news
today's howtos
-
Kyle Reddoch ☛ Email Security with SPF DKIM and DMARC - CybersecKyle
By the end of this guide, you should have:
• A list of legitimate services that send email for your domain
• SPF reviewed and cleaned up
• DKIM enabled for major senders
• DMARC published in monitoring mode first
• A path toward quarantine or reject once legitimate mail aligns
• A validation test using real messagesThis is for domain owners, creators, small teams, homelab folks, and anyone who uses a custom domain for email.
-
Christian Hofstede-Kuhn ☛ Hosting DokuWiki on FreeBSD with Bastille, nginx, and Caddy
Some services do not need PostgreSQL, Redis, an object store, three containers, and a deployment manifest long enough to qualify as literature. Sometimes I need a wiki: a place for notes, runbooks, snippets, and the sort of documentation that is useful precisely because it is not public.
DokuWiki fits that job unusually well. It stores pages as plain text files, needs no database, has a mature ACL system, and is available as a regular FreeBSD package. Put it in a Bastille jail and the entire application becomes a small, inspectable service: nginx, PHP-FPM, and a directory tree I can back up with ordinary ZFS tooling.
This follows the same pattern as my blog infrastructure and CryptPad deployment: the application lives in its own jail, while a separate Caddy jail is the only public web frontend. If the networking below feels too compressed, the FreeBSD Foundationals article on Jails covers VNET, epairs, bridges, and the isolation model in detail.
-
University of Toronto ☛ An unusual way for your DHCP server to run out of dynamic IPs
As ISC dhcpd documents (for example in dhcpd.conf's discussion of the 'ping-check' statement), by default dhcpd will ping an IP it's about to dynamically allocate to make sure it's unused. If something answers, dhcpd more or less gives up on the IP address (this doesn't happen for statically assigned IPs, at least according to the dhcpd.conf manual page). The consequence of this is that if you have such a 'screaming' machine, one that's answering ICMP pings for all IP addresses, dhcpd will conclude that your dynamic IP address pool is entirely exhausted and no dynamic client will be able to lease a new IP. For extra fun, apparently some clients will not accept a DHCP IP if there seems to be something else using it.
-
Austin Gil ☛ Animating <details> Element with Only CSS – Austin Gil
Can you animate the opening and closing of the HTML <details> element using only CSS? Yes. Here’s the code: [...]
-
Adrian Roselli ☛ Link + Popover Navigation
This is a redress of my 2019 post Link + Disclosure Widget Navigation, except (as the title implies), I’ve modified it to use native HTML popovers instead of ARIA or HTML disclosure widgets.
Popover has the benefit of using appropriate HTML structure and semantics while removing the need for scripting and ARIA. I use some ARIA here regardless.
-
Hackaday ☛ Linux Fu: The Local Phonebook
While that process is running, Avahi advertises widget.local as an mDNS address record. Kill the process, and the record goes away. So you could just write a script to publish all the addresses for things that won’t do it themselves and launch in in local.rc or a systemd unit. But that seems inelegant. I wanted to just pick things out of the /etc/hosts file. But not everything. Here is a simple publisher, installed as /usr/local/sbin/localip_pub: [...]
-
Mikael Hansson ☛ New reverse proxy
I’ve finally gotten around to doing something about my old main reverse proxy in the home lab. Don’t get me wrong: It’s been working fine, but in the years that have passed, things have really improved around automated certificate renewal using Let’s Encrypt: Adding a new service used to be a multi-step process that required me to sit down and remember how things were hooked up, since I had invariably forgotten how my system was configured between these occasions. Also, I had kept it too simple: The config was literally manually managed. I do have machine backups so I would be able to roll back bad changes, but with the old setup I couldn’t be sure to remember whether I had added manual tweaks somewhere, other than by trawling through my /etc and /usr/local directories.
-
Josh Lospinoso ☛ MIL-STD-1553: Authority, Cadence, and Role-Bound Claims
Some bus artifacts expose roles and transaction order directly, but even role-rich evidence does not explain application meaning by itself.
-
Olimex ☛ Turning the ESP32-CAM-8MB into a Smart Security Camera for Home Assistant
The ESP32-CAM-8MB is one of those boards that looks like a toy and behaves like a small IP camera: an ESP32-D0WD-V3 module, an OV2640 2MP sensor, 8MB of PSRAM and 4MB of flash, a microSD slot, and a WiFi/BLE radio, all for a few euros. On its own it can already stream video to your browser. What makes it interesting for a security camera project is pairing it with ESPectre, an open-source WiFi CSI (Channel State Information) motion detector that Olimex has a ready-made test build for in the ESP32-CAM software repository.
-
Max Glenister ☛ How I'm using CSS View Transitions on this blog
Cross-document view transitions do the same job without any of that, and there’s no JavaScript API involved at all. It’s a single @view-transition rule in the CSS. No router, no fetch, no client-side history hijacking, the browser still does a real navigation to a real URL, it just captures the outgoing page as it leaves and lets CSS animate that against the incoming one.
-
TecMint ☛ Try uutils-coreutils: Rust Alternative to GNU Coreutils
While looking around, I came across uutils-coreutils, an open-source project that reimplements GNU coreutils in Rust. It provides nearly all of the familiar commands you already use every day, but they’re written in Rust instead of C. Besides Rust’s built-in memory safety, some commands can also perform better when working with large files.