-
Adding your FRiTZ!Box as a “secure” DNS resolver for the fritz.box pseudo-domain
Your FRiTZ!Box maintains a useful list of names of machines in your local network in its pseudo-domain fritz.box, based on DHCP requests and web interface. This information is useful, but adding the pseudo-domain “fritz.box” to your own DNS hierarchy is no longer straightforward in the days of DNSSEC. Here is how to include it into…
-
Securing fetchmail with improved TLS parameters
fetchmail is the workhorse for downloading mail from legacy addresses. This does not mean that you want to be limited to legacy security for your passwords or mail contents. TLS Interposer helps upgrade security.
-
Upgrade ejabberd to the latest TLS security [UPDATE#2, 2014-06-05]
![Upgrade ejabberd to the latest TLS security [UPDATE#2, 2014-06-05]](https://netfuture.ch/wp-content/uploads/2013/11/XMPP-Grade-A.png)
ejabberd is a very fine XMPP server. However, it has very few options to configure its SSL and TLS security settings away from the very weak OpenSSL defaults. The TLS Interposer makes securing TLS used by ejabberd a breeze.
-
Upgrading Apache 2.2 OpenSSL security with TLS Interposer
Undoubtedly, you will have heard about the weaknesses of old SSL and TLS protocol versions and ciphers. Web browsers have been updated; but the server administrators are left alone: For stability reasons, many run long-term support editions such as Ubuntu 12.04 LTS. Even without that, most will stick to the reliability of Apache 2.2, hesitant…
-
Eliminate BEAST, CRIME, Lucky13, RC4, SSLv3 weaknesses from binary/legacy applications
Security is hard. Security that works with a variety of platforms under a flurry of circumstances with an endless choice of applications is practically impossible. SSL and TLS, the Internet security workhorses, try to achieve this feat … and fail from time to time. While some software has been updated, not all of it has.…
-
Keep Time Machine backups from slowing down your server
Time Machine backups to a Linux machine running Netatalk is a very convenient way of safeguarding your data. However, the I/O load on the server machine can sometimes become very high. Here is a quick hack to improve this, if you need AppleTalk AFP services mostly for TimeMachine.
-
TimeMachine corruption: Use btrfs 🙂
I do run TimeMachine backups from my MacBook to my Linux server, which is very convenient. However, I sometimes close the MacBook while the backup is going on and walk away. I believe this is the cause for the TimeMachine corruptions that I have once in a while. Even though I tried fixing these TimeMachine…
-
Simple versioned TimeMachine-like backup using rsync
Over many years, I have dealt with scripts that do backup versioning, i.e., maintain multiple backups. Due to their flexibility, they have been complex to understand and configure. Here is a simple rsync-based tool with a different focus: The experienced systems administrator who wants to keep his system’s complexity down.
-
Using passwordless PostgreSQL login with ownCloud
I like PostgreSQL and ownCloud, but I do not like passwords, especially if they have to stored in plain text in a widely readable configuration file. So, I wanted to use PostgreSQL peer authentication with ownCloud as well.
-
Ubuntu Apache update broke “Listen” command
[Updated 2013-07-28: Corrected “https” to “http” in Listen] After a recent Apache update, Apache 2.2.22 (on Ubuntu 12.04 LTS “precise”) the following message appeared in the Apache error log: [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)