Problem: if you want to debug a IOS app with MITMProxy, the iPhone needs to trust the MITMProxy CA. This is done by going to http://mitm.it/ and clicking on the apple symbol. Then you have to accept the “profile” in Settings “downloaded profiles”. Then you have to trust this new CA cert in “Settings” “General” …
Problem: after updating from Debian 8 to Devuan 2 the overlay live-boot failes with “no such device” Discussion: I use a bootable USB stick combined with live-boot. In this case the USB stick partition 3 is a normal ext4 file system used as read only “plainroot” filesystem. Live-boot overlays this with an ramfs.As I don’t …
Continue reading ‘Linux Live-boot Fails after Debian/Devuan Update’ »
Problem: after upgrading vom greenlock-express v2.0 to v2.5 and switching from acme-v1 to acme-v2 every attempt to register a new TLS cert with Letsencrypt fails with “ECONNRESET” Discussion: the new version of greenlock tries to validate the .well-known/acme-challenge file before asking letsencrypt for the certificate.If your webserver is behind a loadbalancer or firewall and the …
Continue reading ‘Greenlock(-express) Letsencrypt Fails with ECONNRESET’ »
Problem: Apache needs very long to start on a virtual server running on a KVM/QEMU virtual maschine. Solution: Apache needs a RNG (random number generator) for startup, probably because of TLS. A pure virtual maschine has no RNG device per default. If you add an RNG device to the virtual maschine configuration, apache startup is …
Continue reading ‘Apache Start Hangs during Reboot of a KVM Virtual Server’ »
Unix file systems like ext3/4 can store files which are partly empty more efficiently by not storing blocks with all zeros. These files are called sparse files. When reading these files every things works as normal but “all zero” blocks don’t wast space on the drive. This can be useful for different application. For example …
Problem: The remote console feature of a Dell R710 server does not open with an Linux client with errors like these: Connection failed, Unsigned Java Applett, etc Solution: I had to change three things:in /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security I had to change to these lines: And in ~/.java/deployment/deployment.properties I changed these lines: And there is still a small …
Problem: Akamai is showing very high edge traffic volume, but other sources of accounting show less traffic, and Akamai is billing this high volume! Discussion: I activated log shipping to compare the volume of the shipped data, to the reported volume by Akamai. The difference was +66% in the Akamai volume. Support was not help …
Problem: Some flac players refuse to play some flac files, and even tools like an old ffmpeg can’t handle some flac files Solution: These flac files might have id3v2 tags which they realy should not, because flac uses vorbis style tags and not id3. Remove those id3v2 tags with this command: This removes the id3v2 …
If you like to block network access for certain users on a linux box it’s as simple as that: /sbin/iptables -I OUTPUT -m owner –uid-ower <USERNAME> -j DROP Username might also be the username of a running service.
Problem: current Chrome browsers cut URl parts and hide the correct URL. https://www.derstandard.at/ is shown as derstandard.at. This is simply wrong from the technical point of view. And it might even be dangerous for some URLs form a security standpoint. Solution: there is an option to disable this bug:chrome://flags/#omnibox-ui-hide-steady-state-url-trivial-subdomains Update: oogle ropped his ption. The …
Continue reading ‘Chrome Destroys URLs in the Location Line’ »