In this post a brief overview is given for requesting and automated renewal of (free!) Let's Encrypt SSL/TLS certificates in Arch Linux. Such certificates can be useful for web, mail and a plethora of different web services that can be secured with SSL/TLS.
Using ZFS in Linux is not as simple as other file systems. The ZFS on Linux code is not integrated in the Linux kernel due to license issues. Therefore, native support by distributions is missing. This does not mean that it is hard to add support for ZFS to an existing installation. On the contrary. In this guide it is shown that durable ZFS support can be added to Arch Linux with a few simple commands. In addition, a cheat sheet is provided to ease ZFS management.
Most self-hosted web services can authenticate against a back end server using LDAP or Kerberos. Hosting a server to handle authentication using these protocols can be a daunting task for the uninitiated. This guide explains how to configure Samba as a back end authentication server to allow each user to authenticate against multiple services with a single account. The authentication server will run Active Directory Domain Services as a domain controller to enable authentication over LDAP and Kerberos. This guide will also explain how to configure Nextcloud to authenticate users using LDAP. Users will be able to login and change their passwords through Nextcloud's web interface. The same (changed) password would also be usable for other (web) services.
OpenVPN can be used with an obfuscation proxy, such as obfsproxy or obfs4, to avoid identification of VPN traffic through deep packet inspection. In this post I explain a connectivity problem that client-side OpenVPN faces when such a proxy is approached as a local SOCKS proxy by OpenVPN. A solution is provided, of course.
Not even experts are safe from the many pitfalls that exist in implementations. Qualys, known for their Qualys SSL Labs Vulnerability Scanner (used in my research), allowed the expiration of their blog's certificate.