Kategorien
How-to Open Source

Generating Multi-Architecture Docker Images Made Easy

Docker is cool and portable, but distributing Dockerfiles comes at a disadvantage: The demands on the build environment are high. Distributing Docker images solves this, but building them for an architecture other than your CPU architecture seems complicated. Here is a simple solution.

Kategorien
How-to Open Source

Modern ejabberd configuration

ejabberd is one of the most widely used XMPP servers. It is easy to get it running for text-based messaging with a few configuration changes. However, to obtain a smoothly running modern feature set is harder. The configuration documentation is detailed, but even for a seasoned systems administrator or XMPP guru, a lot of questions […]

Kategorien
How-to

DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND

DNSSEC — the security extensions to the trusty Domain Name System (DNS) upon which almost all Internet transactions rely — is often considered hard to set up. My own setup has been very dated, using complicated scripts which needed to run after every change to the zone file. There was time to change this. Modern […]

Kategorien
Anleitung How-to Open Source

pselect() Pitfalls

When dealing with multiple network connections or timeouts, the select() Unix system call is still the workhorse for many applications. Its well-known and frequently used interface beats the learning curve on the more scalable poll(), epoll(), or /dev/poll interfaces, especially if only a few file descriptors have to be monitored. select()’s younger sibling, pselect(), adds […]

Kategorien
How-to Open Source

svn log message updating script

Here is a simple script to allow updating your Subversion commit messages and have the repository admins receive a nice email message with the change.

Kategorien
How-to Open Source

VirtualBox DHCP nameserver for NAT network

VirtualBox is a great environment for testing networking tools such as opDNS. However, I did not get the VirtualBox DHCP server for NAT network to provide nameserver information, even though the client asks for it. Here’s a simple solution to this problem.

Kategorien
How-to

Adding your FRiTZ!Box as a „secure“ DNS resolver for the fritz.box pseudo-domain

Your FRiTZ!Box maintains a useful list of names of machines in your local network in its pseudo-domain fritz.box, based on DHCP requests and web interface. This information is useful, but adding the pseudo-domain „fritz.box“ to your own DNS hierarchy is no longer straightforward in the days of DNSSEC. Here is how to include it into […]

Kategorien
How-to Open Source

Securing fetchmail with improved TLS parameters

fetchmail is the workhorse for downloading mail from legacy addresses. This does not mean that you want to be limited to legacy security for your passwords or mail contents. TLS Interposer helps upgrade security.

Kategorien
How-to Open Source

Upgrade ejabberd to the latest TLS security [UPDATE#2, 2014-06-05]

ejabberd is a very fine XMPP server. However, it has very few options to configure its SSL and TLS security settings away from the very weak OpenSSL defaults. The TLS Interposer makes securing TLS used by ejabberd a breeze.

Kategorien
How-to Open Source

Upgrading Apache 2.2 OpenSSL security with TLS Interposer

Undoubtedly, you will have heard about the weaknesses of old SSL and TLS protocol versions and ciphers. Web browsers have been updated; but the server administrators are left alone: For stability reasons, many run long-term support editions such as Ubuntu 12.04 LTS. Even without that, most will stick to the reliability of Apache 2.2, hesitant […]