Excerpt from Wikipedia: Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network. It is designed for use on embedded devices with network capability, such as the Raspberry Pi, but it can be used on other machines running Linux, including cloud implementations.

Configuring PiHole to resolve IP towards Quad9, which is currently the best public available malware domain filtering DNS service. On top of that you can add your own lists. Recommended lists are the two below.

Excerpt: The Linux vanilla kernel repositories for Fedora offer RPM packages containing vanilla builds of different Linux kernel version lines. These packages are meant for Fedora users that want to access the latest Linux kernels quickly and comfortably; either the latest mainline kernel, the latest stable kernel or a vanilla variant of the Linux kernel version line Fedora uses currently.

Link: https://fedoraproject.org/wiki/Kernel_Vanilla_Repositories

Excerpt: just a simple guide for getting started with git. no deep shit ;)

From Wikipedia: Chess is a two-player strategy board game played on a checkered board with 64 squares arranged in an 8×8 square grid.

From Wikipedia: Origami (折り紙, Japanese pronunciation: [oɾiɡami] or [oɾiꜜɡami], from ori meaning “folding”, and kami meaning “paper” (kami changes to gami due to rendaku)) is the art of paper folding, which is often associated with Japanese culture. In modern usage, the word “origami” is used as an inclusive term for all folding practices, regardless of their culture of origin.

This is a copy from the ZXing repo wiki pages at commit hash 3110236. ZXing is an open-source, multi-format 1D/2D barcode image processing library implemented in Java, with ports to other languages.

Much has been said about 2D barcodes, and the discussion has focused on the format of the 2D barcode itself – QR Code, Data Matrix, and so on. But equally important is the format of what the barcode itself encodes.

2D barcodes encode text, generally, but that text can represent many things. Commonly, 2D barcodes encode text that represents a URL, like https://google.com/m. This is a special string of text since it is recognizable as a URL by readers, and therefore can be acted upon: the reader can open the URL in a browser.

I’ve seen a lot of learning resources for Docker. Personally I think this is one of the better resources for beginners. Enjoy!

Excerpt from the website: LearnDocker.online is the most comprehensive online Docker training program on the planet.

• LearnDocker.online

From the website: The Portable Hardware Locality (hwloc) software package provides a portable abstraction (across OS, versions, architectures, …) of the hierarchical topology of modern architectures, including NUMA memory nodes, sockets, shared caches, cores and simultaneous multithreading. It also gathers various system attributes such as cache and memory information as well as the locality of I/O devices such as network interfaces, InfiniBand HCAs or GPUs.

• Portable Hardware Locality (hwloc)

Install the GUI on Fedora.

I’ve tried to ditch Dropbox for a long time. But the need for synchronizing folders between my computers have held me back. Syncthing solves this for me. It’s decentralized syncrhonization between all my units, including my phone, without the need to go through a 3rd party server.

Excerpt from Syncthings homepage: Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it’s transmitted over the Internet.

From zram documentation: The zram module creates RAM based block devices named /dev/zramID (ID = 0, 1, …). Pages written to these disks are compressed and stored in memory itself. These disks allow very fast I/O and compression provides good amounts of memory savings. Some of the usecases include /tmp storage, use as swap disks, various caches under /var and maybe many more :)

• zram

Example of compressed swap in memory

Write this commands in /etc/rc.local to create a 2G compressed swap partition in memory.

Prototyping and testing configurations and system installations is time consuming on traditional hardware. That is why I started using Vagrant for nearly all development, prototyping and testing. It’s free and really easy to use. If you install VirtualBox sudo apt-get install virtualbox first, you’ll be up and running in no time.

Vagrant do profile itself for developers, but sysadmins has much to gain by using such tools to make life easier for themselves. Automation and reproducibility is key concepts in modern system administration. We need to think more and more like developers, as much as developers need to think more and more like sysadmins.

oSteve Gibson have a nice round-up where he explains how certificate revocation does work and why Chrome and Chromiums certificate revocation scheme doesn’t work. I recommend to read both Steve Gibson’s article on An Evaluation of the Effectiveness of Chrome’s CRLSets and Adam Langley’s in my opinion a bit missplaced answer Revocation still doesn’t work.

• Security Certificate - Revocation Awareness Test

• Listen to Security Now! episode 454 Certificate Revocation Part 2 in which Steve explains about both certificate revocation and Google’s CRLSets.

  [Read More]

Excerpt from Remy van Elsts tutorial: OCSP stapling is an enhancement to the standard OCSP protocol that delivers OCSP responses from the server with the certificate, eliminating the need for relying parties (web users) to check OCSP responses with the issuing CA. This has the effect of reducing bandwidth, improving perceived site performance, and increasing security for everyone involved in establishing the secure session. This tutorial shows you how to set it up with Apache.

Entropy is important for generating good encryption keys. Do you have a busy server relying on crypto, generating keys, you need lot of good entropy. Or if you have a disk less system you don’t get as much entropy from the kernel that you may wish. One way to get a lot of good entropy is to use haveged. Haveged is closer to a TRNG than a PRNG.

Easiest way I know to create cloud virtual machine is to create a Droplet on Digital Ocean.

• DigialOcean

Run Qualys SSL Labs test to test the strength and combability of SSL certificate.

• SSL Server Test

Documentation for increaseing parallelism and performance for multi-processor systems.

• scaling.html