Lock your /etc/resolv.conf in OpenWRT

OpenWRT hate me and I hate it too ! Yes it’s a weird intro but it’s true. Each time i need to edit any setting on their web interface i start cleaning the flat or find something else to do. I’m used to managing classic Linux systems via SSH but I can’t find anything in their system. Even defining you DNS resolver is hard on their system. Ma Internet connection is provided thanks to DHCP which means i get the IP settings AND a DNS resolver.

Web ≠ Internet

There are some things bothering me. For some it’s the Interpunct (there is a global french crisis about it in France), for others it’s la digitalisation (in France the translation for digital it numérique which comes from numbers (0 and 1) but many use the world digital which in French is an adjective meaning “about fingers” like fingerprints are empreintes (prints) digitales), others despise blockchan leading to disrputions but my Nemesis is using « Web » and « Internet » exchangeably.

AV1 is released !

You may not be waiting for it but it’s coming. AV1 is a brand new video codec. One more but this one is made by AOMedia and that’s what matters. AOMedia : Alliance for Open Media AOMedia is a new consortium quite which aims to provide the world with a royalty-free codec. It may looks strange but nearly every major video codec came from a single actor : the MPEG-LA which specialized in selling licences for all its codecs.

Sisyphus the spam mover

I already talked about my mail stack. Some months ago i added a new antispam to it. Firstç there is Postscreen in frontline (almost in before Postfix) which rejects something like 80% of spam before using any resources. Then I use Rspamd which works after Postfix and before Dovecot which also removes all the remaining spam. Last there is Sisyphus which works after Dovecot, directly on the maildir. Yes, it’s clearly overkill.

GLSA from Gentoo

I realized I never talk about Gentoo on my blog. It’s by far the best Linux distribution. Instead of trolling, Gentoo is good because (but not limited to) you can quickly check if your system is vulnerable to a known security breach. GLSA Gentoo isn’t a giant distro with lots of devs but is still pretty well staffed. There are multiple dev teams with different focus with one dedicated to security.

Reverse proxy, 6 months later

Last september i wrote about setting up an nginx micro-cache in reverse proxy, so here i a little feedback. Since then i didn’t changed the settings excepting the caching duration which i increased to 10 minutes. On the maintenance side, nothing to do. Everything works fine on its own. Sometime I want to clear the cache manually to try some edits without waiting cache expiration. In those case a little rm /var/www/lecache/* and it’s done.

We all depend on registrars and registries

Purism just suffered from a massive dns outage. All their websites were down. What caused this ? It appears their domain name was unreachable. After looking for a bug in their DNS servers, their was nothing to be found. The registrar It came from their registrar. The registrar is the entity from which you rent your domain name (no you don’t buy a domain name). They phoned to the hotline but apparently nothing were wrong on their side.

International Fixed Calendar or CAL13

International Fixed Calendar or CAL13 is a different calendar system than ours. It uses 7 days a week. With 4 weeks a month. So each month last 28 days. And there is 13 months a year. Just add a white day each year as a day off to get your 365 days a year. What does it looks like ? Here is your monthly calendar which works for every months.

Meta-news about the blog

Two months after introducing fast-posts here a small report. Rythm I think i reached a nice regular rythm to publish new articles. It’s not a difficulty anymore. It’s now easier and more natural to write content. It’s a even a real pleasure to write. Creating a distinction between traditionnal posts and fast-posts was a good decision which let me being more spontaneous. Layout I tweaked a bit the site layout.

Multi keyboard layouts in Xorg

I really like keyboards. I often plug multiple keyboards on my computer… at the same time. It’s a bit pointless but I like fiddling with keyboards. My main keyboard is in a slightly tweaked bépo (a dvorak-style french layout) while most of the others are in azerty and even some in qwerty. So I configured Xorg to provide these features : My main board must provide bépo, azerty and qwerty Other keyboards must provide azerty, bépo, qwerty Right Ctrl must be the Compose key Ctrl-Alt-Backspace must kill the Xorg session Left-Shift + Right-Shift must cycle the layouts So all of this can be configured in /etc/X11/xorg.

Filmmenu, a little script to launch movies

Here is a quick blogpost to show you filmmenu. I use a NAS at home with many hard drives and many partitions. I don’t have a RAID (no need) so my files are scattered in all partitions. All my datas are well sorted except for movies which are in multiple partitions. So when I’m looking for a specific movie, I never know where to look at. So I wrote this think :

Mozilla starts restricting new Firefox features to HTTPS-served pages

In its quest to a safer web, Mozilla just announced they are going to restrict new firefox features to webpages served through HTTPS. Even if i’m completely convinced that HTTPS should be used everywhere i reckon that it can’t be done in all cases. Sometimes it’s not possible to deploy HTTPS. Here is some examples which come to my mind : - If the webserver isn’t connected to the Internet, it’s getting complicated to get a valid cert (it’s a completely legitimate use case to deploy a webserver without Internet access).

The death of Vimperator : how does an opensource software die ?

It’s over for Vimperator. While Firefox dropped its old API, Vimperator couldn’t survive. I don’t know why but it’s with a pinch in the heart that I see the closing of the github issue which could have saved it. There is nothing new. We knew it for more than a year but today is the day. Just with the little red icon notifying the end. The repo will still be there with the code and all to be archived.

Monoculture disaster in the CPU world in early 2018

Monocultures proved multiple times they were risky not only in the IT world. When you plant only one type of vegetables, you risk losing everything when an insect or a disease chooses you. Today, time has come for Intel CPUs to suffer. Intel’s monopoly Intel is a leader in CPU for many decades and sometimes it becomes a monopoly. It’s like this for at least ten years. AMD is just recovering thanks to its new Zen architecture after ten years of despair.

Last 2017 Firefox' Drama

Mozilla had a great year. Since Chrome’s first release and its gigantic marketing (remember those video ads, giants billboards in all inhabited place, and all those links on Google’s websites…), Firefox’s market shares slowly diminished. But Mozilla is awakening and many of its efforts starts to show off. Now Mozilla release “oxidized” Firefox (it means they are implementing more and more code written in Rust (rust… oxide… it’s not my idea, it’s semi-official)) and rebuild all its infrastructure with some trade offs.

AMD Graphic Drivers 2017

In 2007, AMD adopted a new strategy about their graphics drivers after their ATI acquisition. They decided to help opensource graphics drivers developers by releasing a lot of documentation. A few years later they helped more by dedicating some of their devs to the opensource driver. Again, they later adopted a new architecture where their proprietary driver and the opensource one share the same kernel module to mutualize devs efforts.


Here is a new section on my web site. Fast posts. I post more and more on my site. I try to produce content of better quality. Articles become longer and need more work. You probably notice that i greatly increased the release rythm. At first it was tedious but it comes more naturally now. I find it quite appealing writing on my site. I’d like publishing more regularly but if i stick to big complexes articles I won’t be able to sustain this effort for long.

My software wishlist : Vol1

Here’s my 2017 letter to Santa Code. I don’t think all my wishes will be answered but we never know…


It’s been some months now that i migrated to Qutebrowser. It’s a small web browser not so popular which differentiate itself not by it’s engine (but in fact yes a bit !) but thanks to it’s user interface. It’s clearly not intuitive but it’s blazingly fast and efficient ! Web engineS Qute can use many engines. First there is the good old webkit in it’s Qt flavor. But this one is on the road to deprecation Then you can use webkit-ng which is the direct successor.

Ultimate DNS guide v1

I’m revamping my DNS stack. For the two of you won’t don’t know what DNS is, it’s the reference directory of the Internet. It’s oversimplifying to say it like that. If fact DNS is a replicated, delegated big database. Translating an hostname to an IP is only of its purpose. Let’s go for the 2017 DNS Mega guide !

Easily manage your dotfiles with git

I tease you from time to time about this topic so here it is. I’ll show you how i manage my dotfiles. It’s a recurring subject in the linuxian world and everybody use a different solution. Some use a soup of symbolic links in every directions to centralize everything in one easily copy/pastable directory. Others rely on personal scripts or even software like GNU Stow. Some nerdier use Makefile as a way to get themselves out of this burden (and in fact it’s not so crazy).

Using CAA dns records to protect your TLS

There is a global move toward better crypto security since Snowden revelations. It’s a good thing. More security and more privacy is a good thing to everyone. It’s better when it’s well done if not it’s counter-productive. Letsencrypt is a big contributor to the actual trend by democratising x509 certs thanks to its easy to use protocol and it’s very competitive pricing. Certificate Transparency Like many CA (certification authority : the one who sign your certs), Letsencrypt adopted the Certificate Transparency.

Leveraging nginx microcaching to boost your perf and prevent downtime

As I have a dedicated router now, find myself shutting down my server from time to time. My website (hosted on the server) keep on being accessible. On the router side, i installed a container with an nginx proxy server. Connections to the website goes throught it. It acts as a cache when the upstream server is down. But to always have up to date content I only use 1 second of cache.

Substring History Search in ZSH

Our unices shells are wonderful tools to interact with our OS. That’s my main user interface. I use it for everything. I only use three graphical softwares : a web browser, a media player and a terminal emulator. That’s all. I admit that i have a very volatile memory. I can’t remember a thing I only do once or twice a year. I forget a lot of commands. That’s why i use Foldcat as seen earlier.

Unmount your root without reboot

Don’t you ever need to unmount your linux’s root partition ? No ? Why ? hummmm I don’t know ? maybe to do special things on the FS like resizing it or moving it to a new device ? You can’t unmount it while you running OS resides on it. If you can’t boot on a livecd (no more optical disk player) nor a thumbdrive (you’ve lost all of them like me) you’re doomed !

Foldcat : text hints will browsing your folders in your shell

You can’t remember things you did only once or twice like me ? You install exotic things you use very infrequently and it’s always hard to remember how to use ? So you go in the said folder, you go through any hint you can find with ls / tree / –help. Not bad but very inefficient. Let’s improve this ! Foldcat : the cat from the folder Does your cat flee from any room you enter while rushing in your feet ?

Keep rsync from filling an unmounted partition

Rhaaa Linux and it’s filesystem hierarchy. That’s so good ! Rhaaa Linux and of it’s mounting point system. That’s so good ! I love these features. For real ! That’s no sarcasm nor ironny or typos. It’s a great thing to being able use many mount points. Having lots of different filesystems on many devices. That’s so flexible. There is just a little wart on the face. When you have an automated script running regularly to backup many things from many machines on an unmounted external hard drive disk… you have to clean everything and mount the said hdd.

Managing Gentoo's overlay without layman

Gentoo’s overlays are portage’s tree extensions. Portage is the big repository of ebuilds of Gentoo to installs all your favorite softwares. Gentoo is pretty well stuffed on this side. But sometime you need an exotic soft unavailable in portage. Some people provide overlay containing softwares that you can add in your Gentoo. To add an overlay, the official way is to use layman. But let’s be honest, it can be done without it quite easily.

Start services in tmux at boot times

It’s a trivial thing to automatically start application during the boot. But in fact not that much. It’s your init’s job to do this. It should be something easy (huh systemd ?). Starting a command inside tmux isn’t native to current inits. Here’s how to do it. First we will start with OpenRC init file (sorry i won’t tro^wtalk about systemd). So in /etc/init.d/tmux you put the right shebang and in the start() section you put :

Dinamycally updating your DNS zones

A small blog post to me. How to dynamically update DNS zones with this shitty syntax i forget everytime ? To change a A record : server zone lord.re. delete lord.re A update add lord.re. 600 A a.b.c.d send Easy but so forgettable. You can put all this in a file and take nsupdate to eat it or type it interactively. To do it remotely you’ll have to generate and use crypto keys.

Multi devices BTRFS

As i’m sick this weekend, what’s better than playing with virtual machines and BTRFS to heal ? I’ll soon renovate my NAS and i’m considering using one BTRFS spread on multile devices. It means having one file system on multiple hard drives so your OS will only see one big contiguous space. And I’ll be able to play with all btrfs features. :-) LVM RAID to the trash can I know some of you will be triggered but i never really liked LVM and RAID.

IP Proxy Logs Nginx Reverse

The most explicit title ever ! Have you noticed that when you use nginx as a reverse proxy, your web backend ? It’s 100% logic but not so convenient. So how to change this behavior ? Dura lex sed lex You should know that as a web service provider you legally must keep connection logs. The law isn’t really clear about wich informations you must log but we know for sure that date and time, IP and the asked ressource is the bare minimum.

Devtmpfs and Udev are on board of a boat

I’ve been awakened this morning by an electricity outage. A sunday morning at 6’o’Clock listening to Uninterruptible Power Supply (UPS) babbling. Each beep more and more oppressing. One beep closer to death. An interesting race : which UPS will last longer ? Suspens ! Team TV (ONT, media player, TV) or Team Server (server) or Team Computers (two computers, switch, wifi AP). Sadly Team Server fell first. The two other teams are waiting silently while listening to awakening cicadas.

Mom goes to retirement

With a pinching with the heart i announce you Mom’s retirement. Mom was my small dédibox (dedicated server from online.net) which did a lot of things. I know that i’m a fervent advocate of self-hosting but i still rent a dedicated server in a datacenter.This machine serves me well for 4 years. Here comes Zoid. It’s a bigger beast than mom so it will be easier for him. But now, in hindsight it will probably let me do more things.

BTRFS snapshots

My shiny Gentoo runs on BTRFS for some time now. This Filesystem is fun with all its features. One of its best features is the snapshotting system. It’s my favorite :-) . An on-the-fly free instant backup. Isn’t it a dream on this day of World Backup Day ? (it’s been three days i know). You should know that btrfs works with subvolumes (a bit like lvm) and you can snapshot a subvolume which will be a subvolume !

2013 - Handmade CSS.

It’s time for another post about a new css redesign. Bootstrap is nice but what I prefer the most is creating the css design. So using something to do it isn’t the best deal. Creating new content is hard but poking the css is easy and fun. So I totally redid it. I simplified the menu bar and removed some useless stuff. I nearly didn’t changed the html. Some little edits there and there and here you have a brand new css.

CSS tweaks

When you rely on Bootstrap css, your website looks like every other trendy websites. So i tweaked a bit my lil monster. I overcharged the original css with a custom.css . It let’s you change the design without breaking bootstrap. And if you upgrade bootsrap, any change you made will persist. First to be a special snowflake : change the font. This change is tremendous ! It has a bigger impact than you would think.

Throw you livebox out but conserve your TV service

PS 2017 : This tuto is completely deprecated since PPP will soon be removed in favor of DHCP (but still with exotic options) Here it is ! The holy grail is at home ! FTTH. Fiber. Holy molly this marvelous plastic thing which makes me dream has come. I got it. I subscribed to an almighty symetric 100M from Orange. Such a nice Internet connection. Symmetric bandwith is a wet dream for most geeks.

Basic survival guide in vim

You were following a crazy tutorial frow the web where they asked you to open a file in vim and now you’re stucked in this fucking black console and you can’t write anything. You can’t even quit ?! Ok, here is the bare minimum to know how to edit text and how to exit this shit. To open a file in vim : vim /my/file It’s like any other console editor.

Vim : The linuxian bestfriend

The classic : blogpost about vim. Every linuxian will write it. So here’s my ode to the god of text editors. First : you need to figure yourself that using a good text editor is a crucial thing. You must know and understand how your OS works. If you use a decent OS (linux), you probably know that almost anything can be done by editing text files. A lot of OS try to follow the famous concept : “Anything is a file”.

A new browser for new oceans

It’s been a long time coming but here we are. I prouldy used Opera for many years. Since the released the 7.11 so almost ten years now. The cute little red panda still was a bird when i discovered tabs (not totally true but i’m too ashamed to admit i used an IE overlay). In ten years i discovered so many features more or less popular/exotic. I nearly tweaked all its ini files to mold it to my desires.

Bootstrap the website

It’s time ! What should be has been done. A new design for my weblog. And this time i fell in the infamous twitter’s Bootstrap. C’est clean and classy. It’s almost the same thing as every other website but it’s convenient. Bootstrap is a combo of javascript and CSS to make clean website in a breeze. You just need to apply some classes to your elements. A little span9 and it inherits all the properties.

A Modern linux desktop

Yes the title is quite pretentious and some would say a bit misleading. But, i just reinstalled a brand new Gentoo on my old laptop from 4 years ago. The small Arch which ruled just passed away (a sad update story about not using/updating it for some months) so this time i wanted to get back to my beloved Gentoo. No more traitor in my geekdom. A small fleet of Gentoo.



Yet another new website revamping

Once again i’m wandering what to do with this website. Creating more content more regularly as a true website ? I could motivate me more and be please you more. I’m quite confident i could provide you with more interesting content. It could serves me well too (i’m one of my biggest reader). If so, do I continue to use my actual one-big-file-webstite not so crappy ? Do i use a real CMS (maybe static) ?

Hack^wFixing some Gentoo.

Imagine that by some pure randomness you were to use a poor abandonned Gentoo. You want to update it and you find yourself in a state where glibc can’t be emerged for whatever reason. So you have to find a way to fix this. How ? Here comes the other friendly Gentoo You’ll have to involve another Gentoo to build your package and then install on the broken one.

Let's Protocol !

So, what if we played a bit ? We will speak some network protocols by hand through a socket (netcat or telnet). Ready ? SMTP Gogo SMTP : Sending an email like a tru3 h4ck4r. nc monserveursmtpfavoris.com 25 EHLO myfavoriteserver.com MAIL FROM: mylogin@myfavoriteserver.com RCPT TO: myrecipient@hissmtpserver.com DATA One supa mail . Ok you’ve just sent a slick mail by hand. Now that you are convinced that SMTP is easy, what about IMAP ?

A bit of polish

And here comes a bit of modernisation. A new design full of gradient thanks to CSS3. We can at least create dynamic stuff easily and quite appealing designs. No pictures required.

PS 2017 : I changed the design but still use the same tooling. Still true !

Ho hi !

Hit me again I’m not dead yet ! I just fixed a long standing bug i was facing on an asus g50 laptop : outputting audio from the jack. It was really easy but never found out before. I just added a line in /etc/modprobe.conf : ```options snd-hda-intel model=m51va position_fix=0 I admit this article won’t be of a great help but my future me reinstalling a nunux will probably happy to find it.


There it is, i changed my hosting. Well I changed my multi purpose computer. I switched off my good old server which once was my primary workstation. A watercooled Opteron 165 dual core in a giant Twelve Hundred case by Antec. I now use a mini-itx pc based on an Intel Atom D510. Perfomances probably decreased but it now fits in a Fractal Design Array R2 ! Elecricity consumption and noise are more manageable now.

Farewell MSN

Alright, I’m done with msn … i think that was the last proprietary thing i used. I’m now close to a full libre ecosystem. I think there are still Nvidia and Intel drivers on my laptop ( and Team Fortress 2 on the other pc).

Jabber here I am !

During my questo to digital independance, to freedom and privacy I now just installed a jabber server (ejabberd). I’m going to leave msn, icq and all. You now can contact me through jabber with my mail adress. It’s quite clean and way better than Microsoft Shitty Network. I also installed a tiny wiki for my personal “GED”. PS 2017 : I quitted jabber some months later. I don’t need it. In fact the only instant messaging i still use is IRC.

New kernel not for fun

I just changed my kernel from an openvz patched 2.27 to a brand new 2.33.1. I also add some crucial options which where lacking : the redirect target for netfilter (yes i forgot it), then the nfs server support (to enhance my pxe) and the kvm support (instead of openvz). Stay entertained dear readers and keep having fun until next time on my future new CMS (aiming to run on less than 1MB of ram).

Let's monitor our lan !

While i migrated from Debian to Gentoo i didn’t reinstalled Munin. I’ll do it now. Munin can make graphs about nearly anything… It’s a client/server system relying on small scripts. Let’s start with a little emerge munin. And it’s nearly done. You just need to add the clients in /etc/munin/munin-node.conf by following the syntax you’ll find in comments. On the client side, you must choose the plugins you want to use by creating symbolic links.

Playing with OpenVZ

OpenVZ is a virtualization system for linux different from the others. The host use a specialized linux kernel compiled wich is shared with all the guests. You can’t virtualize any OS but with linux systems you’ll have nearly natives performances. If you need more informations →→ wikipedia & google ←← I wanted to play with my tiny Gentoo. It’s a small headless machine used as a personal server. I had to use some graphical software while using my windows laptop.

Optimisation of the webserver

As I only have a small basic french ADSL connection, my upload is very limited. So, when you visit this wonderful website, the page load time could hurt you. To try to mitigate this I enabled the gzip compression. In my case the difference is astonishing ! The file size decreased by 4 times. To do this i just had to edit /et/lighttpd/lighttpd.conf . Just uncomment the line mod_compress and add these two lines :

An ounce of ViM to change your mind

This time i had a dumb idea : colors in syslog in vim ! So i’m browsing vim.org, looking for a script. I download the file to ~/.vim/after/syntax/syslog.vim . Then a small edit in ~/.vim/filetype.vim to add : augroup filetypedetect au! BufRead,BufNewFile /var/log/syslog set filetype=syslog augroup END And there you go ! Next time you’ll open your logs you’ll have a rainbow of despair :-D PS 2017 : I don’t use it anymore.

Adding PostGrey and …

Wow so classy ! My first title with an ellipsis ! Ok this time i was quite fed up of all this spam. My webstack isn’t as clean as I intended. I rely on postfix, procmail, dovecot, roundcube. It’s a gmail-like combo but self hosted. I want to connect to the stack with thunderbird and playing with it’s lightning plugin to have a synchronised agenda, calendar, tasklist with my smartphone. I’ll probably use funambol that i’m currently testing.


Holy shit ! I’m posting more regularly ! I’ll soon become an influent blogger ! Well. As I said earlier I decided to fix the encoding mess. To be quick i changed my locales to only have en_US.UTF-8 UTF-8 . I created /etc/env.d/02locale where i force my locales variables and it’s done ! Now I only need to configure goold old Vim and ugly Putty to make them only work with utf-8.


I’ll follow the trend to degooglify myself starting by letting go my gmail account and start using my own mailserver. I decided to use the “classic” stack of postfix/dovecot/roundcube/procmail. I can’t say it was an easy move. It was quite some work to study and set up everything but it’s a huge step to be free. It feels normal to host this essential piece of my communications. It may be less efficient or stable than relying on Google (i’m gonna need an UPS) but it’s needed.

Migrating to full ssl

Just some words to announce that i forced SSL on this webserver. It shows my crypto-anarchist anti-hadopi (french law against piracy) side and I know that you like me to burn my CPU more to show you boring webpages with pointless articles.

Switching webserver

I just switched the webserver from the big ol’ Apache to the tiny Lighty. It feels quite user-friendly this one. Way lighter and with a nicer configuration file.

It’s so easy to set new vhosts. So now I’ll try optimizing lighty and mysql to eat less ram…

As a nice guy I provide you some nice reading

Here it is, I migrated from Debian to Gentoo and i transformed this pc to a server… I removed X. This made it feels way lighter. Without the webserver running it only eats thirty MB of ram. That’s way better than the 250 eaten by Debian. And it’s all heavily customized. Enough reading for today. Cya.

Yet another new website !

Yes, for the Xth time i remade my website from scratch with a handmade CMS. As usual i do my best to have an xhtml-valid website. Even text webbrowsers can render it correctly !

I hope that the new (web 3.0 certified) will suits you as much to me.