Postfix configuration Install the required software: $ yum install postfix postgrey dovecot fail2ban spamassassin spamass-milter-postfix opendkim Create TLS certificate, key and CA authority (replace mail.domain.tld with a valid domain name): $ mkdir /etc/postfix/ssl $ cd /etc/postfix/ssl $ openssl genrsa -aes256 -out mail.domain.tld.key 4096 $ chmod 600 mail.domain.tld.key $ openssl req -sha256 -new -key mail.domain.tld.key -out mail.domain.tld.csr $ openssl x509 -sha256 -req -days 1825 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt $ openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass $ mv mail.domain.tld.key.nopass mail.domain.tld.key $ openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 -sha256 $ chmod 600 mail.domain.tld.key $ chmod 600 cakey.pem $ openssl dhparam -out dhparams.pem 4096 $ chmod 600 dhparams.pem Edit main.cf file accordingly (the other lines should be ok by default). No SQL database is used, for user authentication postfix relies on Linux users, email data are stored in ~/Maildir. …

First off, I failed so there will not be any kind of walk-through or guide. Hardware/software setup is sub-optimal and is for sure part of the problem for at least three reasons: as primary display adapter I use an Nvidia GTX 750ti; I use Nvidia proprietary driver because nouveau support for newest graphic cards isn’t good (this is an understatement to say the least); it isn’t completely clear if Intel Z97 chipset supports VT-D or not and if it does on what level it does. The whole configuration is: – Xeon E3-1241v3 – Gigabyte Z97X-UD5H (BIOS F8) – Crucial DDR3 2×8 GB PC3-12800 – Nvidia GTX 750ti :: host graphic card – ATI HD7950 :: VM graphic card Another issue is the complete lack of documentation on vfio_pci and VGA passthrough in general, even Fedora KVM related documentation is not up to date and make no mention of vfio kernel module; the best place to get information on the subject is a thread on the Arch Linux forum but even this time the whole process is not documented in a decent way. Anyway, I had this beefy HD7950 lying around and I thought: why not give VGA passthrough a try? After configuring the thing with information I found around the net I got prompted with the following error: vfio: error, group 1 is not viable, please ensure all devices within the iommu_group are bound to their vfio bus driver PCI slot isolation on this Gigabyte sucks, both the ATI (first slot) and Nvidia (second slot) – I tried every slot combination – are bound to the same IOMMU group and even patching and recompiling a custom kernel with ACS overrider and VGA arbiter lock patches didn’t really solve the issue. Just before giving up I took out the Nvidia and plugged in an old Matrox PCI graphic card, this way with the IOMMU group #1 used only for the ATI HD7950 I was able to start the VM so VGA passthrough works at least to some extent on this Gigabyte motherboard. Some questions like an integrated graphic card will be bound to the same IOMMU group as PCI-E graphic cards? or using two ATI would make any difference? remain unanswered. For reference I also gave Virtualbox a try since they advertise PCI passthrough too, when starting the VM the whole host system freeze…so no luck with it either. …

In order to be able to mount a MTP device (in my case it is a Oneplus One) in thunar file manager the following packages are needed: simple-mtpfs libmtp fuse fuse-libs gvfs-mtp. After installing the previous listed packages restart the system. Once installed the device can me be mounted with simple-mtpfs _directory_, unmounted with fusermount -u _directory_ or mounted with thunar/gigolo/etc.

When playing html5 videos with my 1+1 (Cyanogenmod 11 – snapshot M11 – Android 4.4.4 with ART runtime) using Firefox 33.1 (version 34 does not fix the bug either) audio works fine while video is completely corrupted with grey artifacts all over the place. The problem appears to be quite common and is not only circumscribed to 1+1. The best workaround so far is type about:config in the address bar, search for media.stagefright.omxcodec.flags and set its value to 8 to disable video hardware acceleration (0 lets android pick the best option and 16 forces hardware acceleration always on). Firefox 36, which is currently in nightly stage, should come with a patch that will actually solve the issue but I am not comfortable with running a browser in alpha/beta stage so for now I will live without video hardware acceleration. …

Two weeks ago while wasting time on the interwebs I found by accident a couple of OnePlus One invites. To be honest I wasn’t planning on buying a new phone since my previous Nexus 4 is still serving me well but seeing OPO price (299 € for the 64 GB one) and specs I said: well, fuck it. So far I like it very much, the bigger screen makes general usage more enjoyable and battery life is significantly better than Nexus 4, it lasts 2 days without many problems. I can’t really comment on Cyanogenmod OPO edition or whatever the stock ROM is called since I used it for just the bunch of minutes necessarily to enable USB debug, unlock the bootloader and install recovery and stock Cyanogenmod 11 snapshot M11. One thing I for sure don’t like is the unlock screen, stock Cyanogenmod one is way way better but that’s pretty much it, can’t say more. …

Everyone who knows me a little bit knows how much I dislike Google but this time we really should thank them for taking a real step toward a more secure web. They are finally moving away from SHA-1 to the much more secure SHA-2, more info can be found here: http://googleonlinesecurity.blogspot.it/2014/09/gradually-sunsetting-sha-1.html .:. Setup CentOS 6.5 x86_64 nginx/1.6.1 OpenSSL 1.0.1e-fips 11 Feb 2013 Nginx developers provide an up to date repository (http://wiki.nginx.org/Install)for CentOS: …

I have this Arch Linux based ODROID-U3 I use as DLNA server, local web server…etc…and also as local DNS caching server. For some strange reason pdnsd doesn’t seem to start correctly on Arch Linux. [root@server ~]# systemctl status pdnsd -l ● pdnsd.service - proxy name server Loaded: loaded (/usr/lib/systemd/system/pdnsd.service; enabled) Active: failed (Result: exit-code) since Sat 2000-01-01 20:02:07 CET; 14 years 7 months ago Process: 182 ExecStart=/usr/bin/pdnsd (code=exited, status=3) Main PID: 182 (code=exited, status=3) Jan 01 20:02:06 server systemd[1]: Starting proxy name server... Jan 01 20:02:06 server systemd[1]: Started proxy name server. Jan 01 20:02:06 server pdnsd[182]: Error in config file (line 11): Failed to get IP address of eth0: Cannot assign requested address Jan 01 20:02:07 server systemd[1]: pdnsd.service: main process exited, code=exited, status=3/NOTIMPLEMENTED Jan 01 20:02:07 server systemd[1]: Unit pdnsd.service entered failed state. Adding After=network-online.target and Wants=network-online.target in the Unit section of the startup script doesn’t seem to make any difference. So far the only workaround which really works is adding the line After=multi-user.target in the service script. …

So, I have this big ass fancy IPOD Classic, the stock OS is, like most of the apple stuff, dogshit; I installed Rockbox and gave him new life. Yesterday I had some strange errors during theme installation (RockboxUtility on Fedora X86_64), files extraction failed or something like this. At first I thought of a corrupted Rockbox installation, after a bit of thinkering I found out the thing was just mounted as read only; tried to mount it manually with the rw flag but still a no go. Umount the volume and run fsck.vfat /dev/sd*2 saved the day, now the IPOD is mountable as rw. …