Let's Encrypt is a wonderful initiative providing free short-term certificates to anyone. The EFF kindly provides us with a Certbot, which quickly and easily installs and renews Let's Encrypt certificates. However, it does not support Lighttpd out of the box. Lighttpd wants your private key and domain certificate bundled together …Read More
OpenWrt/LEDE rely on the UCI framework for configuring the devices they run on. All common services (DNS, DHCP, firewall, dynamic DNS, ...) are configured through UCI, with the human-readable results being saved into configuration files in
/etc/config. However, that's just for the user's convenience; UCI itself is a command …
The default images the Beagleboard project provides come with a preconfigured
usb0 interface. I had been unable to replicate that with Debian's multiplatform armmp kernel, which is why I started building my own kernels. I recently found out that all one needs, however, is the
g_ether module loaded (it doesn't …
Just wanted to drop a quick line on the young LibreELEC project, a fork of OpenELEC. It's still in its infancy, but it aims to address a few issues that the latter has been coping with. Quite a few developers joined already, and they intend to be open and transparent …Read More
I have been experimenting with Saltstack - more commonly known as just 'Salt' - and running the master on my laptop. Since it seems to be consuming CPU cycles all the time and I'd like to optimise my laptop's autonomy, I started looking into ways to disable it on battery, and enable …Read More
The right tool for the job
Aptly is a neat tool that allows you to quickly build Debian or Ubuntu repositories. You can grab it from Debian's repositories. Build a repo with the name 'zfs':
$ aptly repo create -distribution=jessie -component=contrib zfs
Add your packages. You can add separate …Read More
I recently had to clean up (and upgrade) a friend's system. It had been a while since I had to do that on location, and I had just this one crappy USB2 stick on me (and my laptop with some ISOs I keep around). I wrote a Linux Live …Read More
I recently decided to move my remote firmware update process to HTTPS. The most obvious and ubiquitous candidate was the
wget utility. The downside is it only supports OpenSSL. While modern routers with 8 MiB or more flash, like my Netgear WNDR3700, have no trouble accomodating the bigger library (libopenssl …
If you're looking on how to implement Unbound as your primary DNS resolver, read on here.
Dnsmasq requires a bit more work in this scenario.
- First, we comment the
resolvfileline, since that file will contain your ISP's DNS servers.
noresolvoption needs to be set to …
DNSSEC is a set of extensions to DNS. As Wikipedia states, it is
a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.
While it is by no means a perfect …Read More