Home on Blog

Joining DN42

Wed, 08 Apr 2026 00:00:00 +0000

Last summer I joined the DN42 virtual network. Here is at last my experience in DN42.

Linux Containers but using the host's runtime

Tue, 07 Apr 2026 00:00:00 +0000

Linux network namespaces only separates the network. Docker/LXC separates everything. With frankenstein containers, you reuse the host OS binaries, thus keeping disk usage low without compromising on isolation.

HTTP/3 with a private CA

Wed, 25 Mar 2026 00:00:00 +0000

How to use HTTP/3 in a corporate network (or in DN42)

HTTP/3 requires TLS. But browsers also impose an additional requirement: they refuse private or self-signed certificate.

Roaming IPv6 VPN gateway, no router needed

Fri, 20 Mar 2026 18:50:58 +0000

What if you wanted to set up a site-to-site VPN but you cannot access the admin interface of your router ? With IPv6 stateless autoconfiguration ‘radvd), your VPN router can announce its route to other clients without requiring admin access on the main router.

Træfik outside Kubernetes

Sat, 07 Mar 2026 14:44:32 +0000

How to use a single Traefik for Docker, Kubernetes and regular webservers

Using NILFS2 without root

Sun, 23 Mar 2025 09:42:52 +0000

NILFS2 is a fairly obscure filesystem that has a very cool feature derived from its design: constant snapshotting.

But is seems that very few people use it in a desktop setting, and thus few tools exist to use it, compared to BTRFS or LVM snapshots.

Using it to create and mount snapshots requires root access, and is not practical.

I created a binary and helper script to facilitate the everyday use of a NILFS2 filesystem.

Minecraft: Open solo world to internet

Sun, 20 Oct 2024 13:24:51 +0000

Internet Multiplayer minecraft on your LAN world, without hamachi or VPNs

Export satellite map to MBtiles

Thu, 25 Jan 2024 20:00:20 +0000

how to download an online map to MBtiles format

Motorola Moto G73 review

Fri, 21 Jul 2023 18:51:45 +0000

review and comparison against a Moto G5+

QR codes inside the terminal

Sun, 25 Jun 2023 10:17:49 +0000

Want to copy/paste between your phone and laptop ? You can use QR codes right in your terminal !

Oracle Cloud

Mon, 16 Jan 2023 21:56:42 +0000

I switched my hosting to Oracle Cloud, to make use of its ARM processors on the advantageous free tier

PAM authentication with Howdy, fingerprint and password

Wed, 13 Apr 2022 13:16:26 +0000

Authenticate with face recognition AND fingerprint, with password as a fallback

Gemini Ghost backend

Thu, 24 Mar 2022 16:54:23 +0000

Serve your Ghost blog over Gemini

About the theme/design

Tue, 08 Feb 2022 20:26:06 +0000

Explanations about the CSS-only animations of this blog (only on displayed on wide screens)

Gemini reverse proxy using Traefik HostSNI

Fri, 31 Dec 2021 16:22:23 +0000

Using Traefik reverse-proxy for Gemini, based on the TLS SNI, without any SSL termination

Migrating to Azure Cloud

Tue, 14 Dec 2021 08:25:54 +0000

I remembered that with GitHub Education, you can get interesting deals, like credit for DigitalOcean and Microsoft Azure. You can see where this is going… migrating to the next cloud provider with free credit

RGB Mouse as a battery indicator

Mon, 15 Nov 2021 13:06:44 +0000

Using a Logitech G203 LightSync as a battery level indicator. If you don’t care for RGB, you can use it for something useful instead of turning it off.

nip.io alternative

Thu, 11 Nov 2021 19:49:48 +0000

nip.io alternative, useful for internal networks

Using SSHFP to secure your server

Mon, 12 Mar 2018 19:12:36 +0000

the DNS record «SSHFP» can store SSH server keys, so you don’t get security warning when connecting from new devices

L'auto-hébergement

Mon, 12 Mar 2018 09:17:00 +0000

Vous vous êtes toujours demandé comment marche un serveur web chez un hébergeur ? Vous voulez votre site hébergé chez vous, vos données chez vous au lieu de chez Google?

Docker ou le déploiement facile

Sun, 11 Mar 2018 20:38:38 +0000

Créer et utiliser une API REsT avec Django et jQuery

Sun, 11 Mar 2018 20:35:05 +0000

Django + DjangoRestFramework + jQuery

Mon, 01 Jan 0001 00:00:00 +0000

DN42 SSH-mTLS auth

Currently in DN42 there are several services that can authenticate a user against data store in the registry. All of them use a challenge-response OTP model:

receiving an email to you MNTner address
signing a random string with your SSH/GPG private key

Currently with Kioubit & iEdon auth you can setup a password once you have logged in with email or private key.

But all of these are too “simple”, and are restricted to the browser. If only we could authenticate people using private keys with the HTTPS protocol … Wait, that’s mTLS isn’t it ?

Mon, 01 Jan 0001 00:00:00 +0000

Search

Mon, 01 Jan 0001 00:00:00 +0000