No Terms or Conditions

This is the third post of the series that started with “Changes to My Network, Sponsored By XMPP”. The Problem In that article, nearly at the very end, I was pointing out that a solution was needed for the XMPP traffic on non-Web ports (TCP and UDP other than 80 and 443) to be routed from a cloud VPS to my home server. I tried some NGINX configuration using its module streams, but it didn’t work, so I will post here how I ended up solving that using Linux’ –the kernel itself– packet filter rules through iptables. ...

The Problem This text shows the steps to follow to connect an NGINX reverse proxy installed on a server A, and provide access through it to services hosted in a different machine, B. If the machines are in different locations or networks, we can solve the connectivity in several ways, one of them being a VPN. In my personal case, this allows me to install NGINX on a VPS and use it to expose services hosted at my home server, “barcas”. To connect the two machines and allow NGINX to reach the upstream services, I have used Tailscale. ...

A few days ago, someone recommended Snikket to me as a simple option for setting up an XMPP server1, and I jumped in head first. Halfway through the descent, I encountered a bunch of interesting problems to solve, which I will break down step by step in the next few posts. In this one, I’m going to tell you what those problems are, why they arise, why I want to solve them, and how I’ve solved them, but from a design point of view for now. You won’t find a set of commands to solve all this, but rather some context about what I’m trying to solve; detailed instructions will come in the future. ...

TL;DR: This post is about the rationale of installing my own personal Mastodon instance at home, not in a VPS or in a cloud provider. In it, you will find hints on how to do it, but not a detailed recipe to overcome all the tasks, as such is not the goal of the article. I’m not going to relate all my trajectory on Mastodon because I want to make things short. ...

When we download software, we need to verify two things: The integrity of the software we have just downloaded. The authenticity of the package. Checking these two things will ensure that the download went well, and that the software is authentic (and not malware, for example). For the impatient, here is the process assuming that we have downloaded: A software package we want to use, in the example software.pkg A file containing the reference hash; in the example, software.pkg.sha256 A file containing the signature of the Software Author; in the example, software.sig The public keys of the Software Author; in the example, author.gpg $ sha256sum -c software.pkg.sha256 # 1. Check the download integrity $ gpg --import author.gpg # 2a) Import downloaded public keys $ gpg --keyserver hkp://<server> \ --search-keys <shortID> # 2b) Import public keys from a server $ gpg --verify software.sig software.pkg # 3) Verify signatures $ gpg --list-public-keys --with-sig-check # 4) If needed, check web of trust These commands, why we run them, how they work, and how we should understand them, are discussed next. All the commands are Linux-specific, but information on Windows equivalents can be found in plenty of sites and I will probably write other post in the next few days. ...

If you have a Synology NAS and you are a technology enthusiast, or have some interest in using such machines as home servers, you may run into a problem that is quite common. Judging from the amount of Google results, the User Home service gets somehow broken quite often the first time it is activated, and neither is detected by some other services that use it as a dependency, nor can it be deactivated. ...

This post is motivated by the confusion and the still prevalent recommendation of disabling Secure Boot when installing GNU/Linux, no matter what distribution we are talking about. Contrary to the mainstream trend of such a disablement and proceeding with an outdated bootstrap, security-wise, many distributions do support Secure Boot since a while ago. In this post I will provide some links, references, and “glue text to make sense” in order to provide clarity about Secure Boot: what it is, what it provides, and what it takes from us –mostly in terms of user experience, or friction. ...