Resizing Cryptswap in Ubuntu 16.04

I recently migrated my system to NVMe drives (great decision, by the way), and part of my reason for doing so was much faster swap, for some outrageously memory-hungry finite element mesh generation stuff.

I also wanted to enlarge the swap. I use LVM on top of software RAID, and encrypted home directories on top of that, which means the Ubuntu automatically set up encrypted swap for me. I had a non-encrypted swap volume at:


I didn’t have much luck finding information about how the cryptswap is set up by the installer, which is why I’m writing this. It turns out that the crypt swap is configured in /etc/crypttab, where I have a line like this:

cryptswap1 /dev/vg0/swap /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

What this means is that the system will create a crypt device called /dev/mapper/cryptswap1 at boot using a random seed, on top of /dev/vg0/swap. It will then run mkswap and swapon on the encrypted device.

This latter part is specified in /etc/fstab like:

/dev/mapper/cryptswap1 none swap sw 0 0

So, if your base unencrypted swap partition is an LVM logical volume, all you have to do is use lvextend to make it larger and (the easiest way) reboot. On reboot the larger device will automatically be used in its entirety.

Exim4 system-wide conditional email forwarding

This is a guest post written by Steve Goertz after he solved this particular issue.


  • Filtering and forwarding all emails received by exim4
  • Filtering by specific email components (sender information, subject, etc.)
  • Forwarding all filtered emails to a specific email address or email addresses

Assuming a working instance of exim4:

Create a filter file for exim4 using the appropriate filters and syntax as found in the exim4 filter documentation here:

You may want to create a directory for exim4 filters and place the file in that directory, like:


For our particular use, a conditional section and  deliver command were the only necessary components. A filter file will look something like this:

#Exim filter <<== do not edit or remove this line!

##Filter description, so you remember what you were trying to do.

  $sender_address is “sender@address.example” and 
  $header_subject does not contain “foo” and 
  $message_body contains “bar”
  deliver “recipient@other.example”

Filters will then be placed as the first router in the exim4 router config ( found at /etc/exim4/conf.d/router/router_name ). Depending on your configuration the router name may vary, or you may need to add one. The filter should be formatted as follows:

  driver = redirect
  file = /path/to/filter (in this case /etc/exim4/conf.d/filters/filter_name)
  user = exim4_user

It is essential that the  user variable match the user that owns exim4.  If not, the filter will not function and email traffic will not pass through the first filter to the remaining filters and all regular email processing will stop. You can probably figure this out by checking the init script for exim4 or using the command:

ps aux | grep exim4 

to see whom exim4 is running as.

After the filter file has been generated and correctly referenced in the router config, rebuild the exim4 config using:

sudo update-exim4.conf.template -r

And restart the service

sudo service exim4 restart

Test the email server to ensure that it is working as intended.

This configuration will prevent emails from arriving at their intended destination, which was our need. Also, if the incoming email does not meet all of the requirements above, it will pass through to the next router in the router configuration file.

Dealing With Dogs While Cycling

I’ve been cycling a lot this season, but off-leash dogs are the rule here rather than the exception. They like to chase me on the bike, and even the ones that don’t seem likely to directly harm me are liable to cause an accident.

To combat this, I use pepper spray. To keep the pepper spray handy, I use this simple device I found on I was skeptical when I first saw it that it would be stable enough, but actually it has worked quite well. I use Fox OC spray with it, and it has never failed to stop an aggressive dog.

The spray is a bit pricey, but if you ride the same route or routes regularly the dogs eventually start to learn and you don’t need it that much.

I have a dog and I don’t like pepper spraying dogs, but irresponsible owners have created dangerous conditions for me and other cyclists and pedestrians, so it has come to this.

Ride safely.

Explanation of Question G8B07 on the US Ham Radio General License Exam

I am studying for the General license exam and came across question G8B07 (as of April 2015, it will change at some point), asking the following:

What is the frequency deviation for a 12.21-MHz reactance-modulated oscillator in a 5-kHz deviation, 146.52-MHz FM-phone transmitter?

The answer is given as 416.7 Hz, but I looked and couldn’t find an explanation. Finally I found one here, sort of. After reading about how the FM phone modulation is done and puzzling a bit at the numbers it became clear.

To understand the question, you must understand that the reactance-modulated oscillator produces a carrier frequency of 12.21 MHz (as specified). With no input, this is multiplied by some circuits aptly called multipliers that result in the output frequency, given here as 146.52 MHz. Simply dividing 146.52/12.21 shows you that a multiplier of 12x is in effect in this question.

Now, what the question is asking (and this took me a while to figure out) is what change in modulation of the reactance-modulated oscillator will result in a 5 kHz deviation of the output? Since we know that whatever change happens in the oscillator is going to be multiplied 12x, we can divide the output deviation (5 kHz) by the multiplier (12) to get 416.7 Hz. In other words, a 416.7 Hz deviation in the reactance-modulated oscillator will be multiplied 12x to 5 kHz by the multipliers before being output.

Disabling Mikrotik Hotspot DNS Proxying for Authenticated Users

My wireless ISP (WISP) uses the Mikrotik hotspot feature with RADIUS on the back end to authenticate our users. This implements a captive portal that redirects all DNS requests so that the user is taken to a login page if they’re not logged in. Once they log in once, the system associates their radio with their account, and they don’t have to log in anymore under normal circumstances.

However, once logged in, users still have all their DNS requests proxied through the routers. A lot of users want to use their own DNS (like OpenDNS or Google Public DNS), and that’s fine with me, but a user ran the namebench utility and found that their DNS was being forcibly proxied.

It took some hunting, but I finally found this post on the Mikrotik forums which details how to get around this. Basically:

  • The hotspot adds dynamic DNS redirect rules. If you go to /ip firewall nat and just print, these rules don’t show up. If you do print dynmic they do. The relevant lines are:

    2 D chain=hotspot action=redirect to-ports=64872 protocol=udp dst-port=53 log=no log-prefix=""
    3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp dst-port=53 log=no log-prefix=""
  • We still want non-logged-in-users to have their DNS redirected, so we need to add something here that will enable authenticated hotspot users through. The magic incantation here (because it’s entries 2 and 3) is set 2,3 hotspot=!auth, which results in the following:

    2 D chain=hotspot action=redirect to-ports=64872 protocol=udp hotspot=!auth dst-port=53 log=no log-prefix=""
    3 D chain=hotspot action=redirect to-ports=64872 protocol=tcp hotspot=!auth dst-port=53 log=no log-prefix=""

And now namebench works as expected.