Category: tips, tricks and howtos

openvpn clients on pfsense

In my 2017 article on using OpenVPN on a SOHO router I said: “In testing, I’ve found that using a standard OpenVPN setup (using UDP as the transport) has only a negligible impact on my network usage – certainly much less than using Tor.” That was true back then but is unfortunately not so true …

Continue reading

Permanent link to this article: https://baldric.net/2019/07/07/openvpn-clients-on-pfsense/

postfix sender restrictions – job NOT done

OK, I admit to being dumb. I got another scam email yesterday of the same formulation as the earlier ones (mail From: me@mydomain, To: me@mydomain) attempting to extort bitcoin from me. How? What had I missed this time? Well, this was slightly different. Checking the mail headers (and my logs) showed that the email had …

Continue reading

Permanent link to this article: https://baldric.net/2019/02/16/postfix-sender-restrictions-job-not-done/

postfix sender restrictions

I mentioned in my previous post that I had recently received one of those scam emails designed to make the recipient think that their account has been compromised in some way and that, furthermore, that compromise has led to malware being installed which has spied on the user’s supposed porn habits. The email then attempts …

Continue reading

Permanent link to this article: https://baldric.net/2019/01/24/postfix-sender-restrictions/

variable substitution – redux

Back in October last year, I posted a note about the usage of variable substitution in lighttpd’s configuration files. In fact I got that post very slightly wrong (now corrected) in that I showed the test I applied in the file as: “$HTTP[“remoteip”] !~ “12.34.56.78″”. (Note the “!~” when I should have used “!=”). This …

Continue reading

Permanent link to this article: https://baldric.net/2017/01/30/variable-substitution-redux/

variable substitution in lighttpd

I’ve been a lighty user for many years now, having junked apache when it became obviously overweight for my target devices (the slugs in particular). Trivia is, of course, powered by lighty as are all my other websites. Lighty’s configuration file syntax is reasonably simple to understand, and is well documented on the Redmine wiki. …

Continue reading

Permanent link to this article: https://baldric.net/2016/10/19/variable-substitution-in-lighttpd/

raid performance

I have recently been building a new NAS box (of which, possibly, more later). In fact the build is really a rebuild because I initially built the server about three years ago in order to consolidate a bunch of services I was running on assorted separate servers into one place. That first build was a …

Continue reading

Permanent link to this article: https://baldric.net/2016/05/02/raid-performance/

strip exif data

I have a large collection of photographs on my computer. And each Christmas the collection grows ever larger. I use digiKam to manage that collection, but as I have mentioned before, storing family photographs as a collection of jpeg files seems counter intuitive to me. Photographs should be on display, or at least stored in …

Continue reading

Permanent link to this article: https://baldric.net/2014/01/11/strip-exif-data/

http compression in lighttpd

Today I had occasion to test trivia’s page load times. I used the (admittedly fairly dated) website optimization test tool and was surprised to find that it reported that parts of the pages I tested were not compressed before delivery. I have the default compression options set in my lighty configuration file as below: compress.cache-dir …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/30/http-compression-in-lighttpd/

ssl cipher check

My recent explorations of how to strengthen the ssl/tls certificates I use on both trivia and my mail service have given me cause to look for tools to help me test my configuration. The Calomel firefox plugin and sslabs site are very useful for checking HTTPS configurations, but they are fairly specifically aimed at that …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/10/ssl-cipher-check/

TLS ciphers in postfix and dovecot

A recent exchange amongst ALUG email list members about list etiquette resulted in a flurry of postings on a variety of related topics. I posted a flippant comment about top posting, but did so (deliberately) from my Galaxy tab using Samsung’s default email client which actually forces top posting. Steve responded suggesting that I look …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/

add ssl to lighttpd server

For some time now I have protected all my own connections to trivia with an SSL connection. I do this to protect my user credentials when managing trivia’s content or configuration. In fact my server is configured to force any connection coming from my IP address to a secured SSL connection so that I cannot …

Continue reading

Permanent link to this article: https://baldric.net/2013/09/12/add-ssl-to-lighttpd-server/

openPGP usage

Over at the the cypherpunks mail list, one Tony Arcieri posted a graphic showing an interesting rise in the number of OpenPGP keys registered on the SKS keyserver in the last month or so. The graphic comes from the SKS statistics page. The overall trend is clearly upwards, and has been for some time, but …

Continue reading

Permanent link to this article: https://baldric.net/2013/08/25/openpgp-usage/

lighttpd graceful shutdown

I run two tails mirrors. One in NYC, the other in SanFrancisco. They each serve around 2-3 TiB of data per month. In common with my other servers, occasionally I need to interrupt those VMs in order to effect a system upgrade. I had to do this very recently with my upgrade of all my …

Continue reading

Permanent link to this article: https://baldric.net/2013/05/27/lighttpd-graceful-shutdown/

using an ssh reverse tunnel to bypass NAT firewalls

There is usually more than one way to solve a problem. Back in October last year I wrote about using OpenVPN to bypass NAT firewalls when access to the firewall configuration was not available. I have also written about using ssh to tunnel out to a tor proxy. What I haven’t previously commented on is …

Continue reading

Permanent link to this article: https://baldric.net/2013/03/26/using-an-ssh-reverse-tunnel-to-bypass-nat-firewalls/

touching update

I have recently upgraded the internal disk on my main desktop from 1TB to 2TB. I find it vaguely astonishing that I should have needed to do that, but I do have a rather large store of MP4 videos, jpeg photos and audio files held locally. And disk prices are again coming down so the …

Continue reading

Permanent link to this article: https://baldric.net/2013/02/28/touching-update/

forcing innodb recovery in mysql

Today I had a nasty looking problem with my mysql installation. At first I thought I might have to drop one or more databases and re-install. Fortunately, I didn’t actually have to do that in the end. I first noticed a problem at around 15.45 today when I couldn’t collect my mail. My mail system …

Continue reading

Permanent link to this article: https://baldric.net/2012/11/16/forcing-innodb-recovery-in-mysql/