Linux

section tag Enforced, encrypted, self-hosted DNS solution for Android devices

| Pekka Helenius |  July 23, 2021 
Updated:  July 2, 2022 
post header image

Did you know all internet addresses you browse on your Android mobile phone or tablet are resolved by Google DNS servers (8.8.8.8, 8.8.4.4, 2001:4860:4860::8888 and 2001:4860:4860::8844) as plain-text traffic, and due to that, your ISP may also know your browsing or application use habits?

The newest Android versions have feature known as private DNS. However, it accepts and uses only domain names instead of raw IP addresses, so I wouldn't trust the feature too much. Quite obviously you can use VPN. However, you are dependent on an external VPN provider service - and you hardly get useful DNS query logs at all.

So, no use either for built-in private DNS feature or VPN. What then? My answer: use a self-hosted DNS server with encryption support, running on your Android tablet or phone. Enforce every single DNS query by Android applications via that server. How? Keep reading. You need a rooted Android device.

section tag Kerberos-secured network file shares - practical guide for kerberized NFSv4

| Pekka Helenius |  February 12, 2021 
Updated:  November 9, 2021 
post header image

Sharing sensitive data in secure manner is important on many critical network environments, and Kerberos security provides much needed security layer for insecure NFSv4 file sharing. This article focuses on setting up, configuring and testing MIT Kerberos V5 + NFSv4 file sharing on Linux environment.

Unlike many blog articles, I take one step further and explain how to set-up such environment with not just two but four individual Linux computers: Combined Kerberos LDAP back-end and user database server, Kerberos KDC & Administration server, NFSv4 server and NFSv4 client.

section tag OpenNTPD - now with OpenSSL support

| Pekka Helenius |  August 2, 2020 
Updated:  January 21, 2021 
post header image

For a few weeks, I've been working on implementing OpenSSL support and vastly improved configurability to OpenBSD-based NTP daemon OpenNTPD. Both of which I have done now. OpenNTPD is written in C. See the implementation on GitHub - openntpd-openssl.

I run a Linux server infrastructure with time-critical daemons such as Kerberos and Bind9 DNS server. Therefore, I see it's essential to have a local, secure NTP server software.

section tag USB authentication for Linux computers and users

| Pekka Helenius |  June 23, 2020 
Updated:  June 28, 2020 
post header image

Are you looking for a cheap and trustworthy two-factor authentication solution for your Linux computer or computers? You should take a look at USB PAM authentication module which let you to establish either a simple or complicated authentication rules and actions for each Linux user depending on your needs and environment. The module stacks on top of your existing solutions such as basic password or LDAP authentication and adds extra layer of security.

section tag Run Android apps on Linux desktop with LXC

| Pekka Helenius |  June 13, 2020 
Updated:  October 24, 2022 
post header image

Many of us have heard about or tried out GenyMotion Android Emulator. Did you know running Android applications is also possible on a regular Linux desktop computer without any virtual machines, with modern container technologies?

In this post, I guide you through one good solution I came across with quite a short while ago - Anbox.

section tag TinyForest - Self-developed automation system for home

| Pekka Helenius |  April 9, 2020 
Updated:  April 20, 2020 
post header image

Home automation is a large field with many market products available. TinyForest is another home automation system, developed and designed from scratch for various target environments, written in Python 3 and ReactJS. In time writing this article, TinyForest core system is fully functional, and further improvements are planned. It adapts to multi-sensor and multi-device configurations, and can handle everything from irrigration and heating to light controls.

section tag SQL database planning, development & usage

| Pekka Helenius |  February 2, 2020 
Updated:  February 11, 2021 
post header image

Excel spreadsheet data processing is a familiar approach for everyone to handle local client data sets. However, for server-side data handing, centralized SQL databases are used. More modern NoSQL techniques are even better for big data due to horizontal server scaling possibilities.

In this post, I cover a basic SQL database lifecycle from client requirements specification to detailed database use and data analytics, using a fictional game tournament service as an example platform.

section tag Fighting dotfile pollution on Linux

| Pekka Helenius |  January 3, 2020 
post header image

Have you ever got sick of mess in your Linux home folder(s)?

The mess is usually caused by countless random dotfiles, generated by multiple applications over time. In Unix world, these dotfiles are also known as hidden files or hidden folders.

The dotfile pollution issue exists due to three main reasons: non-standardization of dotfile locations in a home folder, the way software developers treat user home folder locations in their application code and, unlike system-wide application packages, user-specific application files are usually not centrally managed at all.