Multi-Hosts TLS Certificate
It is sometimes convenient to have a domain distributed over two or more machines. This technique, as old as DNS, is interesting to spread the load between multiple hosts, or to provide a bit of high availability. Indeed, if a host becomes inaccessible, at least half of the requests will continue to be successful.
However, since TLS connections have become the norm, and certificates should be renewed automatically, it could be hard to control the validation and the distribution.
I will present you a technique which, with the help of a finely configured web server, allows to get a different certificate on each machine, but usable for the same subdomain.[Read More]
RTL8153B support for 4.9 kernel
If you buy a recent USB to Ethernet adapter, embedding a Realtek chip, you possibly face, like me, the following error, when connecting it:
r8152 4-1.1:1.0 (unnamed net_device) (uninitialized): Unknown version 0x6010 r8152 4-1.1:1.0 (unnamed net_device) (uninitialized): Unknown Device
Support for the user namespace in grsecurity kernel
Grsecurity has completely disabled, on purpose, the user namespace code for the kernel.
As the goal of this namespace is to gain (virtualy) root privilegies inside a namespace (in theory, it shouldn’t give more priviledgies than the one you initialy have outside of your namespace), there are some interesting use cases, or, in my case I need to perform some demo in front of my students.[Read More]
Slow memhog for testing cgroups
Use Gitolite Access Control In Gitweb
Are you using gitolite and gitweb? Two nice and lightweight projects, but perhaps you are tired to manage access control in gitweb?
Here is some simple tricks to use gitolite access list directly into gitweb, automatically.[Read More]
Linux Kernel Configurations
My favorite distribution is Gentoo, for 7 years now. It allows me to have all the flexibility I need (the perfect world between stability with only legacy packages or recent ones on a constantly broken system; as in Gentoo, you always have choice) and it teaches me so many things each day.
As I’m used to control everything, here is a list of kernels' configurations I use currently.[Read More]
My private SSH keys managment
I always have a different SSH key pair per machine. The aim is to really never copy my private key from a machine to another over network or USB stick.[Read More]