Compile Samba 4 under Red Hat Enterprise Linux 8 as an AD domain controller
Unfortunately RHEL 7 and RHEL 8 do not support running Samba as an Active Directory Domain Controller (AD DC):https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/assembly_using-samba-as-a-server_deploying-different-types-of-servers Therefore you need to download the samba sources and compile them yourself.https://download.samba.org/pub/samba/stable In this example we use the following settings: Server names: server1.example.com: 192.168.10.1/24 server2.example.com: 192.168.10.2/24 Domain name:DOM1 External DNS server:8.8.8.8 Samba…
Red Hat System Administration III (RH254)
Data Center Services for Red Hat Enterprise Linux 7
Thoughts of the Day
office.comPRG-DC\EPDRSchnabeFWR]RF.z>v5)Khk+Authenticator Recoverredroland.test@gmail.com-eUT<^’6FiD,%T3)Recovery Code AT7XY-632KH-NB2LU-7ZC9M-MSE5Z
SASL authentication with Postfix (Ubuntu 18.04)
If you run Postfix as a mail server to receive emails from the Internet as well as send out emails from the internal network to the Internet, you probably have the following scenario. Emails from the Internet should be received without authentication. Other mail servers should be able to deliver emails…
Using the German electronic identity card (eID) in Ubuntu 20.04
The new eID functionality of the German identity card enables you to identify yourself with your real name towards government or commercial web services. It makes sure that it is really you who uses the web service, and not someone else who stole your online identity by email spoofing, SIM swapping,…
Deutsche Telekom screwed it … again
Deutsche Telekom and SAP, developers of the official German Corona Warning App, admitted that the app failed to inform users about possible infections for weeks, both under Android and iOS. As previously reported, this is not the first time Deutsche Telekom’s attempt to provide a Corona Warning App failed miserably. 2…
Why home office can be more productive than office work
Top 5 not so obvious reasons why working at home can be more productive than working at the office. You are not bound to office opening hours. Lots of home office workers can shift some of their work to early morning hours or evening hours, so during the day time they…
Free Julian Assange
Britain’s politically motivated show trial for Julian Assange’s extradition hearing is now scheduled for 07.09.2020. https://change.org/JulianAssange Weird things to remember about this trial: – Assange is not a whistleblower himself, he just published information that U.S. government employees revealed to him. In that sense he is protected by the laws of…
Don’t reinvent the wheel …
As a developer or DevOps you probably heard it a hundred times before:” … ah and by the way for the new project … try to find an existing library to solve the problem. Don’t reinvent the wheel, that would cost too much time.” And probably there were more than a…
Get your “pandamnic” math right …
In case you are not that good at math:The fact that the daily statistics curve of new coronavirus infections is “just” going sideways does not mean that the pandemic is not further spreading. It only means that today there are as many new infections as there were yesterday. What you need…
Badly configured webservers
Just came across another example of a badly configured webserver: Error message shows version number Old version: current nginx version is 1.17.10 No automatic fail-over in case of error
Are you safe from BGP hijacking?
How serious is your ISP about Internet security? There is a website now where you can check if your ISP is vulnerable to BGP hijacking: https://isbgpsafeyet.com/ The website also contains additional background information about BGP hijacking and how to prevent it in the first place. ISP = Internet Service Provider, the…
Corona App of Deutsche Telekom lacks SSL security
Be careful what kind of app you are installing in these days. Especially Corona apps (also known as COVID-19 apps) are supposed to be on the market as soon as possible (like yesterday), but this might come at the cost of reliability and security. The Corona App of Deutsche Telekom uses…
Coronavirus: The Age of the Internet
Right now on the Internet you read a lot about staying at home and washing your hands thoroughly to prevent further spread of the virus. But way more important is what you don’t read. I stumbled across the following online news article of the Jerusalem Post. Looks legit to me. Nevertheless…
NetworkManager in Ubuntu 19.10 and 20.04 not working
NetworkManager in Ubuntu 19.10 and 20.04 is disabled by default, except for WiFi connections. If you experience any problems with Ethernet connections or vlans (including a vlan that might be configured by netplan but somehow doesn’t get activated), check out the configuration file 10-globally-managed-devices.conf. /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf: [keyfile] unmanaged-devices=*,except:type:wifi,except:type:gsm,except:type:cdma As you can see,…
Free Julian Assange
https://www.change.org/p/free-julian-assange-before-it-s-too-late-stop-usa-extradition My personal prediction:It is pretty obvious that the US government has no special interest in an early conviction. They just want to hunt Julian Assange down and torture him for the rest of his life. And there sure are plenty of mentally deranged psychos on the CIA payroll who are…
First Deepfake Face Swap Movie
Georges Melies was one of the first creators of special effects in early silent movies. In “A Trip to the Moon” (1902) he projected his own face on the surface of the moon. While the image quality is not comparable to modern movies, the effects are still amazing considering they were…
Chelsea Manning is being tortured
A top United Nations official just condemned the continuing imprisonment of Chelsea Manning as torture and called for her immediate release. https://www.theguardian.com/us-news/2019/dec/31/chelsea-manning-us-torture-un-official-wikileaks?link_id=3&can_id=9789abc639a66414f4adc2d0eb5989b5&source=email-chelsea-manning-is-being-tortured-2&email_referrer=email_694687&email_subject=chelsea-manning-is-being-tortured Sign the petition: tell the government to stop torturing Chelsea Manning and set her free. Chelsea Manning already gave an extensive statement in her 2013 trial and was sentenced…
Evolution of Managed Network Services
… or how to get rid of monolithic service architectures. 1991 – CORBAA distributed management framework for network services. The father of it all. First on Uni* systems, later on other operating systems as well. Pros:- Not monolithic as everything before.- The “O” stands for “Object”, so it must be totally…
Criswell Predicts … IT in 2020
As new year is approaching, there are – inevitably as every year – predictions about what’s coming up in IT in the next year. Unfortunately everything I have read so far is bleeding obvious: Moving to the cloud, AI will be used everywhere, and Python is becoming the most dominant programming…
Let’s Encrypt Certificate for SMTP with STARTTLS
<p value="<amp-fit-text layout="fixed-height" min-font-size="6" max-font-size="72" height="80"><strong>Let's Encrypt</strong> provides an easy way to get free certificates not only for web servers, but also for email servers like Postfix.Let’s Encrypt provides an easy way to get free certificates not only for web servers, but also for email servers like Postfix. <p value="<amp-fit-text layout="fixed-height"…
Christmas Time is Shopping Time … Sort of
Christmas is coming early this year, so I wanted to browse the Internet to see what kind of extra effort our local retail industry is expending. Out of curiosity I chose the largest, most famous shopping street in the Capital of Germany: Berlin’s Kurfürstendamm. And located in that street, there is…
C++ – The Beast is Back (Halloween Special)
Do you remember the time when programming languages like Visual Basic and Java came out and flourished, because they let programmers forget about all the underlying technical details of computers, so they could focus more on things like algorithms and use cases? “I don’t wanna waste my time with solving memory…
HTML gallery for PDF documents
<p value="<amp-fit-text layout="fixed-height" min-font-size="6" max-font-size="72" height="80">Just finished writing a simple Bash shell script that creates an HTML gallery from PDF files in the current directory. It is very basic, but you may want to build upon it.Just finished writing a simple Bash shell script that creates an HTML gallery from PDF…
Chelsea Resists
Chelsea Manning already gave an extensive statement in her 2013 trial and was sentenced to 35 years in prison. After 7 years in prison and 2 suicide attempts she was released in 2017 being commuted by President Obama himself (“Justice has been served.”). This case is history. It is very obvious…
How to reduce digital carbon footprint
Just read an online article about how to reduce your digital carbon footprint. They came up with solutions like “switch off your smartphone once in a while”. WHAT??? Completely ridiculous, so here are my personal recommendations how to significantly reduce global digital carbon footprint. Do not play video games. Do not…
Top 5 reasons in favor or against a programming language
Top 5 reasons why JavaScript is so popular People have learned JavaScript at school or for their first private website, and want to continue using that skill for everything else to come. See #1 See #1 See #1 See #1 Top 5 reasons why people hate C++ They don’t know C++.…
Slow wifi network on Linux laptop
If network performance on your laptop is slow and unstable, it might be because power management of your wifi adapter and of Linux are not playing together. One of the things you will notice are flapping ping rates: $ ping 192.168.0.1 PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. 64 bytes from…
World’s most famous and secure public VPN service is leaking sensitive information
Probably one of the world’s most famous public VPN providers is leaking your traffic. The weirdest thing about it is, nobody noticed the traffic before. Lessons learned: Always check no matter how good the reputation might be. https://www.niem.es/2019/03/f5d599a39d02caef1984e95fdc606f838893ffc5-xyz.html Update (2019-10)Nobody is perfect. Half a year later, there seems to be another…
Security Alert: Migrate to Post-Quantum Cryptography Right Now!
Current cryptographic algorithms will be broken within the next couple of years. The time to migrate to post-quantum cryptography is right now. Ah yes … and while you’re at it, don’t forget about crypto currency. https://www.zdnet.com/article/ibm-warns-of-instant-breaking-of-encryption-by-quantum-computers-move-your-data-today/ Migration steps towards post-quantum cryptography: Identify possible technologies Choose algorithms for standardization Standardization (RFCs) Implementation…
iptables: Block traffic by country (Debian 10)
You need the package versions from at least Debian 10 testing for this to work. Installing specific packages from the testing branch is beyond the scope of this article, but there are many tutorials online. Switch to legacy iptables (I did not try it with the new nftables packet filter that…
Android smartphone “Cubot Echo”
Cubot is a Chinese Android smartphone brand that offers a wide variety of inexpensive phone models. With the Cubot Echo (released in 2016) you get surprisingly good quality at a low price. One of the main advantages of Cubot smartphones is their native Android version (stock Android). Many smartphone manufacturers heavily…
Add entropy to KVM virtual guests (Why is key creation so slow?)
Problem Cryptographic key creation (GnuPG, SSH, etc.) in virtual guests may be very slow because there is not enough entropy. $ cat /proc/sys/kernel/random/entropy_avail 7 Solution Add /dev/urandom from virtual host in virt-manager. Click on “Add Hardware”. Add “RNG” device. This is what will be added to the qemu xml file in /etc/libvirt/qemu:…
Security Guidelines
Physical Device Security Always completely switch off your computer and lock your computer safely away, even if you just visit the bathroom. Screen saver locking or putting the laptop into sleep mode is not enough (Cold Boot Attacks).https://blog.f-secure.com/cold-boot-attacks Don’t display anything important on your computer screen (Van-Eck-Phreaking).https://twitter.com/windyoona/status/1023503150618210304http://www.eweek.com/security/researchers-discover-computer-screens-emit-sounds-that-reveal-data Don’t type in anything important…
Password security – it is not about length or complexity
Passwörter sollten nach Möglichkeit nicht im Klartext am Bildschirm angezeigt werden. Neben dem offensichtlichen Shoulder Surfing (“über die Schulter schauen”), gibt es auch sog. Seitenkanalangriffe in blickgeschützten Bereichen. Das ursprünglich für ältere Röhrenmonitore entwickelte Van-Eck-Phreaking, bei dem die elektromagnetische Strahlung über größere Distanzen aufgezeichnet wird, lässt sich offenbar auch für moderne…
Top 5 questions you should never ask computer security experts
If you can hack into my computer, why should I trust you? If there is an update for my software, does that mean that it was vulnerable for the last couple of years? Are printed documents safer than computers? Today’s computer devices are insanely insecure (s. Security Guidelines). If I buy a…
Sending mail on the Linux command line (Ubuntu 18.04)
How to send end-to-end encrypted emails on the Linux command line. If you want to add attachments, use mutt or mail from GNU Mailutils as the mail client. The following examples use mailx and ssmtp. Unencrypted mail Install package “bsd-mailx”: $ sudo apt-get install bsd-mailx Edit /etc/mail.rc and add the following lines:…
Upgrading from Ubuntu 16.04 LTS to 18.04 LTS
Overall changes Canonical support has been dropped from the following packages. They have been moved to the universe repo. tcpd xinetd isc-dhcp-server-ldap ntp, ntpdate There might be problems to automatically start previously configured ntp service at boot time. As a replacement, systemd-timesyncd.service is now enabled by default and provides SNTP client services.…
Check for new versions of Firefox, Thunderbird
Created a little Bash script on Github that reads your locally installed Firefox and Thunderbird versions and compares them to the newest versions available for download. https://github.com/groland11/check-mozilla-updates You can use it if: you manually installed Firefox and Thunderbird with root privileges you are an unprivileged user who may not tamper with…
That was 2017
Ubuntu 16.04 LTS Security Notices Overall USNs: 348 Highest CVE priority fixed by USN: High: 61 Medium: 277 Low: 5 Bugfixes in Red Hat Enterprise Linux 7 https://www.redhat.com/security/data/metrics/ Critical: 45 vulnerabilities ** Average time for fixing: 2 days ** 15% were 0day ** 37% were within 1 day ** 100% were within…
Upgrading Debian 8 Jessie to Debian 9 Stretch
If configuration files are changed the old version will usually be copied to a backup file (*.dpkg-old). Nevertheless it is a good idea to make a system backup yourself before upgrading. Description how to upgrade https://www.cyberciti.biz/faq/how-to-upgrade-debian-8-jessie-to-debian-9-stretch/ Network Device names stay the same (eth0, …). Debian 9 only uses a new naming…
Squid, c-icap, ClamAV: Bug in the service. Please report to the service author!!!!
If you see this error in your c-icap server logfile, it might just be that c-icap is running out of temporary disk space and that the clamav/virus scanner configuration for c-icap is wrong: Service antivirus_module virus_scan.so ServiceAlias avscan virus_scan?allow204=on&sizelimit=off&mode=simple virus_scan.MaxObjectSize 5M TmpDir /tmp The option “… sizelimit=off…” for the virus_scan service…
Loading…
Something went wrong. Please refresh the page and/or try again.
Follow My Blog
Get new content delivered directly to your inbox.
Roland's Linux Blog 