awayfromevernote | the broadcast

Pi-Hole DHCP-Server: Offer static ip-routes

By: ron

On: 2021-05-22

Background My WIFI is bound to my Internet-Router and it is seperated from my home-office by an routed stateful-firewall. Some WIFI devices (for example my printer) need access to this home-office ip-range. Pi-Hole DHCP Service The DHCP-Service of my pi-hole server usually offers just dhcp-option #3 – the default-gateway. Disable DHCP-Option 3 (Default Gatway) The pi-hole Web-GUI doesn’t allow to specify additional dhcp-options, so first disable offering the default-gateway-option: which is not allowed (my opinion: a bug since this is no feature) Stop here and use another dhcp-service? Use the „Router-Option“ as fallback for „old“ clients Fortunately RFC3442 („The Classless Static Route Option for DynamicRead More →

Firefox: Allow Restricted TCP-Ports

By: ron

On: 2021-05-03

In: awayfromevernote, stupid defaults

With: 0 Comments

Disclaimer I don’t think, „hiding“ a webserver behind a non-standard TCP-Port is a security feature („security by obscurity“) but on the other hand restricting access to non-standard Ports seems to not increase the personal security measure, it just wastes time of anybody who needs to access such a service – and – it’s absolutely allowed to run a web-server on any port which isn’t used by another service 😉 Solution (if you (think, you) know what you’re doing) As always Add as „String“ if it’s missing: Add the Service you want to acccessRead More →

OTP (One-Time-Passwords) and KeePass: no Plugins required

By: ron

On: 2021-03-28

In: awayfromevernote

With: 0 Comments

Plugins might bring additional features or ease the usage. But if someone is happy with „Auto-Type“ or „copy&paste“-Passwords from KeePass into a VPN-Client-GUI for example: works out of the box no need to add anything to KeePass Entry.Password: {TIMEOTP} Placeholder just place the String {TIMEOTP} before or behind – like the VPN-Server is configured – your (fixed) User-Password. {TIMEOTP} acts as a placeholder it will get replaced by your constantly changing (in my setup 6-digit) token. Advanced The generator needs some parameters to calculate the correct values, of course Advanced: String Fields Add a String Field: Field Name: TimeOtp-Secret-Base32 seems to be the most commonRead More →

Firefox: „Certificate Viewer“ – How to disable

By: ron

On: 2021-02-03

In: awayfromevernote, stupid defaults

With: 0 Comments

Firefox 70 added a new „Certificate Viewer“ feature which moves the „Window“-based GUI to a „Web-Page“-View. different look no new features missing features Export Certificate So this is no „new feature“ but a „modification of an existing feature“ – with less features. Reenable the former full featuresetRead More →

Firefox: Don’t ignore the Windows Enterprise-CA Store

By: ron

On: 2021-02-02

In: awayfromevernote, stupid defaults

With: 0 Comments

Not a new Feature for Windows, to use an enterprise CA to create server certificates. And Firefox added the possibility to trust those certificates ages ago – but still you’ll get an TLS-error-message (in German „Kein Verbindungsversuch unternommen: Mögliches Sicherheitsproblem“). This is no Security-Problem, it’s just a problem of using stupid defaults causing people to waste their time and providing no little level of security, since a CA operated on my own is much more trustworthy than public CAs which firefox trusts blindly. Solution Open about:config and changeRead More →

Annoying Firefox-Defaults to be changed

By: ron

On: 2021-01-23

In: awayfromevernote, stupid defaults

With: 0 Comments

The Firefox-Developers know best what’s good for their users, so they hide a bunch of Settings in about:config so it’s hard to find them. Some of them I change in every Firefox installation: ask me if i want to download MP4-Files, disable the build-in Media-Player media.play-stand-alone = false use the DNS, not Google – if I enter a single word as URL keyword.enabled = false stop asking me if I really want to leave a page dom.disable_beforeunload := true stop autocompletion in the URL-Bar browser.urlbar.autocomplete.enabled = false browser.fixup.alternate.enabled = false browser.fixup.alternate.prefix = (empty) browser.fixup.alternate.suffix = (empty) accessibility.typeaheadfind.flashBar 0 browser.fixup.alternate.suffix prod.localbrowser.fixup.domainwhitelist.wiki trueRead More →

Terraform: Enable persistent Debugging

By: ron

On: 2020-12-19

In: automation, awayfromevernote

With: 0 Comments

Setting the variable TF_LOG to an arbitrary value enables „TRACE“-level Debugging available too: DEBUG, INFO, WARN or ERROR to „STDOUT“, TF_LOG_PATH to write to a file. When running eg. „terraform apply“ all debug-messages will get appended to the specified file.Read More →

Ubuntu 20.04 – Static Server IP-Address

By: ron

On: 2020-12-05

In: awayfromevernote, linux

With: 0 Comments

Of course, every release of an linux-distribution has to change the way very basic network settings are configured. 😉 Ubuntu 20.04 Server LTS to be fair: „netplan“ has been in place since at least release 17.10 the „subiquity“-tool which has written the yaml-file has been confusing me… Step 1: Figure out – which IP/DNS-Settings where set by DHCP Step 2: Disable (if required) automation tools – here „subiquity“ This is YAML: Optional: Try a temporarily YAML-File before Apply safeguard if you are using a ssh-connection Roll back, after a Timeout Step 3: Edit/Apply NetPlan Config ApplyRead More →

BASH „History“: display ISO-Timestamp

By: ron

On: 2020-12-05

In: awayfromevernote, linux

With: 0 Comments

Have just been somehow annoyed by the default-format of the „history“-bash command: easy to fix this to use ISO Date/Time-Format https://en.wikipedia.org/wiki/ISO_8601Read More →