Creative Commons License

Unless otherwise expressly stated, all original material of whatever nature created by and included in this weblog is licensed under a Creative Commons License.


Force SSH to use IPv6

In situations where IPv6 connectivity performs better than IPv4, you might want to force SSH to use IPv6. In interactive mode this can be achieved with the -6 commandline parameter.
But in situations where you can't modify the commandline parameters a different approach is needed (for example in rsync backup scripts which use SSH as underlying transport layer).

We can use the ssh_config file to encforce that IPv6 is used for a specific host:

Host myipv6host
	AddressFamily inet6

This instructs all SSH commands to use IPv6 when connecting to myipv6host.

The same approach also works to force usage of Legacy IP by specyfing inet as address family.

10:53 | Networking | Permalink


Google Analytics removed

After running it for a bit more than a decade, I've now removed again the Google Analytics tracking from this site. It does not feel appropriate anymore on a personal website.
At the moment no alternative statistics solution is in place yet, but I could imagine setting up a self-hosted solution like Matomo or Plausible in the future.

22:45 | Webdesign | Permalink

Google Analytics declared illegal in the EU

Google Analytics declared illegal in the EU.

20:45 | Webdesign | Permalink



Wordle seems to be the trending topic these days.
It's a word game similar to the french Motus game show (resp. the american Lingo game show).

Wordle 200 4/6


07:09 | Misc | Permalink



Turns out that signed 32-bit numbers can be exhausted long before Y2038, when you use them to store time in YYMMDDHHMM format. (via)

21:48 | Coding | Permalink


Open Source on Mars

Received a badge from GitHub's Open Source on Mars initiative :-)

Mars 2020 Helicopter Contributor - Andreas Jaggi contributed code to 1 repository used in the Mars 2020 Helicopter Mission: torvalds/linux

16:21 | Coding | Permalink


Top 21 Security Experts to follow on Twitter in 2021

From the article on Security Boulevard.

  1. Rafay Baloch
  2. Troy Hunt
  3. Kevin Mitnick
  4. Rachel Tobac
  5. Mikko Hyppönen
  6. Katie Moussouris
  7. Bruce Schneier
  8. Brian Krebs
  9. Jeremiah Grossman
  10. Eugene Kaspersky
  11. Dan Lohemann
  12. Steve Morgan
  13. Tyler Cohen Wood
  14. Graham Cluley
  15. Theresa Payton
  16. Shira Rubinoff
  17. Eva Galperin
  18. Marcus J. Carey
  19. Jayson E Street
  20. Paul Asadoorian
  21. Adam K. Levin

06:58 | Networking | Permalink



This website now also serves a security.txt file which is a standardized way of making security contact information available. (Wikipedia)

The file is available in two locations /security.txt (the classic location) and /.well-known/security.txt (the standard location following RFC8615).

To easily add the file on all my domains, I'm using the following nginx config snippet.

location /security.txt {
	add_header Content-Type 'text/plain';
	add_header Cache-Control 'no-cache, no-store, must-revalidate';
	add_header Pragma 'no-cache';
	add_header Expires '0';
	add_header Vary '*';
	return 200 "Contact:\nExpires: Tue, 19 Jan 2038 03:14:07 +0000\nEncryption:\n";

location /.well-known/security.txt {
	add_header Content-Type 'text/plain';
	add_header Cache-Control 'no-cache, no-store, must-revalidate';
	add_header Pragma 'no-cache';
	add_header Expires '0';
	add_header Vary '*';
	return 200 "Contact:\nExpires: Tue, 19 Jan 2038 03:14:07 +0000\nEncryption:\n";

This snippet is stored in a dedicated file (/etc/nginx/conf_includes/securitytxt) and is included in the various server config blocks like this:

server {

	include /etc/nginx/conf_includes/securitytxt;

	location / {
		# rest of website

08:16 | Webdesign | Permalink


Fixing 'snmpd[19784]: error on subcontainer 'ia_addr' insert (-1)' messages

The default configuration of snmpd on Debian has debug level logging enabled and thus we end up with a constant flood of these messages in /var/log/syslog

snmpd[19784]: error on subcontainer 'ia_addr' insert (-1)

The fix is to lower the logging level, which can be accomplished like this on systems with systemd:

cp /lib/systemd/system/snmpd.service /etc/systemd/system/snmpd.service
sed -i 's/Lsd/LS6d/' /etc/systemd/system/snmpd.service
systemctl daemon-reload
systemctl restart snmpd

On systems without systemd, the logging level is set by the init script (unless explicitly configured in /etc/default/snmpd), and can be changed like this:

sed -i 's/Lsd/LS6d/g' /etc/default/snmpd
sed -i 's/Lsd/LS6d/g' /etc/init.d/snmpd
service snmpd restart

08:57 | Linux | Permalink


Embracing the future with SolNet

This was the initial state of my new SolNet fibre connection:

SolNet connection with native IPv6 but no IPv4

As I am a proponent of IPv6 this made me very happy, but unfortunately about 20% of my daily websites only offer legacy Internet (which later on I got working as well).

10:01 | Networking | Permalink