Modern ejabberd configuration
ejabberd is one of the most widely used XMPP servers. It is easy to get it running for text-based messaging with a few configuration changes. However, to obtain a smoothly running modern feature set is harder. The configuration documentation is detailed, but even for a seasoned systems administrator or XMPP guru, a lot of questions […]
DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND
DNSSEC â€” the security extensions to the trusty Domain Name System (DNS) upon which almost all Internet transactions rely â€” is often considered hard to set up. My own setup has been very dated, using complicated scripts which needed to run after every change to the zone file. There was time to change this. Modern […]
When dealing with multiple network connections or timeouts, the select() Unix system call is still the workhorse for many applications. Its well-known and frequently used interface beats the learning curve on the more scalable poll(), epoll(), or /dev/poll interfaces, especially if only a few file descriptors have to be monitored. select()‘s younger sibling, pselect(), adds […]
svn log message updating script
Here is a simple script to allow updating your Subversion commit messages and have the repository admins receive a nice email message with the change.
VirtualBox DHCP nameserver for NAT network
VirtualBox is a great environment for testing networking tools such as opDNS. However, I did not get the VirtualBox DHCP server for NAT network to provide nameserver information, even though the client asks for it. Here’s a simple solution to this problem.
Adding your FRiTZ!Box as a “secure” DNS resolver for the fritz.box pseudo-domain
Your FRiTZ!Box maintains a useful list of names of machines in your local network in its pseudo-domain fritz.box, based on DHCP requests and web interface. This information is useful, but adding the pseudo-domain “fritz.box” to your own DNS hierarchy is no longer straightforward in the days of DNSSEC. Here is how to include it into […]
Securing fetchmail with improved TLS parameters
fetchmail is the workhorse for downloading mail from legacy addresses. This does not mean that you want to be limited to legacy security for your passwords or mail contents. TLS Interposer helps upgrade security.
Upgrade ejabberd to the latest TLS security [UPDATE#2, 2014-06-05]
ejabberd is a very fine XMPP server. However, it has very few options to configure its SSL and TLS security settings away from the very weak OpenSSL defaults. The TLS Interposer makes securing TLS used by ejabberd a breeze.
Upgrading Apache 2.2 OpenSSL security with TLS Interposer
Undoubtedly, you will have heard about the weaknesses of old SSL and TLS protocol versions and ciphers. Web browsers have been updated; but the server administrators are left alone: For stability reasons, many run long-term support editions such as Ubuntu 12.04 LTS. Even without that, most will stick to the reliability of Apache 2.2, hesitant […]