Networking

So I am flying EVA from SIN - TPE - JFK and back. For the first time I also went to the dark side (16hrs was too long to be locked up with just my mind) and got onboard WiFi.

This seems to come with unlimited data for ~20USD for 24hrs. I manage to stream Google Music just fine.

I totally went Matrix mode during the flight. While the flight is half empty I am wondering if they think I am haxoring it now.

Free pick up in Grimbergen, Diegem or Brussels North.

Email: yeri+sale@tiete.be

Everything has been stored for a while in my garage and is untested.

Dual P3 1u server

    

• 1u dual Pentium 3 1Ghz server
• 2x 72.8Gb 10k rpm SCSI (one probably died)
• 1280Mb RAM
• Served for years as mail & web server in Amsterdam datacenter, got it myself 2nd hand where it served in a Belgian datacenter (IIRC)
• 2dehands

Intel Pentium D desktop server

    

• Pentium D CPU (32bit), don't remember any more specs
• Seems to have 4Gb of RAM (untested)
• 2x 160Gb SATA disk
• 2dehands

AMD64 Athlon desktop

• No disks
• Seems to have 1GB of RAM (untested)
• Athlon64 something. You know. One of those first 64 bit CPUs when AMD was still awesome. :)
• 2dehands

APC Smart UPS

  

• 4u rack mounted UPS
• "SmartUPS 1000"
• With the right cables (not provided) I believe there was a managed console/interface
• Comes with batteries but I'm 99% sure the batteries are dead by now
• it's freaking heavy
• Awesome UPS that proved its use back in the days
• 2dehands

First of all, create your certificates (the regular way). I created one with multiple domains: webmail.rootspirit.com, mail.rootspirit.com, smtp.rootspirit.com.

In my case, as the mailserver and webserver are behind a proxy (postfix, imap, Roundcube Webmail), I create the certificate on the proxy (nginx) and scp the cert to the mail server. All this is automated with a tiny script.

For Postfix, edit main.cf and change/edit/add these lines (check the right path too!):

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/letsencrypt/webmail.privkey.pem
smtpd_tls_cert_file = /etc/ssl/letsencrypt/webmail.fullchain.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/urandom
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/ssl/postfix/dhparams.pem
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_use_tls=yes
smtpd_tls_security_level=may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel=1
smtp_tls_loglevel=1

And restart postfix: /etc/init.d/postfix restart

If you're running Postfix, add this line to main.cf:

smtp_tls_security_level = may

Restart Postfix, and retry.

PS: You can set encrypt instead of may -- but this can cause issues with Amavis and/or SpamAssassin.

Minor end of year update. No big SSL exploits have been released since (bar DH, see below).

Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure.

It’s worthy to note that some banks are serious about security and fixing their SSL. Most improved their rating and solved all issues (especially getting rid of SHA1 in the chain). However, a couple lowered from B to C (see below). But… No more F’s. :)

(Source)

I flew from Doha to Brussels on a brand new (0.4 year old) Dreamliner.

There is on board WiFi, and it’s unlike those I’ve seen before on Lufthansa.

The WiFi is provided by OnAir (owned by SITA, ex Airbus), a Swiss-Merican company using what cell towers (that’s what their landing page said – but their website says satellites + and it worked over the sea).

(Source).

Proximus Innovation team handed me a D-Link DCS-2132L (ver. B1) to play with. I have some experience with, what is considered, a professional (~€120 + tax) PoE surveillance camera: the Unifi Video Camera (basic version).

Amazon retails this D-Link for around €120 (including tax). So it’s worth noting it’s almost the same price as a metal, semi outdoor, cloud based camera.

The first things I noticed unpacking:

• Plastic. And it feels very plastic.
• Indoor only.
• The base is a bit light if you just want to set it on a table without screwing it or using glue. The utp and power cable can make it trip easily.
• No PoE (power-over-ethernet).
• Infrared (you can clearly hear the filter 'clicking' when booting up the camera)

This thing comes with ethernet, and, surprisingly, with WiFi. That’ll make it easier to use in small shops. There’s also an option to add a micro SD card as local storage.