Search
1000 results for “frehi”
-
@frehi oui, j’ai lu cet article et ça fait partie des retours positifs que j’ai en tête. Plusieurs personnes à la #DebConf25 en avaient aussi (dont la video-team).
-
Security updates: Debian vs Ubuntu, AlmaLinux vs Rocky Linux
The last couple of weeks were turbulent for the Linux kernel: several critical security problems were disclosed . Three of them are local privilege escalation bugs: they allow any local user to become root. The vulnerabilities are named Copy Fail (CVE-2026-31431), Dirty Frag (CVE-2026-43284, CVE-2026-43500), Fragnesia (CVE-2026-46300). The fourth vulnerability, named ssh-keysign-pwn (CVE-2026-46333) allows a user to read root owned files, such as host SSH keys. There are exploits publicly […]https://blog.frehi.be/2026/05/18/security-updates-debian-vs-ubuntu-almalinux-vs-rocky-linux/
-
Setting up protective DNS with Knot Resolver 6
A while ago I wrote a blog post about setting up Knot Resolver and using RPZ files to block resolving malicious domains. It's time for an update: Knot Resolver 6 series has become stable, and this changes a lot of things. And a lot more new sources of RPZ files have now appeared, giving you the possibility of offering much better protection, all for free. Installing Knot Resolver 6 on Debian The current stable release of Debian, Debian 13 Trixie, does not yet include Knot Resolver 6. […]https://blog.frehi.be/2026/05/10/setting-up-protective-dns-with-knot-resolver-6/
-
Secure time synchronization with NTS
To set the correct time on computers, usually NTP (Network Time Protocol) is used. However NTP is an insecure time synchronization protocol and allows a man-in-the-middle to shift time on an NTP client. To tackle these issues, NTS (Network Time Security) was created which aims to solve these problems. In this article I show how you can configure ntpd-rs and Chrony to use NTS servers. systemd's timesyncd does not support yet NTS, but it's currently in development so hopefully this will be […]https://blog.frehi.be/2026/03/29/secure-time-synchronization-with-nts/
-
Secure time synchronization with NTS
To set the correct time on computers, usually NTP (Network Time Protocol) is used. However NTP is an insecure time synchronization protocol and allows a man-in-the-middle to shift time on an NTP client. To tackle these issues, NTS (Network Time Security) was created which aims to solve these problems. In this article I show how you can configure ntpd-rs and Chrony to use NTS servers. systemd's timesyncd does not support yet NTS, but it's currently in development so hopefully this will be […]https://blog.frehi.be/2026/03/29/secure-time-synchronization-with-nts/
-
Secure time synchronization with NTS
To set the correct time on computers, usually NTP (Network Time Protocol) is used. However NTP is an insecure time synchronization protocol and allows a man-in-the-middle to shift time on an NTP client. To tackle these issues, NTS (Network Time Security) was created which aims to solve these problems. In this article I show how you can configure ntpd-rs and Chrony to use NTS servers. systemd's timesyncd does not support yet NTS, but it's currently in development so hopefully this will be […]https://blog.frehi.be/2026/03/29/secure-time-synchronization-with-nts/
-
Secure time synchronization with NTS
To set the correct time on computers, usually NTP (Network Time Protocol) is used. However NTP is an insecure time synchronization protocol and allows a man-in-the-middle to shift time on an NTP client. To tackle these issues, NTS (Network Time Security) was created which aims to solve these problems. In this article I show how you can configure ntpd-rs and Chrony to use NTS servers. systemd's timesyncd does not support yet NTS, but it's currently in development so hopefully this will be […]https://blog.frehi.be/2026/03/29/secure-time-synchronization-with-nts/
-
Secure time synchronization with NTS
To set the correct time on computers, usually NTP (Network Time Protocol) is used. However NTP is an insecure time synchronization protocol and allows a man-in-the-middle to shift time on an NTP client. To tackle these issues, NTS (Network Time Security) was created which aims to solve these problems. In this article I show how you can configure ntpd-rs and Chrony to use NTS servers. systemd's timesyncd does not support yet NTS, but it's currently in development so hopefully this will be […]https://blog.frehi.be/2026/03/29/secure-time-synchronization-with-nts/
-
Hagezi: a new EU security and privacy focused DNS resolver
Hagezi is known for its DNS blocklists: a collection of blocklists in different formats which can be used in adblockers like Ublock Origin or in DNS resolvers, in order to block malicious sites, tracking and advertisements. Now Hagezi has set up its own public DNS resolvers in Europe. Hagezi DNS uses the HaGeZi Multi Pro and HaGeZi Threat Intelligence Feeds, which means it will block ads, trackers, phishing sites and domains distributing malware. In contrast to DNS4EU, there are no different […]https://blog.frehi.be/2026/03/08/hagezi-a-new-eu-security-and-privacy-focused-dns-resolver/
-
Debian GNU/Linux on a HP EliteBook 8 G1a 14
I have set up Debian GNU/Linux unstable (which will become Debian 14 Forky at some point in 2028) on a HP EliteBook 8 G1a 14 inch Notebook Next Gen AI PC. Many of these things will probably be valid for other AMD variants of this generation of the Elitebook and even the ZBook series.
Hardware specifications
These are the hardware specification of this particular system:
AMD Ryzen AI 7 PRO […]
https://blog.frehi.be/2025/12/30/debian-gnu-linux-on-a-hp-elitebook-hp-elitebook-8-g1a-14/ #AMD #Debian #Elitebook #HP #Linux -
Blocking AI bots from crawling your website – 2
I already wrote a blog post about how to prevent AI bots from scraping your website in which I explained how to block known AI crawlers using robots.txt and mod_rewrite. In the meantime, Debian has the apache2-ai-bots package, which actually contains a similar configuration. The package is only available in testing (Forky) and unstable (Sid), but because it does not contain anything more than […]
https://blog.frehi.be/2025/12/26/blocking-ai-bots-from-crawling-your-website-2/ #AI #Apache #bots #crawlers #Linux -
New website theme
Finally I moved this Wordpress website from the Miniva theme to the Twenty Twenty-Five theme. I could not get the Activitypub theme display Fediverse reactions on Miniva, probably because this theme is not based on the block editor. Anyway, it worked with the Twenty Twenty-Five theme.
While the Twenty Twenty-Five theme by default is probably great for visual blogs, where all posts have a […]
-
Where to report phishing URLs and malicious websites
If you receive a phishing e-mail or a mail with a link to malware, it is useful to report it, so that the URL will get blocked by various security services. By submitting the URL to as many as security providers as possible, you help protecting future visitors. Don't submit any private URLs or files to any of these services: the contents of the submitted URLs and files will be saved and shared with other security vendors. Security services taking reports ServicePhishing URLsMalware […]https://blog.frehi.be/2025/07/16/where-to-report-phishing-urls-and-malicious-websites/
-
DNS4EU, DNS0, Quad9: review of European public DNS resolvers
Update 15 March 2026: if you are looking for a EU based DNS server protecting you from security risks, than you should consider the new Hagezi DNS service. According to my experience it is superior in filtering malicious sites to any other service. Read Hagezi: a new EU security and privacy focused DNS resolver This week the DNS4EU initiative launched its public European DNS resolvers. I already wrote an article about public DNS resolvers but it's time for an update. Not only do we have […]https://blog.frehi.be/2025/06/08/dns4eu-dns0-quad9-review-of-public-european-dns-resolvers/
-
Apache optimization and mitigating DoS and DDoS attacks
Denial-of-service (DoS) and Distributed Denial-of-service (DDoS) attacks are some of the most common cyberattacks these days. They are fairly easy to execute and the consequences can vary from annoying to very problematic, for example if a crucial web service of a company or public service becomes inaccessible. In the current geopolitical situation DDoS attacks are a very popular method used by […]
https://blog.frehi.be/2025/01/12/apache-optimization-and-mitigating-dos-and-ddos-attacks/
#Apache #DDoS #DoS #firewall #foomuuri #modQos #performance #security
-
Protecting your server from known bad IPs with Foomuuri iplists
On the Internet we can find (usually crowdsourced) lists of malicious IP addresses responsible for attacks. We can easily integrate them in Foomuuri in order to block connections from these bad hosts. Not only does this improve security, it is also a performance win, because our daemons don’t don’t have to waste any more time dealing with these malicious connections.
The […]
https://blog.frehi.be/2024/11/30/protecting-your-server-from-known-bad-ips-with-foomuuri-iplists/
-
Some various performance improvements for Debian 12 Bookworm
Here some various improvements I implemented on some of my Debian 12 Bookworm servers in order to improve performance.
zswap: use zsmalloc allocator with newer kernel
If your system has little memory, you might be using zswap already. When memory is getting full, the system will try to swap out less used data from memory to a compressed swap in memory instead of writing it immediately to a […]
https://blog.frehi.be/2024/11/29/some-various-performance-improvements-for-debian-12-bookworm/
-
Which DNS server to use?
Update 4 August 2020: replace CHAOS class by CH in dig commands so they work with kdig too, Quad9 now does support QNAME minimisation, Quad9 has alternative servers available with ECS support and without QNAME minimisation, Google now also does QNAME minimisation.
Update 9 June 2025: read this new article for a more up to date review of European public DNS servers.
DNS is a crucial part of […]
-
Setting up Wireguard VPN with IPv6
#Debian #firewall #IPv6 #Linux #security #Shorewall #vpn #Wireguard
https://blog.frehi.be/2022/06/11/setting-up-wireguard-vpn-with-ipv6/
-
Debian GNU/Linux on a HP Elitebook 845 G8
Some time ago, I received a new laptop, the HP Elitebook 845 G8. This is a 14″ laptop with an AMD CPU of the Renoir family, in my case an AMD Ryzen 7 PRO 5850U. As always, I run Debian GNU/Linux testing (currently Bookworm) on it. In this post, I will explain how to get all hardware working. This guide probably also works for other G8 Elitebooks, such as the Elitebook 835 G8 and Elitebook 855 […]
https://blog.frehi.be/2022/05/07/debian-gnulinux-on-a-hp-elitebook-845-g8/ #AMD #Debian #Elitebook #HP #HPEliteBook845G8 #laptop #Linux -
Using the Solo V2 FIDO2 security key
#FIDO2 #Linux #Modsecurity #openssh #security #Solo2
https://blog.frehi.be/2022/08/04/using-the-solo-v2-fido2-security-key/
-
Increasing PHP security with Snuffleupagus
#Apache #Debian #Linux #PHP #security #server #Snuffleupagus #webServer
https://blog.frehi.be/2022/08/16/increasing-php-security-with-snuffleupagus/
-
Setting up Foomuuri, an nftables based firewall
Up to now I have always been using the Shorewall firewall on all my Linux systems. I find it very easy to configure while at the same time it’s very powerful and flexible so that you can also use it with more complicated set-ups, such as routers with multiple network interfaces, VPN’s and bridges. Unfortunately Shorewall is still based on the old xtables (iptables, ip6tables, ebtables, […]
https://blog.frehi.be/2023/10/29/setting-up-foomuuri-an-nftables-based-firewall/
-
¡De la CDMX para el mundo! No te pierdas esta entrevista y análisis sobre la obra de Pablo Robles, un director que entiende el cine como un puente cultural. Explora su trayectoria y sus próximos proyectos en el enlace. 🛰️ #Espectáculos #CineIndependiente #DirectorMexicano #Creatividad
-
¡De la CDMX para el mundo! No te pierdas esta entrevista y análisis sobre la obra de Pablo Robles, un director que entiende el cine como un puente cultural. Explora su trayectoria y sus próximos proyectos en el enlace. 🛰️ #Espectáculos #CineIndependiente #DirectorMexicano #Creatividad
-
¡De la CDMX para el mundo! No te pierdas esta entrevista y análisis sobre la obra de Pablo Robles, un director que entiende el cine como un puente cultural. Explora su trayectoria y sus próximos proyectos en el enlace. 🛰️ #Espectáculos #CineIndependiente #DirectorMexicano #Creatividad
-
¡De la CDMX para el mundo! No te pierdas esta entrevista y análisis sobre la obra de Pablo Robles, un director que entiende el cine como un puente cultural. Explora su trayectoria y sus próximos proyectos en el enlace. 🛰️ #Espectáculos #CineIndependiente #DirectorMexicano #Creatividad
-
Above & Beyond - Sun In Your Eyes (Marsh Extended Mix)
https://aboveandbeyond.bandcamp.com/track/sun-in-your-eyes-marsh-extended-mix