Tek's Domain

#<NTA:NnT:SSrgS:H6.6-198:W200-90.72:CBWg>

Narration for Posts, for You!

If you’ve clicked on this post itself, you’ll notice there’s a sound file at the top. That’s because if you click it, or hit the P key, you’ll hear… me, reading this! I’m working on adding this to old posts one by one, so you might see that popping up eventually. But, partially for accessibility, and partially just to make these sort of ramblings easier to take in while only half paying attention or just doing something else entirely, I’m putting audio narration on every post here that I can.

Continue reading

Fail2Ban Behind a Reverse Proxy: The Almost-Correct Way

Fail2Ban is a wonderful tool for managing failed authentication or usage attempts for anything public facing. However, by default, it’s not without it’s drawbacks: Fail2Ban uses iptables to manage it’s bans, inserting a --reject-with icmp-port-unreachable rule for each banned host. The thing with this is that I use a fairly large amount of reverse-proxying on this network to handle things like TLS termination and just general upper-layer routing. Since it’s the proxy that’s accepting the client connections, the actual server host, even if its logging system understands what’s happening (say, with PROXY protocol) and logs the real client’s IP address, even if Fail2Ban puts that IP into the iptables rules, since that’s not the connecting IP, it means nothing. What I really need is some way for Fail2Ban to manage it’s ban list, effectively, remotely. Luckily, it’s not that hard to change it to do something like that, with a little fiddling.

Continue reading

AbuseIPDB Checking With Postfix

Updated Dec 31, 2021

So if you’ve not heard, there’s this website called AbuseIPDB, which, no affiliation, is a website where webmasters can submit reports of abusive IP addresses, and then query those reports, either manually, or using their REST API. And this is how I did exactly that, to help cut down some of the spam on my email server. Let’s get started.

Continue reading

What Exactly Is Federation, Anyways?

Federation, the driving name behind decentralized and self-hosted software. But what is ‘federation,’ really? Well, there’s the really complex answer, and the simple answer. The simple answer is that federation is when multiple unrelated instances of a piece of software are capable of communicating and sharing between one another. The long answer, well, if you want to see that, then…

Continue reading

OTR: Encrypted Instant Messaging

Yes, for once, I have not just some app for secure messaging, this time, it’s a protocol. OTR, or Off-the-Record Messaging, is a protocol for establishing end-to-end encrypted messaging between two participants over a standard instant messaging channel like IRC or XMPP (Jabber). It also allows for deniable authentication, where during the conversation you can be assured that only you two are talking, but after the conversation, there is no way for an outside third party to 100% prove you talked, since it’s theoretically possible for an attacker to have forged the communications record. It’s complicated, but not too hard to wrap your head around.

Continue reading

WebDAV Explained: Filesystems Over HTTP

So I take it some people reading this are familiar with what I’ll call a ‘remote filesystem protocol’ like NFS, SMB, or AFP. Well, did you know there’s one that’s found use in a few places and you’ve maybe heard of once or twice, and really… well, doesn’t sound like it should make any sense? Welcome to WebDAV. The remote filesystem that runs over HTTP.

Continue reading

IRC Is an Insanely Simple Protocol

This is where I’d usually make some joke about “if you remember, back in the day…” but… given how Freenode and Libera have been in the news recently for Freenode’s rather hostile takeover (and suicide), You probably know what IRC is. So. IRC, or Internet Relay Chat, is a really old (as in, 1988) protocol for text-based communications between users on a network. And the cool part is, it’s so simple that it’s almost funny. Like, let’s take a look. You could actually, with only a few minutes of reading, just enter raw IRC protocol lines by hand and have a perfectly valid and functional session.

Continue reading

Matrix: Decentralized, Federated Chat

Do you like secure chat apps? but actually secure, not like Telegram? And end-to-end encrypted, if selected? And ones that support sending media, and files, and even voice and video calls? And completely decentralized meaning you don’t need to rely on any one company or any one third-party server?

Well do I have a deal for you: Matrix.

Continue reading

Giving My Sitemap Some Style

Now I know I’ve talked about sitemap.xml before, but quick summary: that’s an XML file that has a list of every (public) URL on your site, to make it easier for crawlers to index your entire site since that list (or, map) lays it out. Well as an XML file, it can take XML style sheets, in a format called XSLT, short for XSL Transformations, short for eXtensible Stylesheet Language. Yes, it’s XML all the way down. But, if you’ve looked at my sitemap, you’ll see I’ve gone and done it. This is how.

Continue reading

Graylog, and the Syslog Protocol, Explained

So if you’ve tried enterprise log management systems, you’ve likely heard of Syslog. If you haven’t, Syslog, is, well, a protocol designed to allow multiple hosts to send their system logs over the network to some other server where they can be analyzed and stored. It’s another one of those weird UDP protocols, and this one is actually stupid simple, even in both of the commonly used forms! Oh, we’ll also cover the one piece of software that I use that handles Syslog — Graylog, which by itself is also really cool.

Continue reading
Older posts