Wiki

🆕 Windows 11: Best Airliner Addons for Microsoft Flight Simulator

Microsoft Flight Simulator 2020 has turned into a beast with amazing addons that make this simulation extraordinarily realistic and fill the world with immersion. I would like to compile my personal favorites of mandatory addons that will keep the simulator stable and make airliner pilots cry of joy.

🆕 Windows 11: Prefer IPv4 over IPv6

While IPv6 is finally being deployed by most ISPs, many of them still provide a much better IPv4 peering, resulting in slower downloads when using IPv6. When an ISP does not yet offer native IPv6 connectivity, some users may have deployed IPv6 tunnel broker services on their routers. Windows 10/11 uses IPv6 by default, so any download from a dual-stack connected server would abuse the tunnel broker's bandwidth. To avoid this, Windows should be configured to prefer IPv4 over IPv6.

🆕 Linux: The time is right for ECDSA certificates

Elliptic curve certificates are much smaller, leading to faster TLS handshakes. They are also considered more secure in comparison to RSA certificates. This should speed up loading secure websites on most client devices. We will generate/request EC 384 certificates with key exchange cipher ECDH secp384r1 and request signature using SHA384.

Windows 10: Launch WinSCP session at present working directory from within KiTTY

Follow this tutorial to be able to spawn a WinSCP session from within KiTTY to the same remote host at your present working directory. It will use the current SSH username and it will even work if you have used an intermediate host to proxy yourself to the destination host.

Linux: Install Nagios CGI support in Checkmk 1.6.0 / 2.x

Checkmk 1.6.0 is no longer shipped with the classic Nagios UI, which includes the cgi-bin files. The authors have decided to remove it for security reasons and they don't intend to bring it back. This decision results in all third-party smartphone apps (such as aNag) to effectively stop working. This document explains how to get back Nagios cgi support.

Linux: Check for linux updates using Checkmk 1.6.0 / 2.x Raw Edition

This howto explains how to check for linux updates on CentOS, Redhat, Fedora, Debian, Ubuntu and OpenSUSE systems using Checkmk 1.6.0 / 2.0 / 2.1 Raw Edition. You will also learn how to set a custom check interval for update checks so that you are not hammering update servers (the WATO way doesn't work). This will make update checks asynchronous and massively decrease resource usage. Download my patched linux-updates plugin for RHEL/CentOS/Fedora which now also works with Checkmk 2.0 / 2.1.

Proxmox: Collection of various Proxmox commands

I am getting a lot of hits on this article, so obviously people love exploring my collection of helpful Proxmox commands. You might find out about some interesting stuff that you didn't know yet. Feel free to leave a comment with other day to day commands you regularly use.

Windows 10: Clean up the WinSxS folder

Using the Disk Cleanup Tool regularly is a nice thing to strip down the WinSXS folder, however for sysprepping machines this is not sufficient as it will skip the updates from the past 30 days. Use this tutorial to create really small images of a Windows installation by squeezing the last unnecessary bits out of your WinSxS folder.

Fritz!Box: Hurricane Electric Dual Stack DynDNS on Fritz!Box

Hurricane Electric offers free accounts for using their DNS servers. Primary DNS zones also offer dynamic DNS records. Once you generate a DDNS key for these hostnames, you can configure your Fritz!Box to update your hostname with both IPv4 and IPv6 addresses (A and AAAA records) at the same time or update your tunnelbroker client IPv4 address.

pfSense: Unblock incoming Gmail on pfBlocker NG

If you are using pfBlocker NG, you might eventually end up receiving no more e-mails from Google's Gmail service, depending on which RBL lists you use. For example, spamcop is known to repeatedly block networks that host Gmail SMTP servers. This may be a problem for you, because everyone and their grandmother is using Gmail.

Linux: How to run a Caddy HTTP/2 TLS 1.3 Reverse Proxy with Let's Encrypt

Never again you will need to worry about HTTPS-enabling your NAS, your local webserver, your fileshare, your mediacenter and whatever else. Caddy will do that for you. Automatically. And Caddy will also make sure the certificates get re-issued automatically. This tutorial explains how to set up a Caddy v1 reverse proxy.

Windows 10: Backing up a Keybase Windows device

If you intend to reinstall your operating system, your Keybase device configuration must be backed up otherwise you will lose the device. The impact of this may be so harmful that it can lead up to an account reset, which makes you lose all kbfs files, teams, devices and more. Even worse, stuff like teams, device names are permanent and as such cannot be reused. This tutorial helps.

Linux: Reset fail2ban database

To my surprise this is the most visited document within my wiki. This tutorial explains how to list and delete banned hosts when using Fail2Ban. There are multiple approaches depending on the Fail2Ban version in use, which are all covered in this article.

Linux: Selinux Howto

This document features most things you will need when working with SELinux, how to debug issues and what to do when stuff gets blocked. You will even learn how to compile selinux modules.

Linux: Testing a DHCP server without an extra physical network adapter

One requirement for testing a DHCP server is that the DHCP client is using a different MAC address than the DHCP server (or in other scenarios, a different mac address than the existing client network interface if that interface is already receiving a lease from the same DHCP server). One could grab a notebook to test DHCP or set up a virtual machine, but the easiest way to accomplish this is to use a virtual interface which provides a unique mac address.

Linux: Multi-threaded (parallel) tar.bz2 background archiving of a directory with CPU & I/O scheduling

Another program I hacked together the other day. Multi-threaded (parallel) tar.bz2 archiving of a directory with lowest priority CPU and I/O scheduling. Utilizes all cpu cores and detaches into background, will syslog when it's done. Will install missing dependancies on RHEL based operating systems. Packages available for many distros.

Windows Server 2019: Remove unused features and roles from component store

By default, on Windows 10 and Windows Server 2019 all features and roles are copied to disk even if they are not installed. This allows for fast role and feature installations and consistent patching. To reduce the footprint of your Windows installation, all unused features can be removed.

Windows 10: 100% CPU after disconnecting from RDP to Windows 1903

You may be experiencing a critical issue on a remote machine running Windows 10 Pro 1903 when disconnecting from an RDP session. One CPU core may end up using 100% CPU. If logging in from the console, the CPU load would go back to normal. However, in some cases, a reconnect via RDP might eventually freeze the entire operating system. Here is the fix!

Windows 10: Deactivate Windows Defender / Firewall

If you are running Windows 10 on an isolated VM or retro PC with less than 500MB of memory, you may realize that most of the memory is actually used by Defender and Windows Firewall compononents. There is a way to entirely disable these components and prevent them from loading into memory on boot. This is a terrible thing to do, but the following will save you a few hundred megs in RAM usage.

Windows Server 2019: Server Core Cheat Sheet (Work in progress)

This is a collection of commands to make your life easier when installing Windows Server 2019 (Standard/Datacenter) Core. This is especially helpful if you can't or don't want to use Remote Server Administration Tools or Windows Admin Center.

pfSense: Minimalistic login-page theme for pfSense 2.4

I hacked this together the other day. Follow this tutorial to get a good looking pfSense login page. You will need SSH access to your pfSense installation and replace a .css file on the webserver. Use at your own risk.

These are the documents that are available to your access level. To propose changes, leave a comment on a page or chat Chotaire.