I recently refurbished a used and old Acer Aspire E774 laptop as a donation for the Computertruhe e.V.. Of course, this also involves overwriting the hard disk with random data so that old data can no longer be reconstructed. Because “deleted” is not the same as “securely deleted”. I used the shred tool in a Fedora Live environment for secure deletion. However, it works just as well with any other Linux distribution.

▸ Read more

Situation: One of my servers is located at my home. It’s connected to the internet via two different interfaces at the same time:

  • Physical Interface: Connected to Deutsche Telekom ISP via DSL / landline.
  • Virtual Wireguard VPN interface: Connected to one of my data center servers, has a public IPv6 address.

The “data center server” acts as a gateway for my home server and routes a static IPv6 address to it. This setup lets me reach my home server via a static and public IP address, although my DSL provider does not assign a static IPv6 subnet to my landline. (But that is subject to another story … ;-) ).

After finishing the setup, I ran into the problem of asymmetric routing: Packets addresses to my static IPv6 address (and thus routed via the Wireguard VPN) did arrive at my home server, but the response packets were not send back the same way: They were routed via my Deutsche Telekom landline and therefore originated from another source IP address, which the original requester did not expect.

▸ Read more

Maybe some day in your Linux career you’ve heard of “tiling window managers”. I’ve (more or less) ignored them for many years, because I was happy with Gnome Shell and the “normal” way of handling applications on my screen. But when I started my new Linux job, there were no native Linux machine available for my work, so I had to use VirtualBox with its bad graphics performance. Using Gnome, KDE or any other Desktop environment was not really practical.

To get reasonable performance I needed a very lightweight windows manager with no effects and no other fancy stuff, so I ended up giving tiling window managers a try. Since then I’ve used i3 window manager at my job’s workspace. On my private laptop I chose for “Sway”, because it natively supports the Wayland window protocol (and I like Wayland ;-) ). Sway is quite similar to i3, e.g. basic window control keys are almost the same. Still there are some differences, such as configuration of keyboard and mouse.

In this article I’ll show you some parts of my personal Sway configuration and point out several tools that will be useful in your daily work. This is no complete guide which goes into details of installing every tool! Instructions for installation can be found on the projects’ websites.

▸ Read more

This how-to is based on my previous German how-to for Ubuntu 16.04 Server. Instead of using Spamassassin, Amavis, Pyzor and Razor as well es OpenDKIM, we’ll make use of Rspamd. Rspamd as a modern replacement will reduce the complexity of our setup and let us monitor its state via a web interface. As in earlier versions of my mailserver how-to, I’ll explain most important parts of the system as we install and configure them one after another. You will need basic Linux and command line knowledge to finish this guide. Going through this article will take probably about 45 minutes - depending on your speed and skills.

▸ Read more

In most cases running an own CA (certification authority) is not advisable. But there are exceptions: If you want to secure internal services of your company, using your own CA might be necessary. During my employment at ADITO Software GmbH I created a tool for X.509 certificate management. The root certificate of my tool had to be imported into every PC of the company. Unfortunately there are some pitfalls which I did not expect, but after some research I figured out how to import the new CA to Linux- and Windows PCs and to every major webbrowser.

▸ Read more