Centroid.EU Blog

(this blog is mostly encrypted - adults only)
  

Previous Page


Enabled DANE/TLSA for mail.solarscale.de

April 20th, 2018

I have enabled DANE. This should verify the signature of my TLS self-signed certificate for SMTP (STARTTLS) on port 25. A dig output looks like so:

;; QUESTION SECTION:                                                            
;_25._tcp.mail.solarscale.de.   IN      TLSA                                    
                                                                                
;; ANSWER SECTION:                                                              
_25._tcp.mail.solarscale.de. 300 IN     TLSA    2 0 1 98B61AC29E9891A9CC07A72E57
C38CE7DA306EB08C1058AC08EC39CE 84181C29 
_25._tcp.mail.solarscale.de. 300 IN     RRSIG   TLSA 8 5 300 20180619185611 2018
0420185611 63558 solarscale.de. FOr0n6jh1mKZz6PacZnsXMc+0+Q8fGmJ8q4Fw7uFT5fXBgN$
ckHTLjr3 7db0CGhFr8zDyk0fmV2u/JduJfwaxpf24g3OcakhUWq7aaZf6n9aqOxC yaiUzsYmdHYkF$
MK2SB/xbARZitCUoxaKEmWVGnJMckJZQ/z8c6mfhU/ 6Zs=                                 
                                                                                
;; Query time: 16 msec                                                   
It took me two tries to get the 2 0 1 (DANE-TA with certificate checking with SHA256 checksum). I used this validator @dane.sys4.de. I don't know if this means I have turned on DEmail at home now or not. Probably not but who knows?

0 comments

Oh Bavaria! :-(

April 16th, 2018

Dear Reader. I want to make you aware of the following laws that are a threat for mentally ill people in Bavaria (a state in Germany where I live). The Süddeutsche Zeitung wrote about this today. What I can gather from the news is that it is easier for the police to target mentally ill people and lock them up with little evidence of wrongdoing. It makes me sad to no end and fearful.

We're nearing a police state here if these laws make it. And with my estimate of 10% of the population of having had contact with the mental health system that would be over 1 million people in Bavaria who get a "police record" for being mentally ill. What I gather from the article is this record stays in the police files for 5 years. This is wrong. I'm of the opinion that we have an increasing problem with poverty and mental illnesses these days and that's the first thing that the right wingers attack. It's targetting people who can't defend themselves against a systemic abuse against them.

To be poor is not a crime, and to become mentally ill is not preventable, it just happens. If we knew how to prevent it, we'd prevent it, trust me. So this is a russian roulette with civil liberties. I'm so sad about this. When I hear people talking of a creeping islamization of europe I roll my eyes, look at what's really creeping into this land! It's draconian laws and fascism.

I for one won't be voting the CSU party who have invented this law. Also inform yourself about Gustl Mollath, who was locked away in a psychiatric institution in this state and he was neither mentally ill nor guilty of a crime. These laws could give rise to Mollathism. It's sad.

0 comments

The end of soekris in my household

April 15th, 2018

Yesterday I transplanted the new powersupply in the soekris that I have called venus, but it turned out to be the logic board after all. So I have the following items for sale:

  • 19" soekris 6501 case with 2 internal power supplies (old one seperate)
  • 2x 4 port LAN cards for 6501, and riser
  • desktop case for soekris 6501 with SSD mount, included here is my soekris 6501 and external power supply, if you can make the soekris work again it's yours
  • The cases may have some screws missing/lost
  • email soekris [at] centroid.eu and make me an offer for any of the items above.
Thanks soekris it was a good ride!

0 comments

Donation time: 100 EUR go to OpenBSD

April 7th, 2018

I have donated 100 EUR to OpenBSD and Theo de Raadt for the 6.3 release. With this I start with 100 EUR for OpenBSD in 2018. I believe I'll make a similar donation for 6.4.

0 comments

I bartered for a used computer

April 1st, 2018

I bought my parents a new 2 disk Synology NAS and in return got their old computer. The specs for the new/old computer are:

  • Intel Core i3-2120 CPU @ 3.30 GHz
  • 4 GB RAM (DDR3-1333 2 DIMMS 2GB)
  • 1 TB hdisk
  • DVD drive
  • Acer monitor
  • Logitech speakers

It's hard to tell who got the better deal considering this is a full fledged home computer. It runs OpenBSD well that's all I know because it's dual partitioned, but I'll probably wipe it anyhow. Happy April Fools day! :-)

0 comments

Making use of delphinusdnsd regions (for logs)

March 31th, 2018

Today I turned on regions on my delphinusdnsd running on omega.virgostar.net. This is only useful for logging and statistics, but it allows me to give an indicator right away what region a query for my dns service comes from. I'll give you an example log:

Mar 31 16:23:01 omega delphinusdnsd[42119]: request on descriptor 12 interface \
"108.61.211.139" from 88.198.139.3 (ttl=57, region=2) for "psi.virgostar.net." \
type=A(1) class=1, edns0, dnssecok, answering "psi.virgostar.net." (46/235)
Mar 31 16:23:01 omega delphinusdnsd[42119]: request on descriptor 16 interface \
"2001:19f0:6c00:9041:5400:ff:fe11:3332" from 2a01:4f8:0:a104::add:1b (ttl=54, \
region=8) for "psi.virgostar.net." type=AAAA(28) class=1, edns0, dnssecok, \
answering "psi.virgostar.net." (46/247)
for example the above two logs are a typical delphinusdnsd log that I log from recursive nameservers that look up my services. As you can see there is a region code 2 and 8. When I cross reference that to my regions file that would be:
region "RIPE[2]" {
region "RIPE6[8]" {
So from the European region. I can go deeper for a /24 as well, but it's costly because every IP lookup goes through a singly linked list and does a comparison for netmask. So it's best to stay on the major regions which are usually continental.

The data for making these region lists I got from IANA and are publically available. I'm not too worried about spying as this is really very coarse logging. Also most end-users use a resolving recursor (a proxy) to get their DNS so it doesn't reveal them per se. I have also made this list publically available here (delphinusdns.regions).

Happy Easter!

0 comments

New router at home

March 25th, 2018

I have received the Ubiquiti Unifi Security Gateway Model USG, from the shop where I bought it. First time at poweron I installed OpenBSD on it. I required a serial console cable (cisco cable) and an ethernet cable to perform the netboot (bootstrap). Here is the commands I used that worked for me:

boot, press a key to break into the prompt...
# dhcp
# tftpboot 0 bsd.rd
# bootoctlinux rootdev=rd0 coremask=0x3
then install OpenBSD via HTTP from zeta.  I called this new box 'eta'

I want to provide you the dmesg of this box:

Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2018 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.3 (GENERIC.MP) #0: Sat Mar 24 03:50:49 UTC 2018
    visa@octeon:/usr/src/sys/arch/octeon/compile/GENERIC.MP
real mem = 536870912 (512MB)
avail mem = 523862016 (499MB)
mainbus0 at root: board 20004 rev 0.16
cpu0 at mainbus0: CN50xx CPU rev 0.1 500 MHz, Software FP emulation
cpu0: cache L1-I 32KB 4 way D 16KB 64 way, L2 128KB 8 way
cpu1 at mainbus0: CN50xx CPU rev 0.1 500 MHz, Software FP emulation
cpu1: cache L1-I 32KB 4 way D 16KB 64 way, L2 128KB 8 way
clock0 at mainbus0: int 5
iobus0 at mainbus0
simplebus0 at iobus0: "soc"
octciu0 at simplebus0
cn30xxsmi0 at simplebus0
com0 at simplebus0: ns16550a, 64 byte fifo
com0: console
dwctwo0 at iobus0 base 0x1180068000000 irq 56
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Octeon DWC2 root hub" rev 2.00/1.00 \
addr 1
octrng0 at iobus0 base 0x1400000000000 irq 0
cn30xxgmx0 at iobus0 base 0x1180008000000
cnmac0 at cn30xxgmx0: RGMII, address fc:ec:da:04:8d:68
atphy0 at cnmac0 phy 7: AR8035 10/100/1000 PHY, rev. 2
cnmac1 at cn30xxgmx0: RGMII, address fc:ec:da:04:8d:69
atphy1 at cnmac1 phy 6: AR8035 10/100/1000 PHY, rev. 2
cnmac2 at cn30xxgmx0: RGMII, address fc:ec:da:04:8d:6a
atphy2 at cnmac2 phy 5: AR8035 10/100/1000 PHY, rev. 2
/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 1 configuration 1 interface 0 "vendor 0x13fe UDinfo UF2 \
4GB" rev 2.00/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: <, UDinfo UF2 4GB, PMAP> SCSI4 0/direct removable serial.13fe420077C9177D2781
sd0: 3824MB, 512 bytes/sector, 7831552 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
boot device: sd0
root on sd0a (32485cbbbe75c57b.a) swap on sd0b dump on sd0b
WARNING: No TOD clock, believing file system.
WARNING: CHECK AND RESET THE DATE!

Anyhow that's it. I'm very happy so far. Now I'll run a few benches on this new router. Who knows maybe it's some sort of super-computer (hehe). Thanks goes out to visa and the entire octeon team at OpenBSD for making this possible.

0 comments

Donated 30 EUR to F3Netze

March 25th, 2018

I have donated 30 EUR for this reason. This brings my yearly donations to F3Netze to 50 EUR.

0 comments

#deletefacebook, when are you coming?

March 25th, 2018

I left facebook in 2011. I can't promise you, you won't miss your friends. But I can promise you, your data is more in control by you without facebook.

0 comments

Ordered 2 Power Supplies for Soekris 6501

March 23rd, 2018

I have ordered these from soekris.eu which still carry stock. Remember soekris as a company closed their shop around May 11th, 2017. I highly suspect the powersupply in the case has dead/leaking capacitors since I hear a humming sound from the undead soekris. I'm hoping that if the internal powersupply doesn't work out that I'll be able to transplant the 6501 into the portable case and use the external power supply. Here is hoping it'll work out.

0 comments

Next Page

Search

RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS