Here’s how to set up a VPN that has all these features:

  • Works natively on iOS*
  • Doesn't require you to manage certificates or keys
  • Automatically connects when your device is online

*It should also work on Android with the StrongSwan app, but I haven’t tested it. Please post about your experiences using this guide with an Android device in the comments!

Add New CommentRead More
MySQL has supported TLS for TCP/IP connections for some time now, but there are a number of subtleties involved in getting it working. If you need to allow remote access to your databases, you really ought to be using TLS to protect your login details and any confidential data that might be transferred. Here are the various steps required to enable TLS in MySQL on Debian and Ubuntu. Note that MySQL still refers to everything as SSL, but it’s more correct to call it TLS as SSL is deprecated these days. The same instructions also ought to work for MariaDB.
Add New CommentRead More

At some point in the last few months, ProFTPd stopped working on several of the servers we maintain. Since it was working before, we didn’t change any of the configuration files, and it stopped working on several servers independently, I’m guessing that this was due to a change in the default config of ProFTPd, or at least the Debian Jessie version of ProFTPd. There’s an easy workaround but not a real solution at time of writing.

Add New CommentRead More
There is a lot of conflicting advice out on the internet about how best to construct an email with attachments using standard Python libraries. None of it explains why to do things in certain ways. Here is a definitive, tested bit of code that will create an email with attachments that will work correctly. I’m posting it here so I don’t need to spend any time working it all out again!
Add New CommentRead More
In this post, I describe how to install and configure mailman for a virtual host on a Debian Jessie server using Apache, Postfix and SpamAssassin. Instructions on how to do this are in various places on the internet, but I didn’t find anywhere that collected all the different pieces together. These instructions should also work for Ubuntu.
Add New CommentRead More

Windows versions prior to Windows 8 cannot view the content of CD/DVD images such as .iso files without the use of an external program. A long time ago I used to use a free program called Daemon Tools to open/mount CD image files. Nowadays there are several alternatives out there, but nearly all of them seem to have issues on Windows 7. Old versions of Daemon Tools don’t work. Newer versions allegedly include browser toolbar spyware, as do most other free alternatives.

Add New CommentRead More

Here’s how to encrypt a single file using a password and a salt:
openssl aes-256-cbc -salt -in filename -out filename.enc -base64
Type a strong password when prompted.

Here’s how to decrypt the same file:
openssl enc -d -aes-256-cbc -a -in filename.enc -out filename
You’ll need to re-enter the passwod that you used to encrypt it.

If you want to encrypt multiple files, combine them into a tar or zip archive before encrypting them.

Add New CommentRead More

Building a small Linux cluster is a lot simpler than I thought it would be. That said, there are a number of snags and pitfalls along the way, and it’s hard to find a comprehensive and up to date set of instructions online. There are also different approaches, either doing everything manually or using a system such LTSP. This post describes my experiences setting up a cluster manually.

Add New CommentRead More

After spending a long time trying to work out why some pings were randomly dropped between hosts on different segments of a virtual LAN connected by a transparent IPsec VPN tunnel, I discovered that the MTU for the underlying connection on both ends of the VPN should be set the same. The default for ADSL is usually 1492, whereas 1500 is frequently used for other connection types such as cable or fibre. When I changed the settings at both ends to 1442 (allowing some overhead for IPsec) then the random ping loss stopped.

Add New CommentRead More

This particular quirk of Python has been discussed in various places before, but I think it bears repeating as it’s different to the behaviour that you might intuitively expect and consequently catches a lot of people out when writing class methods. When declaring a function or a class method, any default arguments are only evaluated at the point when the function is declared, not when the function is called. For mutable default arguments such as lists or dictionaries, this has the effect of making them static. Consider the following example:

Add New CommentRead More

Pages

Subscribe to Aleph Null RSS