A few months ago, I had a blog post about how bad actors are using Certificate registration requests to immediately go to your new web site and try to hack it before it is fully up and properly protected. One of the fixes I suggested at the time was to protect the new site with Basic Web Authentication, i.e. a username and a password, before bringing it up for the first time. Recently, I revisited the topic because I wanted to password protect an Etherpad-lite instance to limit its use to authorized users. Etherpad-lite makes it really hard to have usernames and passwords, and I have to say, I gave up on finding out how it works. So let’s kill two birds with one stone and figure out how to use Basic Web Authentication directly on the Nginx reverse proxy I use on my cloud installation. It turned out it’s super simple to do:
Continue reading Reverse Proxy Password ProtectionAuthor: Martin
What Happens in Vegas, Stays in Vegas – Fun with an Overlay Filesystem
Every now and then I would like to use the data on a backup drive with a program that modifies the data. Obviously I would not want the backup to be modified. The standard approach would be to copy the data from the backup drive to a temporary location, use the data, and, once done, delete it again. This works well for small amounts of data, but copying the files will take ages for a double digit gigabyte dataset. The solution: An Overlay File System!
Continue reading What Happens in Vegas, Stays in Vegas – Fun with an Overlay FilesystemRestoring a Clonezilla Backup in Virtualbox – Mind the EFI
In a previous post, I’ve described how to boot from a real, i.e. physical NVMe drive in a Virtualbox VM rather than using a virtual disk image. Once I figured out how to do this, I started to wonder what other useful crossings between physical and virtual machines would be possible. So here’s another one:
Every few months, I use Clonezilla to take a backup of the EFI- and system partitions of important PCs in my household, so I could restore a system quickly should something happen. So I wondered: Is it possible to restore a Clonezilla backup of a physical Linux installation inside a Virtualbox Guest VM on a virtual disk? The application: Test Ubuntu LTS system upgrades (e.g. from Ubuntu 20.04 to 22.04 to 24.04) on a system that is fully customized and in use, but in a virtual machine instead of on a real notebook?
Continue reading Restoring a Clonezilla Backup in Virtualbox – Mind the EFISSH Client Fun – Local and Global IP with a Single Hostname
I have an SSH gateway at home that I would like to access directly while I’m at home, and over NAT and a public IP otherwise. The easiest and most convenient way to do this is to have a home network connection that has a public IP and a NAT router that notices that a server with a public domain name is local and redirects traffic to that host locally. If you are unfortunate and have to use a home router that can’t do this (i.e. cheap plastic trash), another option is to set-up your own DNS server and answer DNS requests for servers you have at home from there. A bit complicated to set up, so this solution is not everybody’s darling. If this local/public conundrum only concerns SSH, there is a nifty third way: Let the ssh client check whether to use a local IP address when you are at home, or query a DNS server for the public IP address when you are outside.
Continue reading SSH Client Fun – Local and Global IP with a Single HostnameNotebook in a (Virtualbox) Bottle
I’m in the process of changing my backup and restore setup for critical notebooks of the household. Instead of keeping a backup notebook synchronized and use it for other backup tasks in addition, I have moved to a dedicated backup server. To cover the case of a critical notebook or flash drive failing, I now have duplicates of those Linux desktops with all user data ready to go on NVMe drives, which I can insert in a backup notebook when required. The slight catch: Extra work is required to keep those NVMe drives up to date: So far, my approach was to insert the physical drives in a notebook, update them with the latest system patches and user data, and then remove the drive again. This works well but is a bit time consuming. But there is a more easy way to do this!
Continue reading Notebook in a (Virtualbox) BottleAn Asus PN-64 Barebone for My Private Cloud
If you are a regular reader of this blog, you are probably aware that I run my own private cloud at home. One server is around 4 years old by now, while the other one, mainly used as a central hub for backups celebrated it’s 11th birthday this year. In other words, it was time for a bit of a refresh. For my private cloud I like to use small NUC servers, as they offer a good size / performance / heat / noise balance for home use. As Intel is no longer producing NUCs, I was looking for an alternative. After a bit of searching, I decided to go for an Asus PN-64 barebone with an Intel i3-1220P processor. While being a pretty recent processor, I didn’t expect to see a massive computing performance increase compared to the 4 year old NUC. When I saw the first performance results, however, I could hardly believe my eyes.
Continue reading An Asus PN-64 Barebone for My Private CloudOn-Board Internet over the US with Delta
In the previous post I had a look at Delta Airlines’ on-board Internet connectivity over the Atlantic. On this flight, the company used Intelsat for connectivity and I assumed that the 30 day pass I bought would also give me connectivity during my continental flights with Delta. That was not the case however, and I soon found out the reason for this: Over the US, Delta uses a different system, provided by Viasat. So how did the Viasat system perform in the busy US airspace? The screenshot on the left gives a first indication.
Continue reading On-Board Internet over the US with DeltaOn-Board Internet over the Atlantic with Delta
When I was recently in North America, I didn’t only have a look at the terrestrial networks there, but I was also looking forward to test Delta Airline’s on-board Internet connectivity over the Atlantic. In the past, I had mixed experiences with on-board Internet, and I had the impression that before Covid, on-board Internet was slowing down over the years. So how would connectivity work this time? The screenshot on the left already gives a first indication.
Continue reading On-Board Internet over the Atlantic with Delta‘Allow 2G’ Switch in Android – How About Roaming?
As I tend to be a bit on the security conscious side of the discussion, I like the 2G-Allow switch on my Pixel 6 with LineageOS. By disabling 2G, I’m not prone to fallback attacks by network jamming and my device recovers more quickly from a loss of LTE coverage. For most of my daily usage scenario, returning to LTE more quickly is a significant benefit. But there is one catch one has to be aware of: Roaming!
Continue reading ‘Allow 2G’ Switch in Android – How About Roaming?Roaming Report – Part 10 – LTE and the Partial Lack of 5G Roaming in Canada
After having had a closer look at the LTE and 5G bands used in the US in previous posts, I traveled on to Canada and obviously also took the time to have a look at how my devices would work in this country. And once again, there were a number of interesting surprises, at least from a European point of view.
Continue reading Roaming Report – Part 10 – LTE and the Partial Lack of 5G Roaming in Canada