2020-08-09 Make Postfix Trigger Blacklistd on Failed Authentication The other day, I realized that from time to time, alpine, my console mail client for about 20+ years now, would close the connection to the IMAP server because of an “error”. Digging in the logs, I realized my server was being bruteforced for months, if not years. NetBSD being the fantastic OS it is, it actually had nearly no effect on my server’s behaviour, only those annoying connections closing from time to time.

2020-07-22 OpenSSL PBKDF2 Default Iterations I’m digging into OpenSSL for quite a while to find a decent encryption method to double the security of some critical GnuPG already encrypted files. The one I came up with that seemed to satisfy my confidentiality requirements is as follows: aes () { openssl enc -aes-256-cbc -in $1 -out ${1}.aes -a -pbkdf2 } Now, a friend of mine, whose crypto is a field of expertise, told me that the CBC mode was unsecure because of possible attacks, and that I should use GCM.

2020-07-12 Ffmpeg Quick Stream Command Line Again from the stop-trying-to-use every-flag-available department. This makes me think about this Percona engineer who once told me and my team “people keep tuning MySQL with tons of configuration options when really 10 parameters define 90% of the performance”. For some reason, I was somewhere where I needed to stream my webcam quickly to a remote machine on my home network through a VPN in order to record the current place.

Svg Vector Icons : http://www.onlinewebfonts.com/icon 2020-07-10 QEMU/KVM Shorter Command Line I keep reading overcomplicated QEMU/KVM command lines, when really, to start a VirtIO disk and bridged VirtIO NIC virtual machine, only this command is needed: $ sudo qemu-system-x86_64 -enable-kvm -m 1024 -cpu host -daemonize \ -drive file=mydisk.img,if=virtio \ -net nic,model=virtio -net tap,ifname=tap0 drive type is virtio nic model is virtio and the interface is of tap type, this will summon /etc/qemu-ifup to attach the interface to your bridge.

2020-06-18 Fakecracker: NetBSD as a Function Based MicroVM In November 2018 AWS published an Open Source tool called Firecracker, mostly a virtual machine monitor relying on KVM, a small sized Linux kernel, and a stripped down version of Qemu. What baffled me was the speed at which the virtual machine would fire up and run the service. The whole process is to be compared to a container, but safer, as it does not share the kernel nor any resource, it is a separate and dedicated virtual machine.

2020-06-13 Rofi Window Switcher With XFCE (updated, now with icons) This bug forbids rofi window mode to give focus to a selected window when click to focus is disabled in XFCE. Using the same trick the first commenter used, I came up with this script which uses wmctrl to handle windows listing, selection and focus: #!/bin/sh clicktofocus="xfconf-query -c xfwm4 -p /general/click_to_focus -s " $clicktofocus true w=$(wmctrl -l|awk '{$1=$2=$3=""; sub(/^[ \t]+/, ""); print $0}' | \ rofi -dmenu -i -p "Window Switcher") wmctrl -a "$w" $clicktofocus false Not the prettiest method but it emulates rofi -show window pretty well.

2020-06-10 Testing GPG Keys With Docker... and fail As a password-store user, GPG is particularly important and sensitive, I use it for pretty much everything authentication / encryption related. Also, about a year ago I got myself a pair of Yubikeys, and they are now involved in all of the mentioned workflows. Now on the topic, as my keys are a crucial part of my online life, I wanted to make sure I had those backuped safely, and moreover, that this backup is usable in an empty environment by simply importing the public and private keys.

2020-05-13 Understanding Bitcoin LevelDB Format (and messing up with bytes) I’ve contributed to a small project I found useful in my digging of Bitcoin’s LevelDB databases structure; leveldbctl is a CLI tool that permits to parse a LevelDB database rather simply. But it was missing a critical function for my use case, hexadecimal fields handling, which are heavily used by Bitcoin. Until now it was only capable of reading / writing strings. It is now possible to use it to retrieve values from Bitcoin's (and probably a lot more cryptocurrencies) block index keys, i.

2020-05-04 Gitlab Pages Simply Put Yet another topic IMHO explained in the most possible complicated way in Gitlab documentation, Gitlab pages are in fact extremely powerful and simple to use. In order to create a website with an URL of the form https://<username>.gitlab.io/<project>, there are a couple of steps to follow. First, write a Job to publish your pages, this job can be part of your project’s .gitlab-ci.yml but for some reason, official documentation gives the idea you are supposed to create a specific repository for that.