Seltzer brewing

Posted on Sun 12 December 2021 in Food • Tagged with Food, Brewing

I got into brewing seltzer during the spring of 2021, and these are my notes. They're in descending order, so the most-recent are at the top. The notes got progressively less-detailed as time went by, so those looking to actually learn things (e.g. "How much yeast nutrient should I use in a seltzer that's 100% dextrose") should read the highlights and then read from bottom-up. :)


  • Kveik Voss is fast-fermenting and relatively transparent flavour. Excellent for seltzer
  • It does take a couple days post-fining for the yeast scent to …

Continue reading

Acronis Cyber Protect and Microsoft Defender on the same Linux system

Posted on Sun 07 November 2021 in Tech • Tagged with Tech, Linux

A few months ago, I published what I learned from playing with the Linux version of Microsoft Defender for Endpoint a few months back. If you're here, you'll have possibly already read my original post. There was a bit of tuning required to get it to behave nicely; just adding some sensible audit logging exclusions.

Well the Acronis Cyber Protect backup platform has recently been added to the bundle, and it had a few specific requirements, so I've documented them here.

There are four Acronis processes which MDATP will spend …

Continue reading

Microsoft Defender for Endpoint (mdatp) on Debian Sid

Posted on Wed 07 July 2021 in Tech • Tagged with Tech, Linux

2021-08-01 Update:

This is a better string to find out what's hitting your audit log: cat /var/log/audit/audit.log* | cut -d ' ' -f26 | sort | uniq -c | sort -n | tail -n 6 | head -n5

Linux doesn't have many great antivirus options available.

Don't get me wrong, there are actually a few options nowadays. We've got the ever-present ClamAV; BitDefender has a good reputation, but I haven't played with it yet; Sophos AV for Linux seems to be in limbo. ESET for Linux exists, as does Symantec Endpoint Protection for Linux …

Continue reading

Recipe: Bangin' Satay

Posted on Mon 24 May 2021 in Food • Tagged with Recipes, Food

Had a hankering for a Satay Chicken tonight and kinda whipped something up based on a couple different things. This is more of a saucy satay, not a dry skewer-type. This takes a bit of juggling; I had three elements on the stove, and a few stages. Worth it, tho.

I've broken this into stages: the sauce, the veggies, and the noodles. For the benefit of shopping lists (and Whisk!) I've provided an awful monolithic pile of ingredients up-front. Yay.


  • 2 large chicken breasts
  • 2 Tbsp fish sauce
  • 2 …

Continue reading

Configuring a custom SSL certificate in Zentyal

Posted on Sun 25 April 2021 in Tech • Tagged with Tech, Security, Linux

Zuper-quick post for when this bites me again in the future!

Tonight I upgraded from Zentyal 6.2 to Zentyal 7.0. Smooth as butter, everything went great.

Until I logged in, and my shiny Actual Paid Money SSL certificate had vanished, replaced by a self-signed commoner's certificate. Piffle.

Instructions for installing a custom SSL certificate in Zentyal are actually kinda shaky, so here you go:

cd /var/lib/zentyal/conf/ssl/
mkdir old
mv * old
nano ssl.key
nano ssl.cert
cat ssl.cert ssl.key > ssl.pem
chmod …

Continue reading

Blocking bad extensions and extortion with iRedMail

Posted on Mon 12 April 2021 in Tech • Tagged with Tech, Security, Linux, Mail

Turns out this is my third Amavis article. I guess it's just one of those systems.

Heads up, if you're trying to do this, make sure you also read my other article about the "banned_files_lover" thing.

Today I'm on a mission to: 1. Drop all incoming Office '97 files (they're predominantly malicious these days) 1. Drop all incoming Macro-enabled Office 2007+ files (there aren't legitimate reasons to receive these in my scenario) 1. Drop any emails containing a .onion address 1. Drop any emails containing a bitcoin wallet

Dropping Attachments …

Continue reading

Using Caddy to enable MTA-STS

Posted on Tue 19 January 2021 in Tech • Tagged with Tech, Security, Linux

About 7 months ago, I left Nginx and moved to Caddy. I've found it super easy, and have now experienced using it as a reverse proxy, a static site server (this one!), as well as a hosting a handy place for me to copy my favourite Kaomoji.

Update 2021-01-20: I had a bug! By default, Caddy serves this without a Content-Type header. However, the RFC specifies that the response should be explicitly Content-Type "text/plain". Thanks to klausenbusk for letting me know!

Note: the Caddyfile fragment to generate https://shrug …

Continue reading

Getting TrueNAS (FreeNAS 12) to work with an APC NMC2 UPS (AP9631)

Posted on Thu 14 January 2021 in Tech • Tagged with Tech, Linux

TrueNAS, and FreeNAS before it, has supported UPS via the NUT software package since forever. But most people using it seem to be using USB-connected UPS devices. I don't have one of these. I'm dealing with an IPv4-based APC ups, specifically the Smart-UPS X 1500 (SMX1500RMI2UNC), with an AP9631 NMC2 card.

You're probably here because you're in the same boat: trying to set up a non-USB or Ethernet-based UPS under FreeNAS/TrueNAS, and you can't. You've noticed the TrueNAS console will not shut up about errors which read something like …

Continue reading

The Actual Best Sous Vide Eggs... ™

Posted on Mon 28 December 2020 in Food • Tagged with Recipes, Food

Inkbird were having a special in November, so I got a sous vide for Christmas! There are heaps of places with recipes for the best sous vide eggs, most notably the always-outstanding Serious Eats, but also an excellent write-up on Salt Pepper Skillet, and of course sous vide manufacturer Anova Culinary with a somewhat briefer post.

I submit to you that none of these are the best sous vide eggs. In my eyes, the best egg has a completely opaque white (not rubbery and not snot), with a semicooked gooey …

Continue reading

Logging DNS queries, for both pfSense and Zentyal server

Posted on Sun 06 December 2020 in Tech • Tagged with Tech, Security, Linux

Logs of your client DNS queries can be a really good tool for incident response. I've finally got this implemented but it was much more of a struggle than I expected it to be, so here's my story!

We've got a pfSense firewall running as a DNS fowarder, and a Zentyal server running BIND9 as the authoritative local server. The firewall rules block all UDP/53, so all DNS queries go either directly to the firewall, or (more commonly) to the Zentyal server for resolution. This means we have two …

Continue reading