Software

Probably the best and easiest to understand Blockchain explanation I’ve seen.

(Source)

First of all, create your certificates (the regular way). I created one with multiple domains: webmail.rootspirit.com, mail.rootspirit.com, smtp.rootspirit.com.

In my case, as the mailserver and webserver are behind a proxy (postfix, imap, Roundcube Webmail), I create the certificate on the proxy (nginx) and scp the cert to the mail server. All this is automated with a tiny script.

For Postfix, edit main.cf and change/edit/add these lines (check the right path too!):

smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/letsencrypt/webmail.privkey.pem
smtpd_tls_cert_file = /etc/ssl/letsencrypt/webmail.fullchain.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_exchange_name = /var/run/prng_exch
tls_random_source = dev:/dev/urandom
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/ssl/postfix/dhparams.pem
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_use_tls=yes
smtpd_tls_security_level=may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel=1
smtp_tls_loglevel=1

And restart postfix: /etc/init.d/postfix restart

If you're running Postfix, add this line to main.cf:

smtp_tls_security_level = may

Restart Postfix, and retry.

PS: You can set encrypt instead of may -- but this can cause issues with Amavis and/or SpamAssassin.

Minor end of year update. No big SSL exploits have been released since (bar DH, see below).

Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure.

It’s worthy to note that some banks are serious about security and fixing their SSL. Most improved their rating and solved all issues (especially getting rid of SHA1 in the chain). However, a couple lowered from B to C (see below). But… No more F’s. :)

TL;DR: recalibrate your compass.

I’ve come across an issue for the past 10 days that Waze kept losing its GPS fix. This meant:

• constantly switching between 0 and 120 (or whatever) km/h
• constantly zooming in & out on maps (dynamic zoom level depending on speed)
• being in a field/not on the road for most of the time, or stuck to a location of many minutes ago
• often & randomly losing GPS fix (ie middle of the highway without any buildings blocking the line of sight)
• I could do a 45 minute trip with Waze never getting a GPS fix
• not knowing road issues (accidents, traffic jams ahead, speed traps, etc)

Things I tried:

• nothing changed (no new car window, didn't move my phone location in the car, etc)
• not moving (ie parked car) didn't really improve the GPS fix
• even left my phone with Waze on in the car for 30 minutes parked (got a fix, but later that evening when driving home it started to lose its GPS fix again)
• clear Waze cache
• uninstall Waze completely
• GPS Essentials showed a fix with 3 or more GPS satellites when Waze couldn't get a fix
• I was about to find a way to reset my GPS and/or clear its cache (???)

PS: I have had this issue in the past (I believe with the same phone, a Nexus 5), but it went away after several days.

What I did notice, however, is that in Google Maps the arrow (clicking the pin point button twice or something) was pretty much showing the opposite direction of how the car was moving (thus driving backwards at ~120km/h). This made me think, as I know the GPSes in smartphones are quite cheap and aren’t always on (to save battery – my phone is always being charged in the car though) and the phone uses the accelerometer and other sensors to “guess” current path (or rather, path changes, ie taking a turn or slowing down/accelerating).

Proximus Innovation team handed me a D-Link DCS-2132L (ver. B1) to play with. I have some experience with, what is considered, a professional (~€120 + tax) PoE surveillance camera: the Unifi Video Camera (basic version).

Amazon retails this D-Link for around €120 (including tax). So it’s worth noting it’s almost the same price as a metal, semi outdoor, cloud based camera.

The first things I noticed unpacking:

• Plastic. And it feels very plastic.
• Indoor only.
• The base is a bit light if you just want to set it on a table without screwing it or using glue. The utp and power cable can make it trip easily.
• No PoE (power-over-ethernet).
• Infrared (you can clearly hear the filter 'clicking' when booting up the camera)

This thing comes with ethernet, and, surprisingly, with WiFi. That’ll make it easier to use in small shops. There’s also an option to add a micro SD card as local storage.