Also posted on medium
Systemd got the ability to securely pass credentials to services a while ago, as I have previously written about. Podman has long had the ability to run kubernetes pod and deployment manifests and with podman-systemd.unit it’s easy to automatically generate systemd services to run these. With these two building blocks, we have the tools to pass credentials to container applications, but the question is how to do so easily and securely.
This year we were a bit early and Vinmonopolet had not yet released the Christmas beers, so there were not many of this years beers available and we had to get out more of the stored beer instead. The results are available , the winner this year is Amundsen Sticky Little Fingers Toffee from 2023.
The results are out, the winner this year is Liefmans Glühkriek Juleøl.
Also posted on medium.
When running services on a Linux system, there is the issue of how to pass in secrets that the service needs in a secure way. Usually this is done by creating a config file with credentials and then protecting this with file system permissions and also possible a Linux security module such as Apparmour or SELinux. This still leaves the issue that the credentials are stored in a plain text file, which can be compromised.
The results are out, this year the winner was Liefmans Glühkriek.
Although secure boot support has been in place in most distros for a while, most, if not all, still have a missing part in the chain, namely the missing signing of the initrd image. This allows an attacker to tamper with the initrd image without detection.
The results are out, this year it was a tie between Aass vellagret and Liefmans Glühkriek.
This year was our 10 year anniversary, so we had re-runs of some of the dishes from the last 10 years (with some twists). For the canapes, we this year did a contest.
Using cec-client with a raspberry pi on debian or ubuntu does not work out of the box, as the cec-client in the debian and ubuntu repositories has not been compiled with support for the propriary raspberry libraries. In addition, these libraries are 32-bit only. This is a guide in how to get this working.
First you need to set up a 32-bit chroot environment. Install debootstrap and then run
debootstrap --variant=buildd --arch=armhf bullseye /opt/cec-client/ You will then need to download the raspberry pi libraries.
The results are out, the winner was Aaass vellagret.
The results are out, the winner this year was Aass vellagret.
The results are out. The winner this year was Aass vellagret 2016.
The results are out. This years winner was Aass vellagret 2017.
The source code for the juleøl rating application has been published on github.
The results are published.
This years winner was Aass premium 2012, of this years beers the winner was Rignes julebokk.
To use this bundle, you will need to set up dynamic DNS, for instance as I explained in https://haavard.name/2016/03/15/setting-up-key-based-dynamic-dns-updates-with-cfengine/.
I’m using a file repository in $(def.dir_files) where you will need to download letsencrypt.sh in $(def.dir\_files)/usr/local/bin. You also need to setup config.sh in $(def.dir\_files)/etc/letsencrypt.sh/config.sh. Use the default config.sh and modify as you see fit, the important settings is
CHALLENGETYPE="dns-01" BASEDIR=/etc/letsencrypt.sh HOOK=/etc/letsencrypt.sh/hook-dns.sh Then install this hook script for updating dns when needed to verify ownership
In order to set up key based dynamic DNS updates, you need to generate a public/private key pair using dnssec-keygen and add the public key as a key record on the name you want to be able to update using the key pair. In addition, you need in the zone config in bind to allow updates using cryptographic verification:
zone "example.com" { type master; file "/etc/bind/zones/db.example.com"; update-policy { grant local-ddns zonesub any; grant * selfsub * A AAAA TXT SSHFP; }; }; If you use selfsub, the matching key record will also be allowed to update subrecords which is very useful for using DNS verification in letsencrypt for instance.
I have created and submitted in my first Jolla application, Rutefisk.
The results are published, including previous years results.
The winner was once again Aaas premium 2011, followed by Berentsens julefnugg 2015, Ægir Ylir 2013 and then Nøgne Ø Special holiday ale 2015.
I created a small perl script to automatically upload photos from the jolla phone and uploaded it as a project on github, https://github.com/umglurf/owncloud-uploader.
The results for 2014 is out, including results from previous years.
The winner this year is Nøgne Ø Special holiday ale followed by Aaass premium 2011 and 2012.
As usual we did a christmas beer blind tasting this year as well (double blind mind you) and you can check out the results. The results from previous years is also included. The winner this year was Aass premium 2011 followed by the newcomer Ægir Ymir.
This year we also included a small blind test of christmas soda which is the last three entries.
Introduction This short post describes how i configured my own IPv6 home router using Debian GNU/Linux. I used a Dreamplug, but any form of device with at least 2 NICs should be usable. Allthough this guide describes the setup using Debian, it should be no problem using another distribution or one of the BSD variants.
I will not go into to many details about the configurations, for more information you should read the man pages and/or documentation.
Introduction At work we use a Checkpoint Endpoint VPN and although SNX works, it is not ideal and I would much rather have native IPsec. Thus the quest began.
I found this page which helped me get on the right track. I also found Andrew de Quincey’s patch. I then had all the components required to set this up.
Setting it up Patching ipsec-tools You need to patch ipsec-tools with the patch from Andrew de Quincey to add support for Checkpoints xauth to ipsec-tools.
I don’t know about the rest of you, but I sometimes find it useful to factor numbers or find prime numbers, for instance when paying restaurant bills 🙂
To address this and also to learn a little j2me programming, I created a small midlet. You can install the midlet or download the source.
The program uses simple Trial division. I thought using a more advanced method, but for the numbers a j2me phone is able to handle Trial division is quick enough.