Setting up a mail relay server with Postfix, DKIM, and a little Nebula trickery.

  configuration email howto servers sysadmin libreops

Given the proliferation of spam on just about every vaguely workable platform these days it seems sheer insanity to attempt to run your own mail server.  If it's out there, it's ripe for abuse in one way in another.  And yet, e-mail is still probably one of the best ways to get status reports from your machines every day (my SMTP bridge notwithstanding).  It is thus that the default configuration for mail servers these days defaults to "no way in hell will I relay a message for you," which is a net good for the the Internet as a whole …

Read more...

Organizing a data hoard with YaCy.

  configuration data exocortex leandra search yacy library

 It should come as little surprise to anyone out there that I have a bit of a problem with hoarding data.  Books, music, and of course files of all kinds that I download and read or use in a project for something.  Legal briefs, research papers (arXiv is the bane of my existence), stuff people ask me to review, the odd Humble Bundle... So much so that a scant few years ago I rebuilt Leandra to better handle the volume of data in my library.  However, it's taken me this long to both figure out and get around to making …

Read more...

Administering servers over Tor using Ansible.

  configuration howto sysadmin tor ansible

Difficulty rating: 8.  Highly specific use case, highly specific setup, assumes that you know what these tools are already.

Let's assume that you have a couple of servers that you can SSH into over Tor as hidden services.

Let's assume that your management workstation has SSH, the Tor Browser Bundle and Ansible installed.  Ansible does all over its work over an SSH connection, so there's no agent to install on any of your servers.

Let's assume that you only use SSH public key authentication to log into those servers.  Password authentication is disabled with the directive PasswordAuthentication no in the …

Read more...

Cleaning up Firefox... somewhat.

  configuration firefox howto linux maintenance web_browsers cleanup

Chances are you're running one of two major web browsers on the desktop to read my website - Firefox or Google's Chrome.

Chrome isn't bad; I have to use it at work (it's the only browser we're allowed to have, enforced centrally).  In point of fact, I'd have switched to it a long time ago if it wasn't for one thing.  I make heavy use of a plugin for Firefox called Scrapbook Plus, which make it possible to take a full snapshot of a web page and store it locally so that it can be read offline, annotated, and full-text searched …

Read more...

OpenVPN, easy configuration, and that damned ta.key file.

  client configuration howto openvpn vpn

Now that ISPs not selling information about what you do and what you browse on the Net is pretty much gone, a lot of people are looking into using VPNs - virtual private networks - to add a layer of protection to their everyday activities.  Most of the time there are two big use cases for VPNs: Needing to use them for work, and using them to gain access to Netflix content that isn't licensed where you live.  Now they may as well be a part of everyday carry.

So: Brass tacks.  Here's a quick way to set up your own VPN …

Read more...

Fixing the clock in Kodi.

  configuration howto kodi media_box clock

I've mentioned once or twice that I have a media box at home running Kodi on top of Arch Linux.  Once you've got your media drives registered and indexed, it's pretty easy to use.  Save for the clock in the upper right-hand corner of the display, which almost never seems to coincide with the timezone set when you install Arch.  So I don't forget again, and to try to fix the problem of skillions of worthless threads on the Kodi forums, here's how you fix it from inside of Kodi when it's running:

  • System -> Settings
  • Appearance menu
  • International tab
  • Timezone …
Read more...

My gkrellM config strings.

  configuration desktop gkrellm monitoring software

On most of my desktop machines I use a system monitoring application called GKrellM to keep an eye on the amount of memory in use, aggregate network activity, swap space, and battery life. It's a handy utility and is very configurable. I have a couple of tweaks that I like to make to my settings to make its output a little more useful by increasing the granularity. I'm going to assume that you're interested enough in GKrellM to play around with the settings (right click on the GKrellM panel, Configuration). In the interest of full disclosure, I also intend on …

Read more...

Logging into a Falcon RAID shelf.

  configuration falcon login network raid sysadmin work

Publically posted for future reference by sysadmins everywhere.

Regarding the Falcon RAID shelf, model ESA16G1B-0030 (3U high, sixteen SATA drive bays, hardware RAID, SCSI interface, two crappy serial ports (headphone jacks? really? you folks took this whole binary thing way too literally!), Ethernet jack, flip-out ears on the front with a rudimentary control panel on the left-hand side) from RAID, Inc. I just inherited one of these at work with no documentation, warranty, or support for it whatsoever. Consequently, I've spent most of a week trying to figure out how to set the damned thing up. Also, I haven't been …

Read more...

Open source desktops and closed source video drivers.

  configuration desktops gnome howto linux nvidia

When you have a workstation running some variant of Linux, the Gnome desktop and you have an nVidia graphics card in the box, do yourself a favor and install their drivers. Make sure that the "Driver" line in /etc/X11/xorg.conf reads "nvidia" and not "nv". And when you get around to configuring multiple displays on the same system, don't mess with Gnome's System->Preferences->Display utility, use the nvidia-settings utility to do it for you (it'll ask for the root password).

Boot loaders and securing dual-booting portable systems.

  border_patrol configuration confiscation corporate_politics customs data_spillage encrypted_volumes grub international_travel linux mitigation notebooks paranoia perspective privacy risk truecrypt whole_disk_encryption

UPDATE - 20170327 - Truecrypt was disconnected in 2014.ev when Microsoft stopped supporting Windows XP.  DO NOT USE IT.  This blog post must be considered historical in nature.

If you've been following the news media for the past year or so, stores have been cropping up with frightening regularity about travelers who are detained at the border while customs agents demand the login credentials for their notebook computers so that they can be examined for gods-know-what kind of information. From time to time, the hard drives of computers are actually imaged for later analysis. As if that weren't enough, the United …

Read more...