-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f1daa3b
commit 6d7210c
Showing
7 changed files
with
186 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| --- | ||
| nav: | ||
| - ... | index.md | ||
| - Training Resources: training | ||
| - Enterprise Linux: el | ||
| - Training Resources: training | ||
| - Misc: misc | ||
| - Archives: archive |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| title: The Euphemism Review | ||
| --- | ||
|
|
||
| !!! warning | ||
| This is a humorous article by contributor Louis Abel. The following content | ||
| does not necessarily represent the viewpoints or opinions held by other | ||
| authors on this website. | ||
|
|
||
| Welcome to the ported edition of the "The Euphemism Review" the journal for imprecise speech in the corporate environment. | ||
|
|
||
| Please don't say "timeframe" | ||
| ---------------------------- | ||
|
|
||
| The Eskimos have over a hundred words for what we simply call... "snow". The reason is that *snow* is important to them. It is vital to know if the snow is the kind that can be walked on without sinking, the kind that a sled runs on easily, the kind that igloos can be built from, and so on. If you ask a Eskimo for a bucket of "snow" they will have no idea what you are talking about and will, without a doubt, consider you to be an ignorant savage. | ||
|
|
||
| Here in modern western society we have many words that relate to time, this is because time is important to us. Whether that is a blessing or a curse is is debatable, but it's normally the latter. We need to know when things will happen and how long they will take. Some of these words are: | ||
|
|
||
| * Schedule | ||
| * Calendar | ||
| * Frequency, or "how often" | ||
| * Daily | ||
| * Monthly | ||
| * Yearly | ||
| * Deadline | ||
| * Time | ||
| * Period | ||
| * Periodically | ||
|
|
||
| Not only is "timeframe" not a word, you certainly can't use it in place of all of the above and expect to be understood even by a fluent speaker. And yes, we know that Microsoft Word seems to accept it as a word, but given their reputation... Don't be fooled. | ||
|
|
||
| Below, here's a handy dandy table you can use to practice. | ||
|
|
||
| | Instead of... | Use.. | | ||
| |----------------------------------------------|-------------------------------------| | ||
| | It has to be done in the June 1st timeframe. | The deadline is June 1st | | ||
| | What timeframe do you need that by. | When do you need it. | | ||
| | Let's figure the timeframes for that. | Let's make a schedule. | | ||
| | What timeframe did that happen in? | When did that happen? | | ||
| | Can we do that in the timeframe? | Can we do that in time? | | ||
| | What's going on in your October timeframe? | What's on your calendar in October? | | ||
| | Group them by timeframe. | What? | | ||
|
|
||
| Look how clear and understandable it is. It's also shorter. Who would've thought. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| --- | ||
| title: Hurricane Electric IPv6 Tunnel | ||
| --- | ||
|
|
||
| On distributions that use Network Manager, you can setup an IPv6 tunnel with Hurricane Electric. Make sure you have done the following. | ||
|
|
||
| 1. Create an account at [Hurricane Electric](https://tunnelbroker.net) | ||
| 2. Click "Create Regular Tunnel" on the left hand side | ||
| 3. Enter your IPv4 public IP address in the first box | ||
| 4. Choose the closest tunnel server to you (in my case, it's Phoenix) - Note the IP Address (eg. 66.220.7.82) | ||
| 5. Click "create tunnel" | ||
| 6. Note all the information in your "tunnel details" | ||
|
|
||
| ``` | ||
| % nmcli con add type ip-tunnel \ | ||
| # Name of the interface | ||
| ifname sit0 \ | ||
| # Tunnel protocol with the endpoint | ||
| mode sit remote 66.220.7.82 -- \ | ||
| # Disabling IPv4 on this interface | ||
| ipv4.method disabled \ | ||
| # Manual IPv6 configuration | ||
| ipv6.method manual \ | ||
| # IPv6 endpoint addresses (not your subnet) | ||
| ipv6.address 2001:470:1f18:96::2/64 \ | ||
| ipv6.gateway 2001:470:1f18:96::1/64 | ||
| ``` | ||
|
|
||
| You will also need to open some parts of your firewall to allow communication. In particular, ICMP (at least type 8) should be allowed from the tunnel server for the heartbeat. | ||
|
|
||
| After this, you should be able to assign addresses from your routed /64 on your current machine or machines in your network and be able to ping out. You can also create a /48 and make multiple /64's if you wish. | ||
|
|
||
| It is possible to update the tunnel automatically with your IPv4 address in the event it changes. | ||
|
|
||
| ``` | ||
| % vi /etc/NetworkManager/dispatcher.d/pre-up.d/00-tunnelfix.sh | ||
| #!/bin/sh | ||
| user=USERNAME | ||
| pass=PASSWORD | ||
| tunnel=TUNNEL_ID | ||
| if [ "$1" = sit0 ]; then | ||
| wget -O /dev/null https://$user:[email protected]/ipv4_end.php?tid=$tunnel | ||
| fi | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| --- | ||
| title: MinGW | ||
| --- | ||
|
|
||
| Original author: Tommy Nguyen | ||
|
|
||
| To my knowledge, the best MinGW distribution is provided by Stephan T. Lavavej | ||
| (a Microsoft employee who works on the C++ team) and is available on [his site](https://nuwen.net/mingw.html). | ||
| It contains mingw-w64, GCC and binutils, coreutils and several other libraries | ||
| and command line utilities (including git). Installation simply requires | ||
| extracting to any location and using the provided bat files to open a command | ||
| prompt with a preset PATH. | ||
|
|
||
| ## Why not use WSL? | ||
|
|
||
| They serve different purposes. The MinGW distribution contains Windows | ||
| **ports** of GCC, coreutils, etc. that run natively on Windows. On the other | ||
| hand, WSL attempts to allow you to run native Linux binaries on Windows. WSL2 | ||
| supposedly uses Hyper-V for virtualization. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| --- | ||
| title: Is port 465 deprecated? | ||
| --- | ||
|
|
||
| Original author: Tommy Nguyen | ||
|
|
||
| Last modified: Mon Aug 1 17:02 | ||
|
|
||
| !!! Note | ||
| For a guide on how to setup Exim4 with Gmail and implicit TLS, see [How To Secure A Linux Server](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#the-miscellaneous). | ||
|
|
||
| No. Some sources like [Debian's guide on Gmail and Exim4](https://wiki.debian.org/GmailAndExim4) | ||
| and the StackOverflow question | ||
| [What is the difference between ports 465 and 587?](https://stackoverflow.com/questions/15796530/what-is-the-difference-between-ports-465-and-587/19942206#19942206) | ||
| claim that port 465 is deprecated. RFC 8314 entitled | ||
| [Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access](https://tools.ietf.org/html/rfc8314) | ||
| recommends that you use port 465 with implicit TLS instead of STARTTLS | ||
| on port 587: | ||
|
|
||
| In brief, this memo now recommends that: | ||
|
|
||
| - TLS version 1.2 or greater be used for all traffic between MUAs and | ||
| Mail Submission Servers, and also between MUAs and Mail Access | ||
| Servers. | ||
| - MUAs and Mail Service Providers (MSPs) (a) discourage the use of | ||
| cleartext protocols for mail access and mail submission and | ||
| (b) deprecate the use of cleartext protocols for these purposes as | ||
| soon as practicable. | ||
| - Connections to Mail Submission Servers and Mail Access Servers be | ||
| made using "Implicit TLS" (as defined below), in preference to | ||
| connecting to the "cleartext" port and negotiating TLS using the | ||
| STARTTLS command or a similar command. | ||
|
|
||
| More specifically: | ||
|
|
||
| The STARTTLS mechanism on port 587 is relatively widely deployed due to | ||
| the situation with port 465 (discussed in Section 7.3). This differs | ||
| from IMAP and POP services where Implicit TLS is more widely deployed on | ||
| servers than STARTTLS. It is desirable to migrate core protocols used by | ||
| MUA software to Implicit TLS over time, for consistency as well as for | ||
| the additional reasons discussed in Appendix A. | ||
|
|
||
| However, some have conflated | ||
| [SMTPS](https://en.wikipedia.org/wiki/SMTPS) with implicit TLS on | ||
| port 465, which is not the same thing. In particular, section 7.3 of RFC | ||
| 8314 explains that SMTPS was briefly assigned to port 465 and | ||
| subsequently revoked: | ||
|
|
||
| > ... | ||
| > Unfortunately, some widely deployed mail software interpreted "smtps" | ||
| > as "submissions" \[RFC6409\] and used that port for email submission | ||
| > by default when an end user requested security during account setup. | ||
| > ... | ||
| > Although STARTTLS on port 587 has been deployed, it has not replaced the | ||
| > deployed use of Implicit TLS submission on port 465. | ||
| To reiterate, "Implicit TLS submission" which is defined in section 3 | ||
| is not the same as SMTPS and you should use port 465 over port 587 if | ||
| possible. Another point of confusion is the use of SSL on port 465. As a | ||
| result, you\'ll find many resources on the Internet claiming not to use | ||
| port 465. It is true that you should prefer TLS over SSL, but port 465 | ||
| is not deprecated. | ||
|
|
||
| !!! note | ||
| The RFC also states: | ||
|
|
||
| > Note that there is no significant difference between the security | ||
| > properties of STARTTLS on port 587 and Implicit TLS on port 465 if the | ||
| > implementations are correct and if both the client and the server are | ||
| > configured to require successful negotiation of TLS prior to Message | ||
| > Submission. | ||
|
|
||
| The key phrase here being "require successful negotation". If STARTTLS | ||
| is not configured this way, then it is less secure than Implicit TLS. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters