Roundcube and Dovecot, howto use TLSv1.2
by Darkray, 2015-09-19
A lot has been written about disabling SSLv3, not only for your webserver but also for the other services, like Dovecot for example.
Now this is easy, but what they don't tell you, is how to exactly use TLSv1.2 with Roundcube webmail client.
Again, this should be easy too. But if you have PHP v5.6 on your system,
some things have changed. Roundcube is written in PHP and it's configuration
settings are PHP as well.
Howto reset Gnome 3 HiDPI settings
by Darkray, 2014-09-27
Today I was curious what the HiDPI setting in Gnome 3.12 did and how it worked, so I launched the gnome-tweak-tool and
changed the HiDPI setting from 1 to 2. Don't just do this on a low-res screen, in my case a 1366x768 Thinkpad screen. Every Gnome window is blown up as if it's under a magnifier. Probably what you want
on a high-res screen :–P
You can reset this by firing up a terminal by typing: ALT-F1 and gnome-terminal, in the terminal execute the following command
to reset the HiDPI setting back to 1:
gsettings reset org.gnome.settings-daemon.plugins.xsettings overrides
Howto setup an IPsec VPN with pfSense
by Darkray, 2014-06-07
Setup VPN on the router
Follow the excellent howto from the pfSense documentation: IPsec_Road_Warrior [pfsense.org]
Personally I like to use 'Mutual PSK + Xauth' as authentication method of the tunnel.
Setup Client software on Linux
Install the Cisco-compatible VPN client on linux:
apt-get install vpnc
Use your favourite linux editor and create a new config file: /etc/vpnc/myvpn.conf
IPSec gateway <pfsense router address>
IPSec ID <Peer identifier>
IPSec secret <Pre-Shared Key>
Xauth username <Identifier or username>
Xauth password <Identifier password>
Start the VPN tunnel by entering the following command:
Disconnect the VPN tunnel with
Setup client software in Gnome 3
Install the vpnc addon software for Network Manager
apt-get install network-manager-vpnc
Goto Settings, Network, Add, VPN, Cisco Compatible VPN (vpnc) and use the following settings:
Gateway: <pfsense router address>
User name: <Identifier/username>
User password: <Identifier/username password>
Group name: <Peer identifier>
Group password: <Pre-Shared Key>
Encryption method: Secure
NAT traversal: NAT-T when available
IKE DH Group: DH Group 2 (default)
Perfect Forward Secrecy: Server (default)
Local port: 0
While passwords should be saved in the Gnome Keyring (bug?), it actually doesn't save the passwords anywhere.
If you however do want it to be saved, you could edit the Network Manager connection: /etc/NetworkManager/system-connections/MyVPN
and add the following lines, but make sure not to leave an empty line at the end. I also found out that Network Manager is very picky
about capitals in its configuration syntax.
IPSec secret=<Pre-Shared Key>
Xauth password=<Identifier/username password>
Howto disable Xorg 1.11 Screensaver bypass
by Darkray, 2012-01-21
With Xorg 1.11 it is possible to bypass the Screensaver Lock, without having to enter a password. This is already fixed in xkeyboard-config 2.5 and pushed in various distros. A simple fix for those who can't or do not want to update/patch their distribution :
Let's see if we are affected:
$ Xorg -version
X.Org X Server 22.214.171.1241 (1.11.4 RC 1)
Yes we are :-( Let's get the responsible keys from the keyboard map
$ xmodmap -pke | egrep "XF86Ungrab|XF86ClearGrab"
keycode 63 = KP_Multiply XF86ClearGrab KP_Multiply XF86ClearGrab
keycode 106 = KP_Divide XF86Ungrab KP_Divide XF86Ungrab
Create a .xmodmaprc file and redefine these two keys and add it to our .profile
$ cat > ~/.xmodmaprc <<EOF
keycode 63 = KP_Multiply
keycode 106 = KP_Divide
$ echo "/usr/bin/xmodmap ~/.xmodmaprc" >> ~/.profile
Now all you have to do is, logoff and login and you're done.
Openmoko: Neo Freerunner
by Darkray, 2008-03-07
Currently I'm very much interested in the Openmoko project,
which are developing a linux based smartphone. Starting the project in 2007 with a "developers-only"
version called Neo 1973, they are expecting to release the Neo Freerunner before the summer of 2008.