GRE Setup for Bacula on a Mobile Client

9. November 2024 in Administration, GNU/Linux, Technology.

The way Bacula works is:

  • A backup client runs a TCP server process bacula-fd, waiting for a backup server process bacula-dir to connect and perform backup and restore jobs.
  • There is a simple authentication mechanism, where bacula-dir presents a shared secret to bacula-fd to be granted access.

Opening the bacula-fd TCP server on an exposed network interface may be fine for static backup clients with dedicated storage networking towards the backup server, but on a mobile computer bacula-fd should be reachable by bacula-dir only if the computer is connected by Ethernet to the home network. Specifically, the TCP server port of bacula-fd should not be exposed on the Ethernet NIC.

To implement this, i have defined a GRE tunnel between mobile backup client and home network backup server.

Read More »

Create or Append a debian/changelog Entry

31. Oktober 2021 in Administration, GNU/Linux, Programming, Technology.

Since i always have to look this up, everytime i need it, i write it down once, as “note to self”!

NAME="John Smith" EMAIL=j.smith@example.org \
    dch --create \
        --package my-package \
        --newversion 0.1 \
        "Initial release"

And that’s it! 🙂

Generate Certificate Signing Requests (CSRs) for TLS Server Certificates

28. November 2021 in Administration, GNU/Linux, Technology.

Overview

In this article, a procedure is described to generate multiple certificate signing requests (CSR) for TLS servers, such as SMTP-, IMAP- or HTTP-servers, so that we can submit them to a Certificate Authority (CA). The CA will eventually perform the signature and return a public certificate to us.

A Shell and the software OpenSSL should be available.

The subject organization (the entity the request is for) is assumed to be the same on every request, and the subject alternative names are assumed to follow the same pattern (the DNS name of some service plus a “www.” DNS alias for that service).

The procedure can easily be expanded to make more request information configurable and allow, for example, processing a CSV file into a set of requests.

Read More »

Pages: 1 2 3 4

 Disco Infernale

20. Juli 2025 in Music.

Trying out the Synths in my upgrade of Reason …

Methods of HTTP Caching

1. März 2021 in Administration, GNU/Linux.

Preface

I find the world wide web and the spectrum of methods and instruments that make it happen full of dubiousness and opportunity alike. Caching is generally known as one of the “hard problems” of information science, and this is not different when it comes to technologies of the web. The text presented here, as unsorted and questionable as it might be, can in the least serve to document this further.

The bulk of this text was written between December 2019 and January 2020. It contains a summarization of my experience as an administrator and developer of web-based applications, some research about current subjects (specifically browser caches and reverse-caching HTTP proxies) and references to relevant IETF standards.

Read More »

Pages: 1 2 3 4 5 6 7 8 9 10

 Time for a Spin …

20. Juli 2025 in Music.

… of the new setup.

Python3 GTK3 TextView Drag-and-Drop Example

20. Mai 2025 in GNU/Linux, Programming.

Just a small finger exercise …

from sys import exit, stderr
from signal import SIGINT, signal
import gi
gi.require_version('Gtk', '3.0')
from gi.repository import Gtk # noqa

def term_signal_handler(sig, frame):
    print(f'WARNING: Exiting due to signal {sig}', file=stderr)
    exit(0)

class GUI:
    def __init__(self):
        self.window = Gtk.Window()
        self.window.connect('destroy', Gtk.main_quit)
        self.textview = Gtk.TextView()
        self.textview.connect("drag-data-received", self.on_drag)
        self.window.add(self.textview)
        self.window.show_all()
        self.buffer = self.textview.get_buffer()

    def on_drag(
        self,
        widget,
        drag_context,
        x,
        y,
        data,
        info,
        time
    ):
        text = data.get_text()
        print("DEBUG: text = %s" % text)
        self.buffer.set_text("")

def main():
    GUI()
    Gtk.main()

if __name__ == "__main__":
    signal(SIGINT, term_signal_handler)
    exit(main())

There is no such Thing as “End-to-End-Encryption”

13. Dezember 2020 in Society, Technology.

A communication between two communication partners, which on a technical level can also be called “endpoints” or “ends” of a connection (or more general, of a channel of communication), is either encrypted, or it is not. If somewhere in between the “ends” of the connection, encryption takes place, such that there exist parts of the entire communication channel which are not affected by it, then the comunication itself is not encrypted.

There is no debate about “end-to-end encryption – yes or no” but only about “encryption – yes or no”, and the answer to that question must clearly be “yes”. Any service of communication that claims to offer encryption, except that this encryption “is not end-to-end”, does not offer encryption at all.

This is a surprisingly simple resolution of an apparently difficult question.