New things I didn't know about Wireguard

Posted on Mon 31 December 2018 in Tech • Tagged with Tech, Security, Wireguard, Networking, Linux

This is part of my brief series on Wireguard. I'm pretty enamoured with Wireguard and the way it works, and I've been using it pretty seamlessly for over a year now. I've learned a couple things that weren't immediately obvious though, so I'm documenting them here.

Easy Provisioning

Samuel Holland mentioned an interesting trinket, in his post at

"[...] WireGuard will ignore a peer whose public key matches the interface's private key. So you can distribute a single list of peers everywhere …

Continue reading

When AppArmor eats your breakfast

Posted on Mon 19 March 2018 in Tech • Tagged with Security, Tech, Linux

I've knocked heads with AppArmor a few times now. To be quite honest with myself, I think it's primarily because I install it, enable all the plugins, and then forget it's there until there's a problem.


On a fully-updated Zentyal 5.0 system running DHCP, the AppArmor profile in /etc/apparmor.d/usr.sbin.dhcpd will prevent isc-dhcp-server from restarting itself after an upgrade.

More search-type words: Zentyal dhcp server doesn't start again after upgrade. isc-dhcp-server graceful shutdown, but no restart.

This frustration-laden, Google-friendly equivalent of speaking slowly …

Continue reading

Installing PowerChute Network Shutdown on ProxmoxVE

Posted on Tue 27 February 2018 in Tech • Tagged with Tech, Linux

This is going to be one of those posts where I just dump stuff. Power failures are shite, and if your server isn't talking with your UPS, it won't shut down gracefully. This is the story of my trying to get APC's PowerChute Network Shutdown working on a ProxmoxVE 5.1 environment.

Note I opted out of using either nut or apcupsd, because I had a nice fancy Network Management Card (NMC2 / Schneider AP9631) available. Also, I wanted to shut down more than a single server, so a USB or …

Continue reading

Getting rid of the # format in Flex

Posted on Fri 12 January 2018 in Tech • Tagged with Tech, Pelican

Back when I was getting this blog set up, I had a short whinge about the default way that the Flex theme created links to pages.

Specficially, creating a link to "Tuna Patties" (for example), Flex would append the link with an identical stub, such as

I thought this was silly, so I found a way to fix it, but never bothered submitting a Pull Request to Alexandre because I figured it was intentional.

Well, it turns out I wasn't the only one …

Continue reading

Fix Dell Keyboard Backlight under Debian

Posted on Thu 11 January 2018 in Tech • Tagged with Tech, Linux

My personal laptop is an old Dell Latitude E6410. One of the things I actually love about it, is the fact that the keyboard has a backlight.

However, because Linux, sometimes that backlight just stops working. When this happens, you'll see error messages in dmesg, such as:

dell_wmi: Unknown key with type 0x0011 and code 0x01e2 pressed

If this happens to you, just run this command:

$ sudo echo 7 > /sys/devices/platform/dell-laptop/leds/dell\:\:kbd_backlight/brightness

You can echo a higher number if you want your keyboard brighter, but …

Continue reading

Mikrotik RouterOS - incorrect SNMP status for idle WLAN interfaces

Posted on Sun 07 January 2018 in Tech • Tagged with Tech

While trying to monitor the status of one of our wireless access points, I discovered that RouterOS returns an incorrect SNMP status code for the wlan interfaces when there are no clients connected to the interface. This is at least present in RouterOS v6.40.3, on a Mikrotik cAPlite (RBcAPL-2nD).

Specifically, when the wifi interface is up, but has zero connected clients, the OID returns an SNMP value of 2 ("down"). This status is incorrect - the interface isn't down, it's merely waiting for an external connection.

The specific OID …

Continue reading

When the problem is DNS: FreeNAS and NFS

Posted on Sun 07 January 2018 in Tech • Tagged with Tech, Linux

I discovered a while ago that NFS requires DNS to function correctly:

That's somewhat annoying, because when your DNS server goes down (and your backups are stored on your FreeNAS server and accessed over NFS), is precisely the time when you really want your backups to be accessible.

However, turns out it doesn't aaaaactuallyyyyy need DNS... it needs name resolution. Specifically, FreeNAS just needs to be able to resolve it's own hostname. Cue the handy-dandy hosts file.

Under Network -> Global Configuration -> Host name data …

Continue reading

Flashing a Samsung S5 G900I back to stock

Posted on Tue 19 December 2017 in Tech • Tagged with Android, Tech

I got a second-hand Samsung Galaxy S5 for my mum yesterday (a G900I model, from Telstra), and I spent some time getting it ready.

Firstly, I downloaded the most-recent Telstra firmware image. At time of writing, that's G900IDVU1CQJ2. Telstra appears to be the only carrier still releasing stock firmware for this phone, so I downloaded the Telstra version even though we're connecting to Spark New Zealand. This means the phone will at least be running the most up-to-date baseband and modem firmware.

Note - if you try this, and find that …

Continue reading

Making MindTouch's Dekiwiki work on Debian Stretch

Posted on Sun 17 September 2017 in Tech • Tagged with Tech, Security, Linux

We had accumulated a certain amount of technical debt, due to a Wiki solution that was selected a few years ago: Dekiwiki, by MindTouch. Unfortunately a few months after implementation, MindTouch Core (which Dekiwiki builds on) was well-and-truly deprecated back in 2013.

It all happened before my time, but it seems as if Dekiwiki came as a pre-built VMware Appliance, based on Debian Etch (Debian 4.0; released in 2007). After giving our Dekiwiki environment some serious side-eye for a while, I finally decided to get my hands dirty and …

Continue reading

Compiling Heimdall without installing Qt

Posted on Wed 13 September 2017 in Tech • Tagged with Android, Tech, Linux

During my recent Wrecked-phone Saga, I had some trouble flashing my firmware. My phone was broken at the time, so I couldn't enable ADB Debugging - therefore adb wasn't an option. OEM Bootlock was on, so fastboot wasn't an option. My Recovery bootloader was also broken. I thought my phone was bricked.

That's until I remembered Heimdall.

Heimdall is specifically a tool for working with the partitions on Samsung phones - other visitors need not apply. It works a treat for my Samsung Galaxy S5 (kltedv) though.

Heimdall, however, is old. The …

Continue reading