Today I wanted to mount an iPhone inside a KVM-based VM. My host is Ubuntu 15.04, the guest is Windows XP. Well, it didn’t quite work at first because the host kept stealing back the phone’s USB connection. The culprit was usbmuxd, a “USB multiplexing daemon” that handles communications with iOS devices and Linux. To temporarily overwrite its behavior I added an empty udev rules file:
$ sudo touch /etc/udev/rules.d/39-usbmuxd.rules
This rule file (which does nothing) takes precedence over the original rules in /lib/udev/rules.d, with the result that it would no longer trigger the usbmuxd daemon whenever an iPhone is detected on the USB host.
Reload udev with:
$ sudo udevadm control --reload-rules
And now, it’s time to run the TaiG Jailbreak.
I was fiddling with the fonts on my Linux notebook today, and I thought, why not upgrade all the Windows-based fonts with the latest fonts from Windows 10 (preview version)? Well, something definitely got changed and I don’t think I like it.
Recently I purchased a Samsung 840 Pro SSD for my frayed old notebook (a Thinkpad X200s). It’s a self-encrypting drive where data is always stored with AES-256 encryption. But first, to benefit from the encryption, I needed to encrypt the underlying encryption keys. One way of doing that is to set an ATA user password for the drive, which is supported by the BIOS of most notebooks.
But there is a problem.
BoringSSL is a Google fork of OpenSSL. It includes various interesting patches, including an implementation of the ChaCha20 cipher. In addition, BoringSSL allows you to group cipher suites of equal preference:
In this article I show you how you can tweak your nginx configuration to take advantage of this feature.
tcpdump -i lo -s 65535 -A -ttt port 11211| cut -c 9- | grep -i '^get\|set'
Windows doesn’t automatically reconnect VPN connections when you resume from standby mode. Sometimes this can be annoying – for instance when you are using someone else’s Internet and want to make sure that your connection is always secured through the VPN. To fix this, I created a task that automatically connects to a predefined VPN whenever you resume Windows.
Did you follow the guide how to install strongSwan 5 on Debian Wheezy? You may have noticed that strongSwan doesn’t automatically start when you reboot the server (tested with 5.1.0-3~bpo70+1). The fix requires a small modification to
udpnat is a useful tool to figure out the optimal interval for sending out UDP keepalive packets in a specific environment. From the description:
Today I ran into a problem with IPsec Xauth PSK and the built-in Android VPN client (Android 4.1.2), resulting in some sites (such as www.yahoo.com) not loading through the VPN tunnel. Turns out I was dealing with MTU issues. When the Android VPN is started, it sets the MTU to 1500 on the tun0 interface:
Update 04/20/2014: Adjusted to take into account the modular configuration layout introduced in strongSwan 5.1.2. Tweaked cipher settings to provide perfect forward secrecy if supported by the client.
This article is a step by step guide on how to prepare strongSwan 5 to run your own private VPN, allowing you to stop snoopers from spying on your online activities, to bypass geo-restrictions, and to circumvent overzealous firewalls.