There are many resources on the Internet for correctly securing apache web sites with X.509 client certificate authentication. This isn’t one of them. What follows is a three step guide to the fastest, easiest method for setting up self-signed server and client certificates. You are advised not to run any of the commands below in a production environment, they are presented only as an aid for those who learn kinesthetically.
A good solution applied with vigor now is better than a perfect solution applied ten minutes later.
- General George Smith Patton III (source)
Read more…
In most cases, Ubuntu desktop systems will automatically detect and mount removable media, and this is largely done with software that is part of the X Windows system; for server systems without X Windows however, this sort of thing requires a bit of work.
Now some may ask, “Why automount removable media at all?” It is unwise to remove an active device, such as unplugging a USB drive without first unmounting it, and automounting may encourage this sort of recklessness. I don’t contend this, but if one runs a server using an external USB drive, there are two words which should spark an immediate interest in automatic mounts: power failure.
Read more…
Sound problems fall in to three basic categories, and the first thing you want to do is determine which one you’re dealing with. The easiest thing you can do is test your speakers with something else, using the same cable. If your speakers and cable are confirmed to be in good working order, then the problem must be either: Read more…
prerequisite concepts: prelude, basic config., port fwd, proxy conn.
I don’t often have the opportunity to experiment on computers running Windows, but every 
once in a long while it simply cannot be avoided. I recently found myself wanting to look up a password in Revelation, a password manager for the Gnome Desktop on Linux; I have previously written about using OpenSSH’s ProxyCommand directive to tunnel through a firewall and forward X11 (GUI) applications remotely from a an isolated workstation on a private LAN, the difference here was that I needed to forward that application to a Windows workstation.
Read more…
prerequisite concepts: prelude, basic configuration
This post is as much about customizing the root shell as it is about SSH environment variables, but I’m adding this to my OpenSSH collection because it’s applicable to any user.
I occasionally work on servers where, for a variety of reasons, I share an account with one or more other users; this is almost always suboptimal, but it does happen nonetheless. Over time I’ve grown somewhat partial to zShell, so one method I’ve used is to log in to a default shell, usually bash, then run zsh. Read more…
Having discovered the advantages of á la carte VoIP pricing, I pondered how to extrapolate my experience for general discussion while avoiding the pitfalls of interpolation and abridgement.
The Reference Book of Rates, Price Indices, and Household Expenditures for Telephone Service published by the FCC’s Wireline Competition Bureau provides a rough estimate of wireline telephone expenses averaging $45 per month in 2007, based on market research by TNS Telecoms. This isn’t too far from my own experience with residential VoIP plans which have tended to average about $35 monthly, including additional fees and charges, which can be significant: on BroadVoice’s “Unlimited World” plan, for example, “Taxes & Surcharges” account for about 35% of the monthly total. Based on these data, I use an estimated $35-$45 for generic comparison of monthly residential phone bills, or an average average of $40. As I designed our current, á la carte plan, I surmised that after discounting business use, the residential remainder was unlikely to ever exceed $30 in a single month. As the plan took shape, however, I realized that intelligent planning could lower that even further; somewhere in the neighborhood of a $20 monthly average would certainly exemplify what custom VoIP plans can offer, and half the average isn’t a bad talking point. 
Read more…
AppArmor, introduced to Ubuntu with Gutsy, is yet another security tool unleashed upon the infosphere. In part, AppArmor is intended as an alternative to SELinux, which can easily be seen as daunting to configure; unfortunately, many such projects are daunting for those admins forced to walk the plank of unfamiliarity above a sea of expectations. Despite a troubled history, the project seems to be here to stay so it is likely only a matter of time before audit messages crop up in one’s kernel log. For those who find AppArmor unnecessary, unpalatable, or just untimely, herein lies a quick-and-dirty guide for telling AppArmor where to stick its audit complaints. Read more…
Like many others, when I set up my first Linux PBX I knew little about VoIP providers and with few sources of reliable, current information, I made a decision based on name recognition, perceived value, and minimal research. Like many others, I looked for companies who advertised a BYOD plan under the false assumption that said companies would have a clue regarding said devices, despite the cautionary warnings which politely explained that BYO, as used here, means “unsupported”. Like many others, I signed up with BroadVoice believing I had a pretty good deal; in fact, among similar plans offered by cable companies and Vonage, BroadVoice compares rather well.
By the time I started to suspect BroadVoice of stockpiling probiscus laden mammals and bleach, I had already paid setup fees and number transfer fees, and chagrined the thought of early termination fees, more number transfer fees, and a potential three to seven week transfer period. Rather than add to the copious corpus of BroadVoice complaints, I thought I’d focus on what to avoid when choosing a VoIP provider. Read more…
Shortly after I last upgraded my mail server, one user reported that his mail client was failing to connect with the message:
"Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server..."
He was the only one known to be having this issue, so after a cursory check of the server with no obvious problems, I suggested that this might be an error on his end, such as connecting to the secure IMAP port without using SSL/TLS. Occam’s Razor suggests that a server error is more likely than a client error which just happens to coincide with a server upgrade, so I eventually decided to dig up some infrequently used commands and perform a thorough analysis. Read more…
I have resisted the urge to display caller id on my MythTV 
as somewhat obvious. I’m always looking for ways to demonstrate the freedom which comes from using open source software, but I prefer the zesty freshness of an original idea rather than anything that’s been done, redone, and done again. My wife, however, thought that Myth caller id sounded like a great idea and asked me to set it up. What follows is how I did this with the least possible effort. Read more…
