Note to self: Creating TLS certificates with OpenSSL

# Use 4096 when you can use ECDSA openssl genrsa -des3 -out $DOMAIN.key 2048 cp $DOMAIN.key $DOMAIN.key-org openssl rsa -in $DOMAIN.key-org -out $DOMAIN.key # Vanilla versions since 1.0.2 set the hash by default to SHA-256 openssl req -new -sha256 -key $DOMAIN.key -out $DOMAIN.crt

DNSSEC on a domain with BIND and IPv6

I finally managed to sign my with DNSSEC, whereas the signing happens via IPv6. As the original Nominet documentation about DNSSEC points out (this article is based on that documentation), you would need two nameservers. Familiar with BIND, its concept of “views” came to mind and here is how you can do this – […]

Assembly Chess on Raspberry Pi (without any OS)

Some time back I came across Assembly Chess on Raspberry Pi (without any OS) and today I managed to get this done and finished.  I am impressed, it is well implemented, and just worked straight out of the box. At least I found some decent use for an empty iPhone 3GS box – you could […]

Run your own DDNS updates for your home server

Update 28th Feb 2015: RFC 2136 I came across RFC 2136, which is ironically the same thing what I am describing below. You can find here (taken from pfSense) a documentation how to set it up according to RFC 2136.   I managed to run my own nifty DDNS update service for/from my home server. […]

Re: Heartbleed Bug: Public urged to reset all passwords

A friend of mine asked me on that article on BBC whether you should change all your password due to that Heartbleed bug within SSL. It seems there are a few things floating around, a few misconceptions and misunderstanding about the problem. First of all, when you access – a banking site for example, you usually […]

When you were young a day seemed like a day…

When you were very young a day seemed to last a year. When you were a teenager a day lasted a week. When you reached middle age a day was over in an hour. Now last christmas seems like yesterday. On the grounds that you only have about two weeks left to live what are […]

GBit connection but only ~12MBytes/s transferrate over SSH?

I came about that my SSH setup was only able to transfer ~12MBytes/s. After some digging I found out that SSHv2 is by default using “3des” as the cipher. When I set it specifically with “-c blowfish” to a another secure, but much faster block cipher, I got ~24MBytes/s. If you want you can configure […]

A Raspberry Pi behind a 22″ TV

I had an old 22″ monitor standing around, where the integrated CD/DVD player was broken – but lucky me it still had a HDMI input, so… *g So I stuck the Pi with doublesided super strong mounting tape at the back of it, put some more “sticky points” to hold the wireing in place and […]