The year is (roughly) 1989, and we have a small office with some Unix computers and a handful of Facit A2400 terminals connected to them. What we love most about these terminals is they are positiv...| jpmens.net
I commented what an amazing and fast job the people of media.CCC do on streaming and subsequent encoding as FrOSCon, say, and Stefan mentioned they do so mostly with open source tooling. That page and some of what it links to piqued my interest, and that’s where I found another Keepass lookup plugin for Ansible. (Note that the project mentions their use of Ansible is outdated.)| Jan-Piet Mens
Unless you’re not interested in Debian Linux at all, you’ll have heard that version 13 (“trixie” – remind me to tell you why that name’s hilarious to me when we next have a beer together) is out, and as such we, that’s Christoph and I, created OwnTracks Recorder packages for it.| Jan-Piet Mens
When I recently began using Opengist, I wanted to be able to clone gist repositories to the file system so as to update their files, commit them, and push them back. I purposely disabled SSH access...| jpmens.net
I use a Web browser to present slides during trainings, and I have a terminal open in a browser tab, so that I can quickly switch to the tab and type in a command or two in a shell without mucking ...| jpmens.net
I got tired of attempting to get shell scripts to produce valid JSON. You’ve likely seen something like this before: echo '{| jpmens.net
Tony wrote a year ago that he’d been “procrastinating this migration for years” which means that I’ve been doing so for “years + 1”. Actually, I first attempted the task in 2023 sometime in the mid...| jpmens.net
When the GnuPG utilities (gpg) request the entry of a password or PIN they use a program configured as pinentry-program in the user’s configuration. For instance on my Mac, I have the following:| Jan-Piet Mens
I like being able to give realistic examples when I give trainings, and I address the pros and cons of Ansible Vault when we spend a few minutes on that topic. For years now I’ve had a bit of a bee under my cap: would it be possible to unlock a Vault file with a smart card? I know it’s possible using, say, a Yubikey with an age key on it, but how about a GnuPG-compatible smart card? And what if the smart card were local and the unlocking had to be triggered remotely?| Jan-Piet Mens
I’ve been asked a few times over the course of the same amount of days, what would happen if the powers that be began deleting top-level domains (TLDs) from the DNS system, and whether there is som...| jpmens.net
Many people use some form of manual fumbling configuration management to create or manage content of remote machines’ ~/.ssh/authorized_keys files, and whether it’s the likes of Chef, Puppet, Ansible, or your particular poison, the principle is the same: SSH public keys are copied into static files on the target systems. This works very well and is a well-understood technology. (At this point I’ll remind of the existence of ssh-copy-id, likely easier and less error-prone to use than man...| Jan-Piet Mens
Peter Eckel has been busy adding support for describing DNSSEC Key and DNSSEC Policy templates, also known as Key and Signing Policies (KASP), to NetBox DNS. The idea is that I can document one or ...| jpmens.net
deSEC is a DNS hosting service which is free of charge to use, and I think it’s now particularly important to underline they are organized as a registered non-profit organization in Berlin, Germany...| jpmens.net
One of the talks from the DNS Devroom at FOSDEM 2025 I watched online was by Peter Eckel about Netbox. I hoped I would learn a bit about the tool, which I didn’t, but I did learn about the history ...| jpmens.net
I’ve shied away from using NetBox for years now, but this past week I decided I should at least know a bit about it, so I tried to grasp the basics. Thanks for wonderful chaps on the Fediverse who ...| jpmens.net
So you want to do configuration management for systems that don’t have special software installed on them? You don’t want to spend a lot of time learning said management tool? You want to spend mor...| jpmens.net
This text was supposed to mark the tenth anniversary of OwnTracks, but for whatever reasons, I miscalculated, so here we are ten years after our first anniversary. The team around OwnTracks has ch...| jpmens.net
I mentioned the other day how sad it is that so many links end in 404 after a short while, and I got a reply that it might be 410. Actually, it’s also often a 301. Be that as it may, and to distan...| jpmens.net
The #enshitification of the Internet continues with Authy shutting down its desktop app. I’ve been using Authy for several years, and have appreciated how it synchronized TOTP between desktop and m...| jpmens.net
A zone digest is a cryptographic digest, or hash, of the data in a DNS zone which is embedded in the zone data itself as a ZONEMD resource record. It is computed upon publishing the zone, and it ca...| jpmens.net
I’m just the messenger; don’t kill me. The user who asked the question and I both well know the security of logging in via SSH can greatly be improved upon by using SSH keys instead of passwords. ...| jpmens.net
When documenting my experiences using a SmartCard-HSM for DNSSEC I linked to a post by Remy van Elst in which he discusses using a CardContact SmartCard-HSM with SSH, and I thought I’d try that, fo...| jpmens.net