alone: For stability reasons, many run long-term support editions such as Ubuntu 12.04 LTS. Even without that, most will stick to the reliability of Apache 2.2, hesitant…