Version 2 of cryptsetup got a few new fancy options, one of them is the ability to use Argon2 as key derivation function. Creating a LUKS2 volume with Argon2 as hash function is very easy: sudo cryptsetup luksFormat -M luks2 --pbkdf argon2id -i 5000 /dev/sdb Please note that grub still does not support it, so it can’t be used for boot drives. Once the volume is created, to mount it run:
In Fedora, CentOS and probably many other Linux distros “ssh-keygen” still defaults to RSA 2048. People have not yet realized that the newer, and also faster, elliptic curve cryptography is available; even between my peers I still see that many of them are using old and insecure RSA based keys. Since SSH clients support multiple keys transitioning to newer keys can be painless: 1. create a new elliptic curve key;
For some reason “gpg –gen-key” still defaults to SHA1 and RSA2048, due to the known weaknesses of SHA1 it is probably a better idea to use SHA256. First of all, we need to create a configuration file. personal-digest-preferences SHA256 cert-digest-algo SHA256 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed To generate a new key type (also specify to use RSA 4096): gpg --gen-key ### or gpg --full-generate-key Other useful commands are:
Apcupsd is a powerful daemon that can be used to manage APC UPS, add epel repositories and run: $ yum install apcupsd To configure apcupsd edit the following file: ## apcupsd.conf v1.1 ## # # for apcupsd release 3.14.14 (31 May 2016) - redhat # # "apcupsd" POSIX config file # # Note that the apcupsd daemon must be restarted in order for changes to # this configuration file to become active.
I have got my hands on an APC UPS and some HP gen8 server, installed apcupsd on CentOS 7, connected the USB cable and everything was working fine except for this very annoying issue I had: 1. power goes down (pull the UPS power cord). 2. after some minutes the UPS battery threshold is triggered and the server shutdown procedure is launched by apcupsd. 3. power goes back up (plug in the power cord) while the server is already shutting down but the shutdown sequence is not yet completed.
After upgrading my OpenVPN server to CentOS 7.5 I had trouble connecting to it. Specifically, I had two different issues: ** the laptop, which is running Fedora 28, was able to connect just fine but DNS resolution was broken. ** OpenVPN for Android was also connecting just fine but reporting a weird error: OpenVPN: tun tap invalid argument (code=22). The first one was caused by me because after the CentOS upgrade procedure was completed I also run yum autoremove which deleted dnsmasq; the solution was fairly simple, reinstall and reconfigure dnsmasq.
Since I am a real master at forgiving things I am writing this one down. PHP mail function relies on sendmail but SELinux by default block webservers from sending emails, the usual error that pop-out is: sendmail: NOQUEUE: SYSERR(nginx): /etc/mail/sendmail.cf: line 0: cannot open: Permission denied Allow webservers to send email is as easy as editing the appropriate SELinux boolean: setsebool -P httpd_can_sendmail 1 Use “sestatus” to check SELinux booleans:
LineageOS in Android Oreo flavor is finally here, I guess it is time to update the guide I wrote a while back. Most of the stuff is exactly the same, for the sake of simplicity this guide will be pretty much a copy and paste of the old one with just some bits changed here and there. Required packages on Fedora are (rpmfusion repo must be previously installed): $ sudo dnf install screen java-1.
I normally move /home/user/Downloads off /home/user to a secondary mechanical drive and then symlink it back to /home/user. Firejail for security reasons does not allow whitelisting directories residing outside of the home directory, the simplest solution I found is mount Download directory using mount –bind. sudo mount --bind /mnt/data/Downloads/ /home/user/Downloads To make the change permanent edit fstab: /mnt/data/Downloads /home/user/Downloads none bind
Suunto makes some solid sport-watches, problem is that the management software is comprised of a closed source synchronization program (compatible with Windows and OSX only) and some cancerous cloud web interface accessible directly from their website. Even putting aside my personal aversion for closed source software, it is clear that this approach is retarded because an internet connection is required to be able to download any kind of data from the watch.