The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,570 other followers

Archive for the ‘Communications Development’ Category

« Previous Entries

draft-ietf-appsawg-http-forwarded-10 – Forwarded HTTP Extension (X-Forwarded-For, X-Forwarded-By, and X-Forwarded-Proto)

Posted by jpluimers on 2019/05/21

Since many HTTP stacks do not have fields for this so it’s hard to get the originating IP address:

It is about these HTTP header fields with and without X- prefix:

  • Forwarded
  • X-Forwarded-For
  • X-Forwarded-By
  • X-Forwarded-Proto

Note that widely used tools like HAProxy do not always fully adhere to the “standard”…

Via:

–jeroen

Posted in Communications Development, Development, HTTP, Internet protocol suite, Software Development, TCP | Leave a Comment »

scp a remote file to a local machine

Posted by jpluimers on 2019/03/15

For me, scp is like tar; somehow I Google this every time…

  1. On the remote machine, find out the full path of the remote file: 
    ~ # ssh username@192.168.71.123
...
~ # ls -alh `find /vmfs/volumes/ | grep -w W81Entx64CI | grep '\.vmdk$'`
-rw-------    1 root     root      200.0G Aug 26 22:48 /vmfs/volumes/552f5788-33e30274-8dba-001f29022aed/VM/PSO/W81Entx64CI/W81Entx64CI-flat.vmdk
-rw-------    1 root     root         500 Aug 19 16:36 /vmfs/volumes/552f5788-33e30274-8dba-001f29022aed/VM/PSO/W81Entx64CI/W81Entx64CI.vmdk
  2. On the local machine, go to the right directory, then copy the file from the remote machine: 
    ~ # cd /vmfs/volumes/Samsung512NVME/PSO/VM/W81Entx64CI/
~ # time scp -v username@192.168.71.123:/vmfs/volumes/552f5788-33e30274-8dba-001f29022aed/PSO/W81Entx64CI/W81Entx64CI-flat.vmdk W81Entx64CI-flat.vmdk

 

I don't know what's worse--the fact that after 15 years of using tar I still can't keep the flags straight, or that after 15 years of technological advancement I'm still mucking with tar flags that were 15 years old when I started.

I don’t know what’s worse–the fact that after 15 years of using tar I still can’t keep the flags straight, or that after 15 years of technological advancement I’m still mucking with tar flags that were 15 years old when I started.

The last line will logon over ssh and shows the file transfer in a verbose way.

Requirements:

  • both machines have ssh
  • local machine has firewall entry to allow client ssh
  • remote machine has sshd and firewall entry to allow sshd server connections

Via [WayBackshell – How to scp a folder from remote to local? – Stack Overflow (thanks [WayBack] Gryphius)

Image source: [WayBackxkcd: tar

–jeroen

Posted in Communications Development, Development, Internet protocol suite, SSH, TCP | Leave a Comment »

IP over Avian Carriers

Posted by jpluimers on 2019/02/21

From the geek fun department: [WayBackIP over Avian Carriers – Wikipedia.

I learned through this slightly after the fight to keep HTTP status code 418 (I’m a teapot) which is part of RFC2324 released on April 1st, 1998.

The IP over Avian Carriers is part of three RFCs, all released on April 1st in various years:

–jeroen

via: Http-statuscode ‘I’m a teapot’ is voorlopig veilig – IT Pro – .Geeks – Tweakers

Posted in Communications Development, Development, Fun, Geeky, HTTP, Internet protocol suite, Software Development, TCP | Leave a Comment »

Accessing storage (NAS) over the Internet via FTP | FRITZ!Box 7490 | AVM International

Posted by jpluimers on 2019/02/13

Of course you don’t want this. So by the time you read this, the connection has been closed.

For testing some Internet of Shit stuff from a client that cannot do SFTP, I needed a temporary FTP accessible connection.

These links helped:

TL;DR:

  1. Preparing the USB stick:
    1. Ensure the USB disk is FAT/FAT32/NTFS
    2. Create a directory in the root of the USB disk for the FTP user (for now: FtpDirectory)
    3. Insert the USB disk in the Fritz!Box
  2. Logon to the Fritz!Box web UI
    1. Configure a user for FTP:
      1. In the menu, go to System, then FRITZ!Box Users
      2. Click Add user
      3. Name the user (for now: MyFtpUser)
      4. Ensure that user *only* has a checkmark for `Access to NAS contents`
      5. Click the button Add directory
      6. In the popup click Select folder
      7. Choose the FtpDirectory you just made
      8. Click OK
      9. Ensure the read and write checkboxes are enabled
      10. Click OK
    2. Configure the USB stick for FPT access
      1. In the menu, go to Home Network, then USB Devices
      2. Observe if the device is visible and has the correct file system (if not: ask AVM)
      3. In the menu, go to Internet, then Permit Access
      4. Click on the FRITZ!Box Services
      5. Ensure there is a checkmark at Internet access to your storage media via FTP/FTPS enabled
      6. At TCP Port for FTP/FTPS, fill in 21 (many IoT devices cannot use a different port)
      7. Ensure there is *no* checkmark at Allow only secure FTP connections (FTPS)
      8. Make a note of the value after FTP address (something like ftp://example.org:21`)
      9. Click Apply
  3. Test

–jeroen

Posted in Communications Development, Development, Fritz!Box, FTP, Internet protocol suite, IoT Internet of Things, Network-and-equipment, Power User, Software Development, TCP | Leave a Comment »

‪Dear #lazyweb, can anyone point me to a modern email server setup (just emai…

Posted by jpluimers on 2019/02/01

Summary from [WayBack]‪ Dear #lazyweb, can anyone point me to a modern email server setup (just email) with letsencrypt, some spam filter, multi domain preferably on RHEL/Cent… – Jan Wildeboer – Google+

  • many SMTP servers on the interwebs do not have proper TLS setups, so do not require remote SMTP servers to deliver email with a proper certificate
  • delivering mail via SMTP using STARTTLS with a proper certificate yourself is a good step forward
  • postfix
  • dovecot
  • greylisting (although in practice it does not make much of a difference any more)
  • fail2ban
  • dnsbl (often called rbl)
  • spamassasin
  • rspamd (supports SPF, DKIM and many others)
  • letsencrypt automation can be tough, so here is a small wrapper: [WayBack] GitHub – DrGlitchMX/update-letsencrypt: Tiny script for updating “Let’s Encrypt!” certificates from cron
  • it helps having letsencrypt and the mail server to be on one machine:
    • multidomain let’s encrypt cert that has my webserver name and the mailserver in the Subject Alternative Names field. As both are on the same machine certbot can automatically update it and I just point Postfix and Dovecot to the LE files.
  • Hans-Martin Mosner SMTP as-is is just not suitable for the kind of decentralized mail that you would prefer. You need some mechanism to determine which mail senders to trust and which not. Cryptography is suitable at the MUA level and should be used much more, but at the MTA level, TLS for privacy and SPF(bleh) or DKIM(meh) for sender domain authentication are basically your only weapons -much too weak. The PGP web of trust must be considered a failed experiment – who of your mail contacts uses PGP properly or at all? Ironically the only secure messaging solutions for the masses are centralized.

Things to do:

  • find a proper multi-MX fallback setup guide for postfix

–jeroen

Read the rest of this entry »

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, postfix, Power User, SMTP | Leave a Comment »

« Previous Entries
 
%d bloggers like this: