Using firejail to throttle network bandwidth for wget and such

Introduction Occasionally, I download / upload huge files, and it kills my internet connection for plain browsing. I don’t want to halt the download or suspend it, but merely calm it down a bit, temporarily, for doing other stuff. And then let it hog as much as it want again. There are many ways to [...]

When dovecot silently stops to deliver mails

After a few days being happy with not getting spam, I started to suspect that something is completely wrong with receiving mail. As I’m using fetchmail to get mail from my own server running dovecot v2.2.13, I’m used to getting notifications when fetchmail is unhappy. But there was no such. Checking up the server’s logs, [...]

A sledge hammer introduction to X.509 certificates

Introduction First and foremost: Crypto is not my expertise. This is a note to future self for the next time I’ll need to deal with similar topics. This post summarizes my understanding as I prepared worked on a timestamp server, and it shows the certificates used by it. For how to check a connection with [...]

Apache 2.4: RewriteRule with [NE] causing 500 Internal Server Error

This is the weirdest thing. With an Apache 2.4.10 on Linux Debian 8 (yes, old), and a relatively simple mod_rewrite rule in .htaccess going RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule (.*) https://www.mysite.com/$1 [R=301,L,NE] This is really nothing special. Just pushing users to the www host name, if they were lazy typing it. This works almost perfectly, [...]

Systemd services as cronjobs: No process runs away

But why? Cronjobs typically consists of a single utility which we’re pretty confident about. Even if it takes quite some time to complete (updatedb, for example), there’s always a simple story, a single task to complete with a known beginning and end. If the task involves a shell script that calls a few utilities, that [...]

Writing to a disk even when df says zero available space

Just a quick note to remind myself: There’s a gap between the size of a disk, the used space and the available space. It’s quite well-known that a certain percentage of the disk (that’s 200 GB on a 3.6 TB backup disk) is saved for root-only writes. So the reminder is: No problem filling the [...]

Root over NFS remains read only with Linux v5.7

Upgrading the kernel should be quick and painless… After upgrading the kernel from v5.3 to 5.7, a lot of systemd services failed (Debian 8), in particular systemd-remount-fs: ● systemd-remount-fs.service – Remount Root and Kernel File Systems Loaded: loaded (/lib/systemd/system/systemd-remount-fs.service; static) Active: failed (Result: exit-code) since Sun 2020-07-26 15:28:15 IDT; 17min ago Docs: man:systemd-remount-fs.service(8) http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems Process: [...]

Turning off DSN on sendmail to prevent backscatter

I sent that? One morning, I got a bounce message from my own mail sendmail server, saying that it failed to deliver a message I never sent. That’s red alert. It means that someone managed to provoke my mail server to send an outbound message. It’s red alert, because my mail server effectively relays spam [...]

When umount says target is busy, but no process can be blamed

A short one: What to do if unmount is impossible with a # umount /path/to/mount umount: /path/to/mount: target is busy but grepping the output of lsof for the said path yields nothing. In other words, the mount is busy, but no process can be blamed for accessing it (even as a home directory). If this [...]

Firejail: Putting a program in its own little container

Introduction Firejail is a lightweight security utility which ties the hands of running processes, somewhat like Apparmor and SELinux. However it takes the mission towards Linux kernel’s cgroups and namespaces. It’s in fact a bit of a container-style virtualization utility, which creates sandboxes for running specific programs: Instead of a container for an entire operating [...]