I’ve recently noticed that Oracle (yes, oracle) offers a pretty nice ‘Always Free Tier’ cloud offering. Unfortunately, only Oracle Linux and Ubuntu are available, which is not really what i want. So i went ahead and wrote a small script which ’takes over’ an existing ubuntu installation: takeover.sh. Using the script is rather simple: First, create a new ubuntu minimal instance SCP the script to /tmp Login to the ubuntu host and (as root) execute sh /tmp/takeover.…

I’ve been using Linux on the Desktop since probably around 1998. While i did try a few desktop environments (KDE, Gnome, GNUStep), i always came back to just using fvwm2 with a terminal (and netscape/mozilla/firefox). However, Xorg is dying and so i’ve moved on to Wayland about 2 years ago, settling on swaywm with foot or/and Alacritty. I never really liked the setup: While SwayWM felt quite okay on may laptop, i never liked it on my workstation and somehow ended up using wayfire which also always felt - ieks (just getting focus-follows-mouse working was a pain).…

I recently (finally) got myself a yubikey which i plan to use with pass - and hence gpg. In this article, we take a look into the basic setup required to make the yubikey work on void linux. Install required packages First, we need to install a couple of packets such as a pcsc daemon and the yubikey manager: $ xbps-install -Su u2f-hidraw-policy gnupg2-scdaemon yubikey-manager pcsc-ccid pcsclite Also make sure that your user is a member of the plugdev group to use the key via gnupg2 (more on that later).…

In my previous post, we started to play a little bit with a cheap LTE stick from Aliexpress. We identified the APK responsible for serving the limited Web-UI and keen eyes might have spotted something unusual: So this APK claims to be signed by Google (well, ‘Android’) which seems odd. Well, not really: $ adb shell getprop ro.build.description msm8916_32_512-user 4.4.4 KTU84P eng.qwang.20220611 test-keys Did you notice something? Yes: test-keys. What are test-keys?…

I recently decided that i “need” an LTE USB stick to tinker around with, so i visited Aliexpress and bought one of the many available cheap devices. Weeks later, i was the proud owner of this thing: First impressions After plugging the device in, it appears as an ‘Android’ device, which is - interesting. $ lsusb |grep Android Bus 001 Device 017: ID 05c6:9024 Qualcomm, Inc. Android $ dmesg | grep usb [20388.…

Nsjail and netns I’ve been a long time user of nsjail which is a pretty handy tool to create linux namespaces. My common usecase for nsjail is to put services into their own, well, jail - by only giving them access to specific folders in the filesystem. As an example: The webserver which served you this page runs with the following configuration: mode: ONCE hostname: "nsjail-hostname" clone_newnet: false time_limit: 0 rlimit_cpu_type: INF rlimit_nofile: 4096 rlimit_fsize: 320960 uidmap { inside_id: "1099" outside_id: "psa-www" } gidmap { inside_id: "1099" outside_id: "psa-www" } mount { src: "/tank/websites" dst: "/web" is_bind: true } mount { src: "/usr/local/bin/psa-www" dst: "/psa-www" is_bind: true } # standard paths.…

What this article is about? This article describes how to configure a linux router to send traffic from specific IPs to a non-default (wireguard) route. With such a setup, you will be able to use a VPN with ‘smart’ devices (A TV, Nintendo Switch, etc…) which do not have native wireguard support. Configure wireguard interface First, we configure a new wireguard interface which we will call sbr0. Note that we are not using wg-quick to bring the device up since we want to have full control over its configuration (and not use it as a default route anyway).…

Konfiguration unter Linux Dieser Artikel befasst sich mit der Konfiguration von IPv6 + Fiber7. Warum IPv6? Weil es zu IPv4 eigentlich nicht viel zu sagen gibt :-) IPv6 auf dem Router einrichten Wir gehen von einem Router mit 2 physikalischen interfaces aus: wan0 und lan0. Sysctl und router interface einrichten Zuerst stellen wir sicher, dass der Router sich nicht via SLAAC automatisch konfiguriert, da Init7 dies nicht (mehr) wirklich supported.…