If you want to use WebEx on Ubuntu/Mint 64 bit, you will see: it works. But you won’t be able to do screen sharing or probably even to see webcam video streams.

The only one solution is to use 32bit oracle java incl. browser plugin, so browser has to be 32bit as well. If you want to keep 64bit browser on the system and to use 32bit setup only for WebEx, then this howto is for you:)

Read more →

It was always annoying for me to type in the login credentials on the Hotspots of Deutsche Telekom. As I’m lazy, here is a script which can be integrated with networkmanager via dispatcher.d interface, which checks for the right interface and right SSID, then calls the login page with according credentials.

Read more →

Puppet structure

puppet

It not always easy to find a good folder hierarchy and structure for puppetmaster, as you have to find a way to combine it with different tools and workflows like git, librarian or r10k.

As I still miss some kind of best practice whitepaper from puppetlabs, I want to cover here my view on this:

  • with using hiera
  • with or without using full autodeployment like r10k
  • without any git submodules

Read more →

I wanted to setup phpVirtualBox on my new Intel NUC, which is running gentoo-hardened. Unfortunately VirtualBox can’t run with couple of grsecurity/pax flags enabled in kernel. To get VirtualBox running you have to disable following kernel config flags: CONFIG_PAX_KERNEXEC CONFIG_PAX_RANDKSTACK CONFIG_PAX_MEMORY_UDEREF CONFIG_GRKERNSEC_HIDESYM and to enable: CONFIG_PAX_ELFRELOCS (if you have CONFIG_PAX_MPROTECT)

Read more →

SSH key management is required in each environment.

In this post I want explain how to do it with puppet on the simple way.

I’ve created a module, which is a wrapper around core puppet types User and Ssh_authorized_key. This wrapper enables an easy key management via integration with hiera on puppet. (and it was a good exercise in rspec-puppet:) )

Read more →

Hiera within Puppet is a great thing, especially starting with puppet 3.

But there are still some limitations, like priority lookup only with automatic parameter lookup.

Read more →

I use following iptables and ip6tables rules as a default. This rules provide basic security level:

  • statefull inspection
  • port knocking for management services like ssh
  • port scan protection

Read more →

There are already several articles about perfect forward secrecy and safe ssl configuration with according recommendations on the net, like this

But I missed somehow a short overview for me with verification instructions and all information links in one place. So this article is going to cover Perfect Forward Secrecy(PFS) for the software: apache, postfix, dovecot and represents somehow a summary over different information.

Read more →

The installer of Linux Mint doesn’t support the installation on encrypted raid 1 with LVM out of the box.

Following steps are required to do this with Linux Mint 16 (without GPT&UEFI)

Read more →

We are using only Linux and no Odin and VirtualBox to update Galaxy S II to Android 4 alias Ice Cream Sandwich.

Read more →