Multi-Hosts TLS Certificate

 Posted on February 9, 2022  |  4 minutes  |  nemunaire

It is sometimes convenient to have a domain distributed over two or more machines. This technique, as old as DNS, is interesting to spread the load between multiple hosts, or to provide a bit of high availability. Indeed, if a host becomes inaccessible, at least half of the requests will continue to be successful.

However, since TLS connections have become the norm, and certificates should be renewed automatically, it could be hard to control the validation and the distribution.

I will present you a technique which, with the help of a finely configured web server, allows to get a different certificate on each machine, but usable for the same subdomain.

[Read More]
certificates  web 

RTL8153B support for 4.9 kernel

 Posted on March 17, 2019  |  1 minutes  |  nemunaire

If you buy a recent USB to Ethernet adapter, embedding a Realtek chip, you possibly face, like me, the following error, when connecting it:

r8152 4-1.1:1.0 (unnamed net_device) (uninitialized): Unknown version 0x6010
r8152 4-1.1:1.0 (unnamed net_device) (uninitialized): Unknown Device
[Read More]
kernel 

Support for the user namespace in grsecurity kernel

 Posted on October 31, 2018  |  1 minutes  |  nemunaire

Grsecurity has completely disabled, on purpose, the user namespace code for the kernel.

As the goal of this namespace is to gain (virtualy) root privilegies inside a namespace (in theory, it shouldn’t give more priviledgies than the one you initialy have outside of your namespace), there are some interesting use cases, or, in my case I need to perform some demo in front of my students.

[Read More]
kernel 

Slow memhog for testing cgroups

 Posted on October 4, 2016  |  3 minutes  |  nemunaire

Testing the cgroup memory is not something as easy as we can think. It can’t be only question of malloc(100000) in a loop, as the Linux kernel overcommit memory allocation: so even if we get effectively a 100000 bytes long memory space, this doesn’t decrease the physical available memory. To do so, this space need to be changed pages by pages, that can be tedious to do. And quite uncertain, because the kernel can take advantage of the swap partition… [Read More]
teaching 

Use Gitolite Access Control In Gitweb

 Posted on September 24, 2015  |  1 minutes  |  nemunaire

Are you using gitolite and gitweb? Two nice and lightweight projects, but perhaps you are tired to manage access control in gitweb?

Here is some simple tricks to use gitolite access list directly into gitweb, automatically.

[Read More]
git 

PGP key

 Posted on June 29, 2015  |  2 minutes  |  nemunaire

My personal PGP key is the following: 0x842807a84573cc96.

pub   4096R/4573CC96 2014-06-23 [expires: 2022-06-30]
      Key fingerprint = E722 B5B7 3CA7 FA93 5FC1  AA09 8428 07A8 4573 CC96
uid                  Pierre-Olivier Mercier <nemunaire@nemunai.re>
sub   4096R/9D2855C3 2014-06-23 [expires: 2022-06-30]
[Read More]
privacy  cryptography 

Linux Kernel Configurations

 Posted on April 20, 2015  |  1 minutes  |  nemunaire

My favorite distribution is Gentoo, for 7 years now. It allows me to have all the flexibility I need (the perfect world between stability with only legacy packages or recent ones on a constantly broken system; as in Gentoo, you always have choice) and it teaches me so many things each day.

As I’m used to control everything, here is a list of kernels’ configurations I use currently.

[Read More]
kernel