FreeNAS finally supports ECC crypto!

Posted on Sun 02 February 2020 in Tech • Tagged with Tech, Networking

Woo! FreeNAS finally supports ECC crypto for it's SSL certificates in 11.3!

I reported this as a bug almost exactly two years ago, and kept having to do nasty workarounds to make it work every time I installed an update. Very happy that it's finally sorted and I can use my proper shiny elliptic curve SSL setup! :)


Continue reading

Fortinet SSL VPN Certificate extensions

Posted on Sun 19 January 2020 in Tech • Tagged with Tech, Security

If you're setting up a new SSL VPN with certificate authentication, and if you already have an internal PKI, you're probably considering using your internal certification authority to create the SSL keys and certificates for your VPN clients. Awesome! This is a great and easy way to do this job.

But there's a dearth of information on the Interwebs regarding what Extended Key Usages you need to have enabled in your Certificate Template for these. There are a heap available, including Email Signing, Timestamping, Code Signing, IPSec SSL things (about …


Continue reading

Zentyal 6.0 to 6.1 upgrade getting stuck

Posted on Tue 17 December 2019 in Tech • Tagged with Tech, Security, Linux, Mail

So I faced a little challenge with a Zentyal server the other day. I was upgrading from ye olde 6.0 to 6.1, when everything just stopped. I let it sit in the corner for about an hour or so, but it never picked up the thread. All the services were still live, so I logged in to have a look.

Running ps aux, I discovered this line:

sh -c /usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/x2M7gkZVvm.cmd 2> /var/lib/zentyal/tmp/stderr

So, I …


Continue reading

StarCraft Remastered broken under Wine

Posted on Mon 09 December 2019 in Tech • Tagged with Tech

I know this post is only going to be relevant for a couple of weeks, but today I tried to launch StarCraft Remastered under WINE and it crashed.

Pertinent info: StarCraft Version 1.23.2.6926 WINE version 4.20-staging Battle.Net version 1.18.0.11698

Fix was to open the Battle.Net settings -> Game Settings -> "Launch 32-bit client (instead of 64-bit)"

Apparently the 64-bit version has become the default sometime since I last played it (October?!): https://us.forums.blizzard.com/en/starcraft/t/enabling-64-bit/458/7


Continue reading

Inside the Check Point 1180

Posted on Sun 28 April 2019 in Tech • Tagged with Tech

I've got a spare Check Point 1180 here, and I'm fiddling around with it a bit. Learnings so far:

  • Platform: ARM
  • CPU / RAM: ARM926EJ-S, 512MB RAM
  • System board: Marvell RD-88f6281A LE

Continue reading

When a docking station wrecks your breakfast

Posted on Sat 23 February 2019 in Tech • Tagged with Tech

It's been a while since I posted, but we bumped into something completely batshit crazy at work that I just had to share.

One of my colleagues was setting up a new computer, and was unable to RDP into the new build. He kept getting the error message "Your session ended because there was a data encryption error. If this keeps happening, ask your admin or tech support for help."

"Your session ended because there was a data encryption error."

We'd never experienced this error before, and - although the internet knew about it - there were not very many helpful hits …


Continue reading

New things I didn't know about Wireguard

Posted on Thu 27 December 2018 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is part of my brief series on Wireguard. I'm pretty enamoured with Wireguard and the way it works, and I've been using it pretty seamlessly for over a year now. I've learned a couple things that weren't immediately obvious though, so I'm documenting them here.

Easy Provisioning

Samuel Holland mentioned an interesting trinket, in his post at https://lists.zx2c4.com/pipermail/wireguard/2018-December/003703.html:

"[...] WireGuard will ignore a peer whose public key matches the interface's private key. So you can distribute a single list of peers everywhere …


Continue reading

When AppArmor eats your breakfast

Posted on Mon 19 March 2018 in Tech • Tagged with Security, Tech, Linux

I've knocked heads with AppArmor a few times now. To be quite honest with myself, I think it's primarily because I install it, enable all the plugins, and then forget it's there until there's a problem.

TL;DR:

On a fully-updated Zentyal 5.0 system running DHCP, the AppArmor profile in /etc/apparmor.d/usr.sbin.dhcpd will prevent isc-dhcp-server from restarting itself after an upgrade.

More search-type words: Zentyal dhcp server doesn't start again after upgrade. isc-dhcp-server graceful shutdown, but no restart.

This frustration-laden, Google-friendly equivalent of speaking slowly …


Continue reading

Installing PowerChute Network Shutdown on ProxmoxVE

Posted on Tue 27 February 2018 in Tech • Tagged with Tech, Linux

This is going to be one of those posts where I just dump stuff. Power failures are shite, and if your server isn't talking with your UPS, it won't shut down gracefully. This is the story of my trying to get APC's PowerChute Network Shutdown working on a ProxmoxVE 5.1 environment.

Note I opted out of using either nut or apcupsd, because I had a nice fancy Network Management Card (NMC2 / Schneider AP9631) available. Also, I wanted to shut down more than a single server, so a USB or …


Continue reading

Getting rid of the # format in Flex

Posted on Fri 12 January 2018 in Tech • Tagged with Tech, Pelican

Back when I was getting this blog set up, I had a short whinge about the default way that the Flex theme created links to pages.

Specficially, creating a link to "Tuna Patties" (for example), Flex would append the link with an identical stub, such as https://www.ericlight.com/tuna-patties.html#tuna-patties

I thought this was silly, so I found a way to fix it, but never bothered submitting a Pull Request to Alexandre because I figured it was intentional.

Well, it turns out I wasn't the only one …


Continue reading