Blocking bots by their IP addresses, the DIY version

Introduction I had some really annoying bots on one of my websites. Of the sort that make a million requests (like really, a million) per month, identifying themselves as a browser. So IP blocking it is. I went for a minimalistic DIY approach. There are plenty of tools out there, but my experience with things [...]

Fetchmail and Google’s OAuth 2.0 enforcement

This post is about fetching mail. For sending emails through OAuth2-enabled SMTP servers, see this post. Introduction After a long time that Google’s smtp server occasionally refused to play ball with fetchmail, tons of Critical Alerts on “someone knowing my password” and requests to move away from “Less Secure Apps” (LSA) and other passive-aggressive behaviors, [...]

Run Firefox over X11 over SSH / VNC on a cheap virtual machine

To run over SSH: Not This is how to run a Firefox browser on a cheap VPS machine (e.g. a Google Cloud VM Instance) with an X-server connection. It’s actually not a good idea, because it’s extremely slow. The correct way is to set up a VNC server, because the X server connection exchanges information [...]

Using firejail to throttle network bandwidth for wget and such

Introduction Occasionally, I download / upload huge files, and it kills my internet connection for plain browsing. I don’t want to halt the download or suspend it, but merely calm it down a bit, temporarily, for doing other stuff. And then let it hog as much as it want again. There are many ways to [...]

When dovecot silently stops to deliver mails

After a few days being happy with not getting spam, I started to suspect that something is completely wrong with receiving mail. As I’m using fetchmail to get mail from my own server running dovecot v2.2.13, I’m used to getting notifications when fetchmail is unhappy. But there was no such. Checking up the server’s logs, [...]

A sledge hammer introduction to X.509 certificates

Introduction First and foremost: Crypto is not my expertise. This is a note to future self for the next time I’ll need to deal with similar topics. This post summarizes my understanding as I prepared worked on a timestamp server, and it shows the certificates used by it. For how to check a connection with [...]

Apache 2.4: RewriteRule with [NE] causing 500 Internal Server Error

This is the weirdest thing. With an Apache 2.4.10 on Linux Debian 8 (yes, old), and a relatively simple mod_rewrite rule in .htaccess going RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule (.*) https://www.mysite.com/$1 [R=301,L,NE] This is really nothing special. Just pushing users to the www host name, if they were lazy typing it. This works almost perfectly, [...]

Systemd services as cronjobs: No process runs away

But why? Cronjobs typically consists of a single utility which we’re pretty confident about. Even if it takes quite some time to complete (updatedb, for example), there’s always a simple story, a single task to complete with a known beginning and end. If the task involves a shell script that calls a few utilities, that [...]

Writing to a disk even when df says zero available space

Just a quick note to remind myself: There’s a gap between the size of a disk, the used space and the available space. It’s quite well-known that a certain percentage of the disk (that’s 200 GB on a 3.6 TB backup disk) is saved for root-only writes. So the reminder is: No problem filling the [...]

Root over NFS remains read only with Linux v5.7

Upgrading the kernel should be quick and painless… After upgrading the kernel from v5.3 to 5.7, a lot of systemd services failed (Debian 8), in particular systemd-remount-fs: ● systemd-remount-fs.service – Remount Root and Kernel File Systems Loaded: loaded (/lib/systemd/system/systemd-remount-fs.service; static) Active: failed (Result: exit-code) since Sun 2020-07-26 15:28:15 IDT; 17min ago Docs: man:systemd-remount-fs.service(8) http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: [...]