Enabling TLS-only SMTP on port 465 with Postfix

Enabling TLS-only SMTP on port 465 with Postfix

This was annoying to find Googling so I hope this article helps finding the information more easily.

In the end it's very easy, just add (or uncomment)

-o smtpd_tls_wrappermode=yes

In /etc/postfix/master.cf under smtps inet .... This will run the Postfix SMTP server in the "non-standard" "wrapper" mode, requiring establishing a TLS connection instantly instead of requiring use of the STARTTLS command and being potentially vulnerable to MITM.

It is however recommended to keep using port 25 as well and allow STARTTLS there, this use of port 465 (smtps) seems to actually be standardized in a way, but can confuse older machines, I had some ancient online test break.

NB! This feature is available in Postfix 2.2 and later, if you have an older Postfix version you should really update.

HP MSM720 NTP

How to get HP MSM720 syncing with NTP server

In case you've configured your HP MSM720 from the console, set the NTP type to ntp, and you were wondering why the debug log shows something akin to debug mgetdate Failed TP time synchronization using server time.serv.ver then the mistake is actually very simple.

Issuing ntp protocol ntp means the controller will set the time synchronization protocol to Time Protocol not Network Time Protocol, obvious, isn't it? Just set it to sntp and you're somewhat golden, it's not super accurate but it'll work with more up-to-date things. Though that too has a small issue, it syncs the time very very infrequently, only once every 24h or when you click "Save" in the WebGUI, but it does sync if you were wondering.

Logitech Z4 remote replacement

I recently bought myself a set of Logitech Z4 speakers, unfortunately they didn't come with a remote and the set doesn't work at all without it. So I had to bypass it based on information lying around on the internet. Ironically the most helpful has been a terrible thumbnail that talked about what to connect to bypass having a remote.

Bad PDF thumbnail

Short summary for those that don't want to try and read the image:

4 - 5 for power on (do not misconnect, shorting power to ground or wrong pin will require repairs!)

6 - 7 for right channel enable

1 - 2 for left channel enable

6 - 3 and 1 - 3 trough a 1MOhm resistor for a reasonable amount of bass

Old games being lost to link and disc-rot

After accidentally stumbling upon on the old games I played as a kid I decided to do a bit of research about who made them and when. But it turns out that most of these games were made by indie gamemakers, basically only free(crap)ware sites have any mention of them - it's a first that they're useful. Quite sad.

In order to reduce the bit and link-rot I'm going to try and improve the data available out there and will try to add short descriptions to my own blog, I can't be the only one Googling this:

  1. "Paksukese seiklused" - originally Fatman's adventures were created by the game company called Another Day Ltd. http://www.anotherd.com, redistributed (and changed by, I think, I've seen two different title screens) Shamrock Games http://www.shamrock-games.com. Estonian localization was made by Ase Computers http://www.ase.ee. Interestingly the game also has sequels but I'm certain those never entered Estonian market. I tried finding copies of the sequels, but no dice. If you have copies of the sequels please contact me!
  2. [To Be Cont.]

Xiaomi Mi 9

I bought a Xiaomi Mi 9, it's a really nice phone. Although it doesn't have a 3.5mm and SD-card slot the rest of the upsides make up for it.

Initial impression is good, everything works as promised although MIUI needs getting accustomed to.

Update: After using it for a few months I am not really complaining, everything I need works nicely and MIUI hasn't generally been an obstacle. The only time I've been annoyed so far was when MIUI blocked bulk contact deletion, very stupid "feature".

GNSS

I also tested out the dual-frequency GNSS, works nicely I can pick up GPS, GALILEO and GLONASS on both bands. However there seems to be no SBAS support on the Xiaomi Mi 9 even though the Snapdragon 855 should support it, maybe it'll get added but looking at how it wasn't promised then I somewhat doubt it unless someone hacks it together. Turns out that they're not always visible, the SBAS satellites. The Mi 9 has SBAS support and it works nicely.

List of satellites I could receive on a passenger plane

Under-screen fingerprint

The under-screen fingerprint scanner works nicely, just as good if not better than what I've seen on other phones. I wouldn't trade it for front-button or back scanner, it's IMHO easier to scan your finger using the front side you're using your phone with anyways.

Gitting git not to be a pain

Are you tired of git always pestering you about your password in one of your 100 repositories cloned into your system? Even worse, do you have multiple git accounts and it's just absolutely maddening?

No longer do you have to search for "git permanently store password" or "git credential helper cache infinite timeout"!

There's a solution to this maddening behaviour, just edit your .git/config and your troubles are over, no more stupid behaviour

[user]
                  name = Username
                  email = Email
                  password = Password
          [credential]
                  helper = cache
          

And git just becomes usable.

P.S: You might get:

$ git fetch
          remote: Repository not found.
          fatal: repository 'https://github.com/TaaviE/Gadgetbridge.git/' not found
          

Just delete ~/.git-credentials, git can't handle storing passwords for multiple accounts properly :')

References

  1. https://stackoverflow.com/questions/39239417/git-credential-helper-causes-repository-not-found-error?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
  2. https://stackoverflow.com/questions/5343068/is-there-a-way-to-skip-password-typing-when-using-https-on-github

Posted by TaaviE on in Linux. updated Tags: git.

Weird quirk in ReST with code blocks

In some weird cases (I've been unable to determine so far) Pelican will throw you a generic error about an unexpected unident in your code block like this:

ERROR: Could not process inputfile.rst
            | SystemMessage: /inputfolder/inputfile.rst:55: (WARNING/2) Definition list ends without a blank line; unexpected unindent.
          

Turns out that in order to fix it, you have to have an empty line before the beginning of the code block (in addition to the one in front of it), then it gets parsed correctly. Seriously annoying caveat if you're new to ReST.

page 1 | older articles »