Centroid.EU Blog

(this blog is mostly encrypted - adults only)
  

Previous Page

Alert! New draconian laws to be passed tomorrow in Bavaria!

May 14th, 2018

The government in Bavaria wants to pass this law tomorrow. Even though 30,000 people demonstrated in Munich on the weekend against this. This is a loss for civil rights! Please read this story (german) by Heribert Prantl of the Sueddeutsche Zeitung. Tomorrow will be a sad day for us. It will get scary for those exposed to the new police laws directly, innocent or not! It's a shame. It will bite us. Remember the saying by Abraham Lincoln a US President in 1859, "Those who deny freedom to others, deserve it not for themselves; and, under a just God, can not long retain it." The quote for that is hyperlinked. This is a sad week for Bavarians.

0 comments

Donated to NLnet Labs of NSD/Unbound Project

May 12th, 2018

As a thank you to Habbie of PowerDNS I have donated 25 EUR to a project that needs support. I sent it to NLnet Labs but wasn't able to write a message with the donation. It's worth it to keep the money in the DNS hegemony.

0 comments

A fix went into delphinusdnsd

May 12th, 2018

I have just updated the news section of delphinusdns.org, this is what I added:

  • A fix went in to signing a zone with dddctl on 20180512 regarding Empty Non-Terminal names (ENTs) and DNSSEC, it's not critical if you don't have ENTs in your zonefile, but if you do (for example when using DANE), please update to tonights snapshot (after 12 midnight CEST?) or onwards. Please notify me of any breakage.
What this means is that before today, if you had something like _25._tcp.mail.solarscale.de and there was an ENT which is _tcp.mail.solarscale.de (in my case) (an ENT has no record) then nameservers who look up _tcp.mail.solarscale.de before or after could cause _25._tcp.mail.solarscale.de to be denied (SERVFAIL) on recursing nameservers, this of course is critical on DANE systems. I found this fault last week and with the help of a known #dns regular we were able to diagnose the problem. Thanks Habbie! I wrote a bindfile conversion routine into dddctl which allowed me to run many dns zone file checkers against a zone, (such as jdnssec-verifyzone). I also while there wrote a regression into delphinusdnsd. Hopefully the effort will pay off.

0 comments

New functionality in dddctl

May 10th, 2018

I have hacked a little on delphinusdnsd today. I wrote a conversion mode in dddctl to convert delphinusdnsd zonefiles to BIND9/RFC-1034 style files. Here is a test, which I may be using in a regress suite that I'm working on: 

solarscale.de.signed                          100%   13KB 429.6KB/s   00:00    
beta$ dddctl bindfile solarscale.de solarscale.de.signed > solarscale.bind
beta$ ldns-verify-zone solarscale.bind
Zone is verified and complete
I'll have to update the delphinusdnsd handbook soon which suggests one do the conversion with dig. Happy happy.

0 comments

Purchased Switch and 10 GbE adapter

May 7th, 2018

Happy anniversary blog! Last night I purchased an 8 port 10 GbE switch (maker HPE, american) and a 10 GbE Intel X550-T2 network adapter. I'll be attaching these to beta my workstation which will become a router with vlans on the 10 GbE adapter. I'll also make beta my backup host as my current backup host theta does not wake properly (even on RTC wake), and it's better this way anyhow. The equipment purchased was rather expensive but I was in need for ports in the home office. This satisfies my need. Uranus my 6 port router will go into the hallway and replace eta and gamma and I'll make some electricity savings there. Everything is working out...

0 comments

Happy Anniversary!

May 6th, 2018

Tomorrow is the blogs ninth birthday (9 years). This is the oldest article I could find. Also the 7th anniversary I said something you can read it here. Notice the hyperlinks have changed on a lot of articles since I rewrote this blog to BCHS, so you may enounter broken hyperlinks. I'm still debating whether I should update those. For now it's time to party. Here is a cup o' tea to ya centroid.eu blog!

0 comments

Added SSHFP utility to dddctl, while there fixed signing sshfp records

May 5th, 2018

I have added a "sshfp" mode for dddctl which makes use of ssh-keygen -r. This is the output of it: 

beta$ dddctl sshfp beta.centroid.eu
  beta.centroid.eu.,sshfp,3600,1,1,"bd1233ca6586a3033ac5d90209a7e4c36269b83f"
  beta.centroid.eu.,sshfp,3600,1,2,"ad389bc08427c82f96d15aa2bf28017f70bee17ab441d641778b13b179233e62"
  ...
I find this useful others may not, but i do. The canonicalization of RR's for the signing was in the wrong order and I had to fix that last night. It was a bit of a debug. And perhaps more sign types need the fix I found than just sshfp_sign(), we'll see.

0 comments

My Network Map for home

May 4th, 2018

Here is an updated network map for my home network. 

						    7 cables
						    |||||||
						+-------------+
						|    zeta     | (livingroom)
						+------+---+--+
            Internet                                   |   -
                ^                  uplink              |   - IPSEC & gif
                |           +----------------+         |   - to mercury
                |           |                |         |   -
            +---+---+    +--+---+        +---+----+    |
            + gamma +----+ eta  +--------+ AREA52U+----+ (hallway)
            +---+---+    +------+  link1 +---+----+ link2
                |                            |
                |			     |
                |			     | Freifunk B.A.T.M.A.N. over  
                |			     |	cat5e cable
                |                            |
                |			+----+----+
                |			| AREA52K2|
                |			+----+----+
                |			     |
            +---+---+			+----+----+
            |mercury|<=================>| uranus  | (home office)
            +-------+  IPSEC&gif tunnel +---------+
				           |||||	
					   5 cables
This may change soon as I've decided I need more ports. Since I lost venus (router) I'm short for 12 RJ45 gig ethernet ports. I'm going to wait a while until OpenBSD makes the vpn offload code for octeon stable and then I'm going to buy a 10 GbE switch (probably a Ubiquiti Networks one) and place that in my office, where uranus will go in the hallway and eta in my office. I wasn't going to do that until 2020 but I have a need for more ports now and I don't want to mis-invest. We'll see.

0 comments

Bavaria's Polizeiaufgabengesetz (PAG)

May 3rd, 2018

Dear reader, I want to make you aware of the Bavarian (a state in Germany) police law that is about to enter if we vote for the CSU or in other words it's leader Markus Söder. The law allows Bavarian police to enter cloud computers of Bavarian citizens and conduct sabotage, spy on the users, embed a trojan etc etc. This is mega bad, and we're facing a possible police state if this law makes it. An article by campact.de which I signed as well sums it up nicely so I want to let you in on it. It's here (german). I don't know why we're seeing all these acts by government to inhibit the citizens rights but it is a global phenomenon. We must act in all democratic countries to fight by democratic means these onslaughts. I already said an article prior to this about Bavaria's Psychiatric law that I won't be voting for the CSU as this crap can't stand. I stand to this.

0 comments

Cancelled chi.goldflipper.de

May 3rd, 2018

I just cancelled this VPS that I got close to 7 years ago at hetzner online. It was originally called io.solarscale.de, but I renamed it about a year ago when I got goldflipper.de domain. I'm getting a better deal at the same provider with a new vps.

0 comments
Next Page

Search

RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS