Posts by Category

freebsd

OPNsense upgrade failed: Out of inodes

7 minute read
Date:

opnsense with no inodes

I use OPNsense as my firewall on a Pcengines Alix.

The primary reason is to have a firewall that will be always up-to-update, unlike most commercial customer grade firewalls that are only supported for a few years. Having a firewall that runs opensource software - it’s based on FreeBSD - also make it easier to review and to verify that there are no back doors.

When I tried to upgrade it to the latest release - 19.1.7 - the upgrade failed because the filesystem ran out of inodes. There is already a topic about this at the OPNsense forum and a fix available for the upcoming nano OPNsense images.

Read more...

Postfix smarthost with authentication

1 minute read
Date:

postfix

I used the relay host of my internet provider but this was causing issues since my email was getting mark as SPAM in gmail.
 
It was already on my to-do list to move my outgoing mail to my mail provider also to make it easier to move to another ISP or to implement SPF but was not on the top of my to-do list.
 
My email provider requires authentication, so I needed to reconfigure postfix in my FreeBSD mail jail to use a relay host with authentication.

Read more...

Bacula on FreeBSD (part 2 Bacula Catalog over SSL )

25 minute read
Date:

PostgreSSL

In my previous post, I setup on my PostgresSQL FreeBSD jail, In this post we continue with the bacaula server.

In this post we will continue with the database connection (Catalog) we’ll go the extra mile 1,609344 km and encrypt the catalog connection with ssl. Why? We encrypt.. because we can!

Bacula Components

  • Bacula Director
    The Bacula Director is daemon that runs in the backgroud that control all backup operations.

  • Bacula Console
    The Bacula console is an administrator program that allows an system administrator to control the Bacula director.

  • Bacula File
    The Bacula File is a backup client install on the backup client.

  • Bacula Storage
    The backup media.

  • Catalog
    The Catalog is the index of the backups. Bacula supports three types of index databases mySQL ( mariaDB), PostgreSQL and SQLite

  • Bacula monitor
    A Bacula monitor service is a program that allows the system administrator to cerify the status of the bacula Directors, Bacula File Daemons and Bacula Storage Daemons.

Bacula Server

Read more...

Bacula on FreeBSD (part 1 PostgresSQL in a jail)

9 minute read
Date:

I do take backups; my current solution are couple of shell script wrapper around dump/zfs send/btrfs send/rsync which is a mess. So decided give bacula a try

I use ezjail to manage my FreeBSD jails. PostgresSQL is my favorite database and will use this database as the backend for bacula and will use this database as the backend for bacula. I want to move all my databases to 1 FreeBSD jail this should make the easier to create reliable database backup in the further. For this reason we’ll setup 2 FreeBSD jails 1 for the database and 1 for bacula.

You’ll find my journey of installing PostgreSQL on a FreeBSD jail. In another blog post we will continue with the installation of baccula.

Read more...

Rataplan becomes a watchdog

less than 1 minute read
Date:

My NAS runs on FreeBSD I’m quiet happy with it. It’s named after the dog rataplan from the Lucky Luke comic

However transferring large data files to it causes the network to hang. The realtek network interface had issues with freebsd from the beginning. On the screen and in syslog the entry “re0: watchdog timeout” is printed.

Most FreeBSD people recommends to use Intel nics, I ordered a new Intel nic at dx.com. After the installation of the new NIC the network seems to be stable again.

Read more...

lxc templates in Fedora 20

9 minute read
Date:

I’m a big fan of containers and used them a lot on Solaris and jails on Freebsd. Containers/jails are the fastest way to spinup an new system and the easiest way to isolate services.

As always with virtualization you’ve to careful with sharing systems or containers that doesn’t below to the same customer or service on the same physical machine since you’re never sure which traces are left behind in the memory etc.

Linux containers are getting more popular since the release of docker

When I tried to create a few containers on Fedora 20, the first attempt (a debian container) wasn’t an success.

On a newly create debian container networking didn’t work.

Read more...

Freebsd 9.1 jails with Qjail

4 minute read
Date:


I’m using ezjail now.

The reason for this is that the port is marked as RESTRICTED. Since it seems to be a fork from ezjail without respecting the copyright and license https://lists.freebsd.org/pipermail/freebsd-jail/2013-March/002149.html.

</strong>


I’m adding more services to my freebsd system

I’m coming from the solaris world where it’s a common practice to run services in separated containers for security reasons.

On FreeBSD there are jails to isolate services and improve security.

At first I didn’t like jails the way the freebsd handbook describes it requires a buildworld which takes a long time on my system with a AMD C-60 CPU.

Lucky Qjail makes the deployment a lot easier.

Read more...

Running Freebsd 9.0 on Asus C60M1-i motherboard

less than 1 minute read
Date:

RIP

As my file and backup system pluto died i’m building a new one.

This system will run Freebsd mainly for the ZFS filesystem.

The motherbord will be a Asus C60M1-I. The cpu may not have not enough horsepower for deplucation at full speed but it has 6 sata ports which is not common on a mini ITX motherbord. I will reuse my old harddrives and add or replace them when I need more storage.

The freebsd 9.0 installation with ZFS root went well but the network adapter a Realtek 8111F isn’t supported by Freebsd 9.0. After checking google I found this on the freebsd-net mailinglist.

The realtek f8111F is supported in the latest driver code, after rebuilding my kernel the network adapter works fine. Very useful on a NAS ;-)

Read more...
Back to top ↑

linux

Howto use centos cloud images with cloud-init on KVM/libvirtd

6 minute read
Date:

Images versus unattended setup

Old-school

Unattended setup

In a traditional environment, systems are installed from a CDROM. The configuration is executed by the system administrator through the installer. This soon becomes a borning and unpractical task when we need to set up a lot of systems also it is important that systems are configured in same - and hopefully correct - way.

In a traditional environment, this can be automated by booting via BOOTP/PXE boot and configured is by a system that “feeds” the installer. Examples are:

Read more...

Setting up OpenStack-Ansible All-In-One on a Centos 7 system

6 minute read
Date:

openstack-logo

Openstack is a nice platform to deploy an Infrastructure as a service and is a collection of projects but it can be a bit difficult to setup. The documentation is really great if you want to setup openstack by hand and there are a few openstack distributions that makes it easier to install it.

Ansible is a very nice tool for system automatisation and is one that’s easier to learn.

ansible-logo-red

Wouldn’t be nice if we could make the openstack installation easier with ansible? That’s exactly what Openstack-Ansible does.

In this blog post we’ll setup “an all-in-one” openstack installation on Centos 7. The installer will install openstack into lxc containers and it’s nice way to learn how openstack works and how to operate it.

Preparation

Read more...

DNS Privacy with Stubby (Part 1 GNU/Linux)

9 minute read
Date:

** Installing and configuring an encrypted dns server is straightforward, there is no reason to use an unencrypted dns service. **

DNS is not secure or private

DNS traffic is insecure and runs over UDP port 53 (TCP for zone transfers ) unecrypted by default.

This make your unencrypted DNS traffic a privacy risk and a security risk:

  • anyone that is able to sniff your network traffic can collect a lot information from your leaking DNS traffic.
  • with a DNS spoofing attack an attacker can trick you let go to malicious website or try to intercept your email traffic.

Encrypt your dns traffic

Encrypting your network traffic is always a good idea for privacy and security reasons - ** we encrypt, because we can! ** - . More information about dns privacy can be found at https://dnsprivacy.org/

On this site you’ll find also the DNS Privacy Daemon - Stubby that let’s you send your DNS request over TLS to an alternative DNS provider. You should use a DNS provider that you trust and has a no logging policy. quad9, cloudflare and google dns are well-known alternative dns providers. At https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers you can find a few other options.

You’ll find my journey to setup Stubby on a few operation systems I use (or I’m force to use) below …

GNU/Linux

Read more...

Migrate a windows vmware virtual machine to Linux KVM

6 minute read
Date:

Linux KVM is getting more and more useable for desktop virtualization thanks to the the virtio and QXL/SPICE drivers.

Most Linux distributes have the virtio & QXL drivers you might need to install the spice-vdagent.

On Windows you can download and install the virtio and QXL drivers.

Using the virtio drivers will improve your guest system performance and your virtualization experience.

Read more...

High screen resolution on a KVM virtual machine with QXL

4 minute read
Date:

When you create an new virtual KVM virtual system the video ram is limited to 16MB by default to use a higer screen resolution you need to increase the video ram. The available resolution reported by the virtual screen may also not include the resolution that you want to utilize.

You’ll find my journey to enable higher screen resolutions in my KVM (qemu) virtual systems below.

Read more...

Update your CPU microcode on Arch Linux

10 minute read
Date:

Meltdown & spectre

With Meldown https://nvd.nist.gov/vuln/detail/CVE-2017-5754, Spectre Variant 1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 and Spectre Variant 2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 out in the wild there is a lot of confusing going about updating microcode.

There is a “Spectre & Meltdown Checker” available at https://github.com/speed47/spectre-meltdown-checker

Usage is very easy just clone the git repository and run the script.

Microcode

Microcode isn’t uploaded to the CPU but loaded during the boot strap of the CPU. Normally the BIOS upload the microcode to the CPU but this can also be done by the by the bootloader, or the operating system kernel.

Read more...

model-m tux update…

less than 1 minute read
Date:

modelm_tux_only.jpg

I own a Unicomp model-m keyboard. The keyboard has a nice key feel but it has windows super key(s).


I don’t use super key(s), and would prefer to have a keyboard without it. But when it has super keys I’d rather have it without the windows logo on it so it was time to replace them with the tux version

Read more...

20 core Dual Processor jenkins build workstation

1 minute read
Date:

Xeon


My jenkins builds are taking too long mainly due the lack of memory. I mainly use jenkins to verify that my software work on different operation systems (GNU/Linux distributions / *BSD / Solaris).

Looking for a solution that is still affordable I ended up with building a dual Xeon workstation. CPU and memory comes from www.ebay.be


 

Read more...

Run google chrome inside a fedora docker container over ssh

less than 1 minute read
Date:


Update (Mon Jun 8 2015): Running google-chrome inside a docker container isn't stable for me. I switched back to LXC to run google-chrome which seems to be more stable.


Created a docker image to start a docker container with chrome. Destroying the container each time that you start a browser is a easy way to get rid of your cookies and browser history.

Read more...

lxc templates in Fedora 20

9 minute read
Date:

I’m a big fan of containers and used them a lot on Solaris and jails on Freebsd. Containers/jails are the fastest way to spinup an new system and the easiest way to isolate services.

As always with virtualization you’ve to careful with sharing systems or containers that doesn’t below to the same customer or service on the same physical machine since you’re never sure which traces are left behind in the memory etc.

Linux containers are getting more popular since the release of docker

When I tried to create a few containers on Fedora 20, the first attempt (a debian container) wasn’t an success.

On a newly create debian container networking didn’t work.

Read more...

yum update on fedora 19 and zfs on linux

2 minute read
Date:

zfs

I use zfs on linux on fedora now.

The installation was pretty straightforward but after the installation of zfs yum update failed.


[root@vicky etc]# yum update -y
Loaded plugins: langpacks, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
fedora/19/x86_64/metalink                                                                                                                                                                   |  33 kB  00:00:00     
fedora                                                                                                                                                                                      | 4.2 kB  00:00:00     
fedora-chromium-stable                                                                                                                                                                      | 3.4 kB  00:00:00     
google-chrome                                                                                                                                                                               |  951 B  00:00:00     
rpmfusion-free                                                                                                                                                                              | 3.3 kB  00:00:00     
rpmfusion-free-updates                                                                                                                                                                      | 3.3 kB  00:00:00     
rpmfusion-nonfree                                                                                                                                                                           | 3.3 kB  00:00:00     
rpmfusion-nonfree-updates                                                                                                                                                                   | 3.3 kB  00:00:00     
updates/19/x86_64/metalink                                                                                                                                                                  |  30 kB  00:00:00     
updates                                                                                                                                                                                     | 4.4 kB  00:00:00     
zfs                                                                                                                                                                                         | 2.9 kB  00:00:00     
(1/6): fedora-chromium-stable/19/x86_64/primary_db                                                                                                                                          |  20 kB  00:00:00     
(2/6): zfs/19/x86_64/primary_db                                                                                                                                                             | 6.7 kB  00:00:00     
(3/6): updates/19/x86_64/group_gz                                                                                                                                                           | 385 kB  00:00:02     
(4/6): fedora/19/x86_64/group_gz                                                                                                                                                            | 384 kB  00:00:06     
(5/6): updates/19/x86_64/primary_db                                                                                                                                                         | 8.8 MB  00:01:53     
(6/6): fedora/19/x86_64/primary_db                                                                                                                                                          |  17 MB  00:03:34     
(1/10): google-chrome/primary                                                                                                                                                               | 1.9 kB  00:00:00     
(2/10): rpmfusion-free-updates/19/x86_64/primary_db                                                                                                                                         | 217 kB  00:00:01     
(3/10): rpmfusion-nonfree/19/x86_64/primary_db                                                                                                                                              | 149 kB  00:00:00     
(4/10): rpmfusion-free/19/x86_64/primary_db                                                                                                                                                 | 440 kB  00:00:03     
(5/10): rpmfusion-nonfree-updates/19/x86_64/primary_db                                                                              b                                                       |  97 kB  00:00:00     
(6/10): rpmfusion-nonfree-updates/19/x86_64/group_gz                                                                                                                                        |  990 B  00:00:05     
(7/10): rpmfusion-nonfree/19/x86_64/group_gz                                                                                                                                                |  993 B  00:00:07     
(8/10): rpmfusion-free/19/x86_64/group_gz                                                                                                                                                   | 1.6 kB  00:00:07     
(9/10): rpmfusion-free-updates/19/x86_64/group_gz                                                                                                                                           | 1.6 kB  00:00:07     
(10/10): updates/19/x86_64/updateinfo                                                                                                                                                       | 861 kB  00:00:09     
google-chrome                                                                                                                                                                                                  3/3
Resolving Dependencies
--> Running transaction check
---> Package dkms.noarch 0:2.2.0.3-14.zfs1.fc19 will be updated
--> Processing Dependency: dkms = 2.2.0.3-14.zfs1.fc19 for package: zfs-dkms-0.6.2-1.fc19.noarch
---> Package dkms.noarch 0:2.2.0.3-17.fc19 will be an update
--> Finished Dependency Resolution
Error: Package: zfs-dkms-0.6.2-1.fc19.noarch (@zfs)
           Requires: dkms = 2.2.0.3-14.zfs1.fc19
           Removing: dkms-2.2.0.3-14.zfs1.fc19.noarch (@zfs)
               dkms = 2.2.0.3-14.zfs1.fc19
           Updated By: dkms-2.2.0.3-17.fc19.noarch (updates)
               dkms = 2.2.0.3-17.fc19
           Available: dkms-2.2.0.3-5.fc19.noarch (fedora)
               dkms = 2.2.0.3-5.fc19
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@vicky etc]# 

On another fedora system yum update worked fine, after reviewing the differences in the yum configuration it seems that yum-plugin-priorities wasn’t installed on my box. After installing yum-plugin-priorities

[root@vicky etc]# yum install yum-plugin-priorities
Loaded plugins: langpacks, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-priorities.noarch 0:1.1.31-18.fc19 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                                     Arch                                         Version                                              Repository                                     Size
===================================================================================================================================================================================================================
Installing:
 yum-plugin-priorities                                       noarch                                       1.1.31-18.fc19                                       updates                                        22 k

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total download size: 22 k
Installed size: 28 k
Is this ok [y/d/N]: y
Downloading packages:
yum-plugin-priorities-1.1.31-18.fc19.noarch.rpm                                                                                                                                             |  22 kB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : yum-plugin-priorities-1.1.31-18.fc19.noarch                                                                                                                                                     1/1 
  Verifying  : yum-plugin-priorities-1.1.31-18.fc19.noarch                                                                                                                                                     1/1 

Installed:
  yum-plugin-priorities.noarch 0:1.1.31-18.fc19                                                                                                                                                                    

Complete!
[root@vicky etc]# 

And make sure that the zfs has the priority

[root@localhost etc]# cat yum.repos.d/zfs.repo
[zfs]
name=ZFS of Linux for Fedora $releasever
baseurl=http://archive.zfsonlinux.org/fedora/$releasever/$basearch/
enabled=1
priority=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
Requires:       yum-plugin-priorities

[zfs-source]
name=ZFS of Linux for Fedora $releasever - Source
baseurl=http://archive.zfsonlinux.org/fedora/$releasever/SRPMS/
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
[root@vicky etc]# 

yum update works again.

[root@vicky etc]# yum update -y
Loaded plugins: langpacks, priorities, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
2 packages excluded due to repository priority protections
No packages marked for update
[root@vicky etc]# 

Read more...

Running kindle on GNU/Linux with wine

less than 1 minute read
Date:

desktop

I enjoy reading ebooks during my train trip to work on my nexus 7.

At home I prefer to read on my monitor since this is bigger.

Most of the time I use epub or pdf for reading, I bought a kindle version of a book from amazon assuming that I could read with amazon cloud reader at home.

Unfortunately this books is not compatible with cloud reader.

Proprietary_formats should be avoid, lesson learned (again).

To read my book at home I decided to give the windows version of kindle on wine a try

The installation was pretty straightforward on Fedora 19.

  • Install wine
[root@vicky ~]# yum install wine
Loaded plugins: langpacks, refresh-packagekit

  • Download Kindle for Window xp

Download it from: http://www.amazon.com/gp/feature.html/ref=kcp_pc_ln_ar?docId=1000426311

  • Run the installer
[swagemakers@vicky ~]$ wine ~/Downloads/KindleForPC-installer.exe 
  • Create kindle startup script
wine $HOME/.wine/drive_c/Program\ Files\ \(x86\)/Amazon/Kindle/Kindle.exe &

Happy reading

but

It’s better to only read ebooks in an open format

Read more...
Back to top ↑

fedora

Building Your Own Docker Base Images (Part 3: Yum)

3 minute read
Date:

fedora_logo_small.png

In my previous two posts (1, 2 ), we created Docker Debian and Arch-based images from scratch for the i386 architecture.

In this blog post - last one in this series - we’ll do the same for yum based distributions like CentOS and Fedora.

Building your own Docker base images isn’t difficult and let you trust your distribution Gpg signing keys instead of the docker hub. As explained in the first blog post. The mkimage scripts in the contrib directory of the Moby project git repository is a good place to start if you want to build own docker images.

Read more...

Run google chrome inside a fedora docker container over ssh

less than 1 minute read
Date:


Update (Mon Jun 8 2015): Running google-chrome inside a docker container isn't stable for me. I switched back to LXC to run google-chrome which seems to be more stable.


Created a docker image to start a docker container with chrome. Destroying the container each time that you start a browser is a easy way to get rid of your cookies and browser history.

Read more...

lxc templates in Fedora 20

9 minute read
Date:

I’m a big fan of containers and used them a lot on Solaris and jails on Freebsd. Containers/jails are the fastest way to spinup an new system and the easiest way to isolate services.

As always with virtualization you’ve to careful with sharing systems or containers that doesn’t below to the same customer or service on the same physical machine since you’re never sure which traces are left behind in the memory etc.

Linux containers are getting more popular since the release of docker

When I tried to create a few containers on Fedora 20, the first attempt (a debian container) wasn’t an success.

On a newly create debian container networking didn’t work.

Read more...

yum update on fedora 19 and zfs on linux

2 minute read
Date:

zfs

I use zfs on linux on fedora now.

The installation was pretty straightforward but after the installation of zfs yum update failed.


[root@vicky etc]# yum update -y
Loaded plugins: langpacks, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
fedora/19/x86_64/metalink                                                                                                                                                                   |  33 kB  00:00:00     
fedora                                                                                                                                                                                      | 4.2 kB  00:00:00     
fedora-chromium-stable                                                                                                                                                                      | 3.4 kB  00:00:00     
google-chrome                                                                                                                                                                               |  951 B  00:00:00     
rpmfusion-free                                                                                                                                                                              | 3.3 kB  00:00:00     
rpmfusion-free-updates                                                                                                                                                                      | 3.3 kB  00:00:00     
rpmfusion-nonfree                                                                                                                                                                           | 3.3 kB  00:00:00     
rpmfusion-nonfree-updates                                                                                                                                                                   | 3.3 kB  00:00:00     
updates/19/x86_64/metalink                                                                                                                                                                  |  30 kB  00:00:00     
updates                                                                                                                                                                                     | 4.4 kB  00:00:00     
zfs                                                                                                                                                                                         | 2.9 kB  00:00:00     
(1/6): fedora-chromium-stable/19/x86_64/primary_db                                                                                                                                          |  20 kB  00:00:00     
(2/6): zfs/19/x86_64/primary_db                                                                                                                                                             | 6.7 kB  00:00:00     
(3/6): updates/19/x86_64/group_gz                                                                                                                                                           | 385 kB  00:00:02     
(4/6): fedora/19/x86_64/group_gz                                                                                                                                                            | 384 kB  00:00:06     
(5/6): updates/19/x86_64/primary_db                                                                                                                                                         | 8.8 MB  00:01:53     
(6/6): fedora/19/x86_64/primary_db                                                                                                                                                          |  17 MB  00:03:34     
(1/10): google-chrome/primary                                                                                                                                                               | 1.9 kB  00:00:00     
(2/10): rpmfusion-free-updates/19/x86_64/primary_db                                                                                                                                         | 217 kB  00:00:01     
(3/10): rpmfusion-nonfree/19/x86_64/primary_db                                                                                                                                              | 149 kB  00:00:00     
(4/10): rpmfusion-free/19/x86_64/primary_db                                                                                                                                                 | 440 kB  00:00:03     
(5/10): rpmfusion-nonfree-updates/19/x86_64/primary_db                                                                              b                                                       |  97 kB  00:00:00     
(6/10): rpmfusion-nonfree-updates/19/x86_64/group_gz                                                                                                                                        |  990 B  00:00:05     
(7/10): rpmfusion-nonfree/19/x86_64/group_gz                                                                                                                                                |  993 B  00:00:07     
(8/10): rpmfusion-free/19/x86_64/group_gz                                                                                                                                                   | 1.6 kB  00:00:07     
(9/10): rpmfusion-free-updates/19/x86_64/group_gz                                                                                                                                           | 1.6 kB  00:00:07     
(10/10): updates/19/x86_64/updateinfo                                                                                                                                                       | 861 kB  00:00:09     
google-chrome                                                                                                                                                                                                  3/3
Resolving Dependencies
--> Running transaction check
---> Package dkms.noarch 0:2.2.0.3-14.zfs1.fc19 will be updated
--> Processing Dependency: dkms = 2.2.0.3-14.zfs1.fc19 for package: zfs-dkms-0.6.2-1.fc19.noarch
---> Package dkms.noarch 0:2.2.0.3-17.fc19 will be an update
--> Finished Dependency Resolution
Error: Package: zfs-dkms-0.6.2-1.fc19.noarch (@zfs)
           Requires: dkms = 2.2.0.3-14.zfs1.fc19
           Removing: dkms-2.2.0.3-14.zfs1.fc19.noarch (@zfs)
               dkms = 2.2.0.3-14.zfs1.fc19
           Updated By: dkms-2.2.0.3-17.fc19.noarch (updates)
               dkms = 2.2.0.3-17.fc19
           Available: dkms-2.2.0.3-5.fc19.noarch (fedora)
               dkms = 2.2.0.3-5.fc19
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@vicky etc]# 

On another fedora system yum update worked fine, after reviewing the differences in the yum configuration it seems that yum-plugin-priorities wasn’t installed on my box. After installing yum-plugin-priorities

[root@vicky etc]# yum install yum-plugin-priorities
Loaded plugins: langpacks, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-priorities.noarch 0:1.1.31-18.fc19 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                                     Arch                                         Version                                              Repository                                     Size
===================================================================================================================================================================================================================
Installing:
 yum-plugin-priorities                                       noarch                                       1.1.31-18.fc19                                       updates                                        22 k

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total download size: 22 k
Installed size: 28 k
Is this ok [y/d/N]: y
Downloading packages:
yum-plugin-priorities-1.1.31-18.fc19.noarch.rpm                                                                                                                                             |  22 kB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : yum-plugin-priorities-1.1.31-18.fc19.noarch                                                                                                                                                     1/1 
  Verifying  : yum-plugin-priorities-1.1.31-18.fc19.noarch                                                                                                                                                     1/1 

Installed:
  yum-plugin-priorities.noarch 0:1.1.31-18.fc19                                                                                                                                                                    

Complete!
[root@vicky etc]# 

And make sure that the zfs has the priority

[root@localhost etc]# cat yum.repos.d/zfs.repo
[zfs]
name=ZFS of Linux for Fedora $releasever
baseurl=http://archive.zfsonlinux.org/fedora/$releasever/$basearch/
enabled=1
priority=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
Requires:       yum-plugin-priorities

[zfs-source]
name=ZFS of Linux for Fedora $releasever - Source
baseurl=http://archive.zfsonlinux.org/fedora/$releasever/SRPMS/
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
[root@vicky etc]# 

yum update works again.

[root@vicky etc]# yum update -y
Loaded plugins: langpacks, priorities, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
2 packages excluded due to repository priority protections
No packages marked for update
[root@vicky etc]# 

Read more...

Running kindle on GNU/Linux with wine

less than 1 minute read
Date:

desktop

I enjoy reading ebooks during my train trip to work on my nexus 7.

At home I prefer to read on my monitor since this is bigger.

Most of the time I use epub or pdf for reading, I bought a kindle version of a book from amazon assuming that I could read with amazon cloud reader at home.

Unfortunately this books is not compatible with cloud reader.

Proprietary_formats should be avoid, lesson learned (again).

To read my book at home I decided to give the windows version of kindle on wine a try

The installation was pretty straightforward on Fedora 19.

  • Install wine
[root@vicky ~]# yum install wine
Loaded plugins: langpacks, refresh-packagekit

  • Download Kindle for Window xp

Download it from: http://www.amazon.com/gp/feature.html/ref=kcp_pc_ln_ar?docId=1000426311

  • Run the installer
[swagemakers@vicky ~]$ wine ~/Downloads/KindleForPC-installer.exe 
  • Create kindle startup script
wine $HOME/.wine/drive_c/Program\ Files\ \(x86\)/Amazon/Kindle/Kindle.exe &

Happy reading

but

It’s better to only read ebooks in an open format

Read more...

yum install lookat

less than 1 minute read
Date:

“yum install lookat” works on Fedora now ;-)

Thanks Christopher!

[staf@vicky ~]$ sudo yum install lookat
[sudo] password for staf: 
Loaded plugins: langpacks, presto, refresh-packagekit, security
Repository google-chrome is listed more than once in the configuration
Resolving Dependencies
--> Running transaction check
---> Package lookat.x86_64 0:1.4.2-1.fc18 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================================================
 Package                                 Arch                                    Version                                         Repository                                Size
================================================================================================================================================================================
Installing:
 lookat                                  x86_64                                  1.4.2-1.fc18                                    updates                                   55 k

Transaction Summary
================================================================================================================================================================================
Install  1 Package

Total download size: 55 k
Installed size: 118 k
Is this ok [y/N]: y
Downloading Packages:
lookat-1.4.2-1.fc18.x86_64.rpm                                                                                                                           |  55 kB  00:00:00     
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : lookat-1.4.2-1.fc18.x86_64                                                                                                                                   1/1 
  Verifying  : lookat-1.4.2-1.fc18.x86_64                                                                                                                                   1/1 

Installed:
  lookat.x86_64 0:1.4.2-1.fc18                                                                                                                                                  

Complete!
[staf@vicky ~]$ 

Read more...
Back to top ↑

security

DNS Privacy with Stubby (Part 1 GNU/Linux)

9 minute read
Date:

** Installing and configuring an encrypted dns server is straightforward, there is no reason to use an unencrypted dns service. **

DNS is not secure or private

DNS traffic is insecure and runs over UDP port 53 (TCP for zone transfers ) unecrypted by default.

This make your unencrypted DNS traffic a privacy risk and a security risk:

  • anyone that is able to sniff your network traffic can collect a lot information from your leaking DNS traffic.
  • with a DNS spoofing attack an attacker can trick you let go to malicious website or try to intercept your email traffic.

Encrypt your dns traffic

Encrypting your network traffic is always a good idea for privacy and security reasons - ** we encrypt, because we can! ** - . More information about dns privacy can be found at https://dnsprivacy.org/

On this site you’ll find also the DNS Privacy Daemon - Stubby that let’s you send your DNS request over TLS to an alternative DNS provider. You should use a DNS provider that you trust and has a no logging policy. quad9, cloudflare and google dns are well-known alternative dns providers. At https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers you can find a few other options.

You’ll find my journey to setup Stubby on a few operation systems I use (or I’m force to use) below …

GNU/Linux

Read more...

Update your CPU microcode on Arch Linux

10 minute read
Date:

Meltdown & spectre

With Meldown https://nvd.nist.gov/vuln/detail/CVE-2017-5754, Spectre Variant 1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 and Spectre Variant 2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 out in the wild there is a lot of confusing going about updating microcode.

There is a “Spectre & Meltdown Checker” available at https://github.com/speed47/spectre-meltdown-checker

Usage is very easy just clone the git repository and run the script.

Microcode

Microcode isn’t uploaded to the CPU but loaded during the boot strap of the CPU. Normally the BIOS upload the microcode to the CPU but this can also be done by the by the bootloader, or the operating system kernel.

Read more...

Thunderbird: Importing s/mime certificate failed

3 minute read
Date:

thunderbird

On http://kb.mozillazine.org/Getting_an_SMIME_certificate you get a list of free s/mime certificate.

I ordered a free 30 days certificate at globalsign: https://www.globalsign.com/en/personalsign/trial/

The import of the pkcs12 failed in Thunderbird with the message: “The PKCS #12 operation failed for unknown reasons.”

Searching the internet didn’t provide a solution. To debug this issue I started to extract the private / certificate from the pkcs12 file provided by globalsign and creating a new one.

To execute this command I use an encrypted luks volume.

Create a new pkcs12 file

Read more...

Starting to protect my private keys with SmartCard-Hsm

15 minute read
Date:

I still have too many private keys on a local filesystem, I started to use the yubikey neo for my ssh authentication. Mainly because the nice formfactor of the yubikey.

For my other private keys/data I was looking for something cheeper since I need to have a backup of my secured data so I bought a few Smartcard-HSM smartcards they cost 16 € each while a yubi-key neo cost 54 € at amazon.de

Read more...

Openvas 7: adding credentials failed

less than 1 minute read
Date:

I’m creating a new openvas 7 system running centos 7 as a KVM instance.

The installation went fine but it was impossible to create new credentials.

I had a similar issue with my openvas 6 installation, this was resolved by creating the /etc/openvas/gnupg directory and creating the key openvasmd --create-credentials-encryption-key

But on my openvas 7 installation a creation of the encryption key was slooooow. As always Good Randomness is important for creating keys. So I decided to install haveged to get more randomness and hopefully this would speed up key creation.

[root@localhost ~]# yum install haveged

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * atomic: www6.atomicorp.com
 * base: centos.cu.be
 * extras: centos.cu.be
 * updates: centos.cu.be
Package haveged-1.9.1-2.el7.art.x86_64 already installed and latest version
Nothing to do
[root@localhost ~]# 
[root@localhost ~]# systemct list-unit-files --type=service | grep haveged
-bash: systemct: command not found
[root@localhost ~]# systemctl list-unit-files --type=service | grep haveged
haveged.service                             disabled
[root@localhost ~]# systemctl enable haveged
ln -s '/usr/lib/systemd/system/haveged.service' '/etc/systemd/system/multi-user.target.wants/haveged.service'
[root@localhost ~]# systemctl start haveged
[root@localhost ~]# 

The key creation took a only sec.

[root@localhost ~]# openvasmd --create-credentials-encryption-key
Key creation succeeded.
[root@localhost ~]# 

Adding new credentials works like a charm now.

Happy hacking!

Read more...
Back to top ↑

lookat

Lookat 1.4.4 released

less than 1 minute read
Date:

Lookat 1.4.4 is the latest stable release of Lookat/Bekijk the userfriendly file browser/viewer.

Read more...

yum install lookat

less than 1 minute read
Date:

“yum install lookat” works on Fedora now ;-)

Thanks Christopher!

[staf@vicky ~]$ sudo yum install lookat
[sudo] password for staf: 
Loaded plugins: langpacks, presto, refresh-packagekit, security
Repository google-chrome is listed more than once in the configuration
Resolving Dependencies
--> Running transaction check
---> Package lookat.x86_64 0:1.4.2-1.fc18 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================================================
 Package                                 Arch                                    Version                                         Repository                                Size
================================================================================================================================================================================
Installing:
 lookat                                  x86_64                                  1.4.2-1.fc18                                    updates                                   55 k

Transaction Summary
================================================================================================================================================================================
Install  1 Package

Total download size: 55 k
Installed size: 118 k
Is this ok [y/N]: y
Downloading Packages:
lookat-1.4.2-1.fc18.x86_64.rpm                                                                                                                           |  55 kB  00:00:00     
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : lookat-1.4.2-1.fc18.x86_64                                                                                                                                   1/1 
  Verifying  : lookat-1.4.2-1.fc18.x86_64                                                                                                                                   1/1 

Installed:
  lookat.x86_64 0:1.4.2-1.fc18                                                                                                                                                  

Complete!
[staf@vicky ~]$ 

Read more...
Back to top ↑

docker

Building Your Own Docker Base Images (Part 3: Yum)

3 minute read
Date:

fedora_logo_small.png

In my previous two posts (1, 2 ), we created Docker Debian and Arch-based images from scratch for the i386 architecture.

In this blog post - last one in this series - we’ll do the same for yum based distributions like CentOS and Fedora.

Building your own Docker base images isn’t difficult and let you trust your distribution Gpg signing keys instead of the docker hub. As explained in the first blog post. The mkimage scripts in the contrib directory of the Moby project git repository is a good place to start if you want to build own docker images.

Read more...

Building your own docker images (Part2: Arch GNU/Linux & Co)

2 minute read
Date:

In my previous post, we started with creating Debian based docker images from scratch for the i386 architecture.

In this blog post, we’ll create Arch GNU/Linux based images.

Arch GNU/Linux

Arch Linux stopped supporting i386 systems. When you want to run Archlinux on an i386 system there is a community maintained Archlinux32 project and the Free software version Parabola GNU/Linux-libre.

For the arm architecture, there is Archlinux Arm project that I used.

Read more...

Running Docker on ARM

22 minute read
Date:

odroid

I own an odroid u3 that I used for my media center with xbmc while I like the performance of the Exynos4412 CPU but the drivers for the Mali GPU aren’t opensource.

I like ARM but unfortunatelly a lot of the ARM soc’s have no opensource drivers for the GPU

The manufacturer of the odroid u3 - hardkernel - provides ubuntu 14.04 images with xbmc and mali support. It isn’t possible to get the newer of version of xbmc - now kodi - running, or I didn’t succeed withit. I’ll look for another solution for my media server needs this might be my raspberry pi 1 model B+ that is laying around doing nothing running openelec

odroid

Like I said I like the performance of the ordoid U3 that why I installed archLinuxArm to play with Docker. I could have sticked with Ubuntu 14.04 but with Arch Linux I get more up-to-date software.

The installion was pretty straightforward even the docker installation was the same as on a x86 platform.

Since we are using docker on arm we have to build our own docker base images instead of using the docker registery. I have security concerns about installtion and using unsigned non-verified software anyway. If you build your own image it possible to audit/verify the build process.

Read more...

Run google chrome inside a fedora docker container over ssh

less than 1 minute read
Date:


Update (Mon Jun 8 2015): Running google-chrome inside a docker container isn't stable for me. I switched back to LXC to run google-chrome which seems to be more stable.


Created a docker image to start a docker container with chrome. Destroying the container each time that you start a browser is a easy way to get rid of your cookies and browser history.

Read more...

lxc templates in Fedora 20

9 minute read
Date:

I’m a big fan of containers and used them a lot on Solaris and jails on Freebsd. Containers/jails are the fastest way to spinup an new system and the easiest way to isolate services.

As always with virtualization you’ve to careful with sharing systems or containers that doesn’t below to the same customer or service on the same physical machine since you’re never sure which traces are left behind in the memory etc.

Linux containers are getting more popular since the release of docker

When I tried to create a few containers on Fedora 20, the first attempt (a debian container) wasn’t an success.

On a newly create debian container networking didn’t work.

Read more...
Back to top ↑

git

bash saved my day

less than 1 minute read
Date:

I was creating an ugly quick-and-dirty script to setup the squid cache_dir automatically with puppet based on the diskspace and memory available.

When you are developing you sometimes forget to create backups and push it to git, and mistakes are around the corner.

Lucky bash saved my day!

$ ./create_cache_entries.sh  > create_cache_entries.sh 
-bash: ./create_cache_entries.sh: /bin/bash: bad interpreter: Text file busy
$ vi create_cache_entries.sh 

Read more...

CGIpaf uploaded to github

less than 1 minute read
Date:

I finally converted the cgipaf cvs repository to github.

I used cvs2git It took a bit longer than expected.

My first attempt didn’t had the release tags right.

Adding --retain-conflicting-attic-files to cvs2git resolved this issue.

You’ll find how I did it it below.

Read more...

RIP: pluto

less than 1 minute read
Date:

RIP After 10 year, my fileserver pluto died. Pluto was a AMD64 had 1GB RAM and 4 too loud samsung drives (160GB).

( 1 minute silence …. )

I take backups of course ;-) I already ordered the parts to build a new pluto.

Pluto still hosted some CSV repositorties like CGIpaf. But it’s time to move the source to a safer place. This will be github.

I also decided to create a blog and I wanted something that integrated well with github. Octopress seems to be the most logical choose. It’s written in ruby which is a nice bonus.

Read more...
Back to top ↑

debian

Howto use centos cloud images with cloud-init on KVM/libvirtd

6 minute read
Date:

Images versus unattended setup

Old-school

Unattended setup

In a traditional environment, systems are installed from a CDROM. The configuration is executed by the system administrator through the installer. This soon becomes a borning and unpractical task when we need to set up a lot of systems also it is important that systems are configured in same - and hopefully correct - way.

In a traditional environment, this can be automated by booting via BOOTP/PXE boot and configured is by a system that “feeds” the installer. Examples are:

Read more...

How to install libreboot on a ThinkPad X60

13 minute read
Date:


 
I got a ThinkPad x60 (tablet version) from ebay.be to install libreboot on it.
 
I tried to compile libreboot on Debian and Parabola GNU/Linux but both failed, compling Libreboot on Trisquel 7 works fine so I’ll use Trisquel to replace the BIOS with libreboot.
 
I’m not sure that I’ll use Trisquel 7 as my daily driver since it is a bit outdated… I might go with Debian Strech without the non-free repositories to get a fully Free Software Laptop/tablet. I’ll need to replace the Intel wifi adapter since this requires non-free firmware.
 
You’ll find a small howto install libreboot on a Thinkpad X60 below.
 

Thinkpad

Build Libreboot

The latest version of libreboot isn’t available via a binary distribution so I decided to build it from source.

Read more...

lxc templates in Fedora 20

9 minute read
Date:

I’m a big fan of containers and used them a lot on Solaris and jails on Freebsd. Containers/jails are the fastest way to spinup an new system and the easiest way to isolate services.

As always with virtualization you’ve to careful with sharing systems or containers that doesn’t below to the same customer or service on the same physical machine since you’re never sure which traces are left behind in the memory etc.

Linux containers are getting more popular since the release of docker

When I tried to create a few containers on Fedora 20, the first attempt (a debian container) wasn’t an success.

On a newly create debian container networking didn’t work.

Read more...
Back to top ↑

solaris

20 core Dual Processor jenkins build workstation

1 minute read
Date:

Xeon


My jenkins builds are taking too long mainly due the lack of memory. I mainly use jenkins to verify that my software work on different operation systems (GNU/Linux distributions / *BSD / Solaris).

Looking for a solution that is still affordable I ended up with building a dual Xeon workstation. CPU and memory comes from www.ebay.be


 

Read more...

lxc templates in Fedora 20

9 minute read
Date:

I’m a big fan of containers and used them a lot on Solaris and jails on Freebsd. Containers/jails are the fastest way to spinup an new system and the easiest way to isolate services.

As always with virtualization you’ve to careful with sharing systems or containers that doesn’t below to the same customer or service on the same physical machine since you’re never sure which traces are left behind in the memory etc.

Linux containers are getting more popular since the release of docker

When I tried to create a few containers on Fedora 20, the first attempt (a debian container) wasn’t an success.

On a newly create debian container networking didn’t work.

Read more...

Ide is still alive…

less than 1 minute read
Date:

sta2ide

The dvd drive in my sun blade 1500 workstation broke down. I use this system acausally for some development, it's always handy to have a big endian system at hand.

The dvd drive was still handy to load another operating system on it.
The dvd drive has an ide interface which are hard to get these days…

dvd

I found a ide to sata convertor and a new dvd drive with a sata interface at conrad. This should convert the sata interface to an ide interface without any driver and works with any operating system.

Well let's put this to a test on a sparc system with solaris :-)

on

The installation was pretty straightforward, luckily the dvd rom drive has a plastic back since the converter touches the back of the dvd rom drive.

sun

After a quick test it seems to work like a charm. I might install opensxce on it.

It seems to be the only option to run an opensolaris ancestor on sparc hardware.

Read more...

Freebsd 9.1 jails with Qjail

4 minute read
Date:


I’m using ezjail now.

The reason for this is that the port is marked as RESTRICTED. Since it seems to be a fork from ezjail without respecting the copyright and license https://lists.freebsd.org/pipermail/freebsd-jail/2013-March/002149.html.

</strong>


I’m adding more services to my freebsd system

I’m coming from the solaris world where it’s a common practice to run services in separated containers for security reasons.

On FreeBSD there are jails to isolate services and improve security.

At first I didn’t like jails the way the freebsd handbook describes it requires a buildworld which takes a long time on my system with a AMD C-60 CPU.

Lucky Qjail makes the deployment a lot easier.

Read more...
Back to top ↑

cgipaf

CGIpaf uploaded to github

less than 1 minute read
Date:

I finally converted the cgipaf cvs repository to github.

I used cvs2git It took a bit longer than expected.

My first attempt didn’t had the release tags right.

Adding --retain-conflicting-attic-files to cvs2git resolved this issue.

You’ll find how I did it it below.

Read more...
Back to top ↑

bsd

20 core Dual Processor jenkins build workstation

1 minute read
Date:

Xeon


My jenkins builds are taking too long mainly due the lack of memory. I mainly use jenkins to verify that my software work on different operation systems (GNU/Linux distributions / *BSD / Solaris).

Looking for a solution that is still affordable I ended up with building a dual Xeon workstation. CPU and memory comes from www.ebay.be


 

Read more...
Back to top ↑

netbsd

Lookat 1.4.4 released

less than 1 minute read
Date:

Lookat 1.4.4 is the latest stable release of Lookat/Bekijk the userfriendly file browser/viewer.

Read more...
Back to top ↑

containers

Building Your Own Docker Base Images (Part 3: Yum)

3 minute read
Date:

fedora_logo_small.png

In my previous two posts (1, 2 ), we created Docker Debian and Arch-based images from scratch for the i386 architecture.

In this blog post - last one in this series - we’ll do the same for yum based distributions like CentOS and Fedora.

Building your own Docker base images isn’t difficult and let you trust your distribution Gpg signing keys instead of the docker hub. As explained in the first blog post. The mkimage scripts in the contrib directory of the Moby project git repository is a good place to start if you want to build own docker images.

Read more...

Building your own docker images (Part2: Arch GNU/Linux & Co)

2 minute read
Date:

In my previous post, we started with creating Debian based docker images from scratch for the i386 architecture.

In this blog post, we’ll create Arch GNU/Linux based images.

Arch GNU/Linux

Arch Linux stopped supporting i386 systems. When you want to run Archlinux on an i386 system there is a community maintained Archlinux32 project and the Free software version Parabola GNU/Linux-libre.

For the arm architecture, there is Archlinux Arm project that I used.

Read more...

Run google chrome inside a fedora docker container over ssh

less than 1 minute read
Date:


Update (Mon Jun 8 2015): Running google-chrome inside a docker container isn't stable for me. I switched back to LXC to run google-chrome which seems to be more stable.


Created a docker image to start a docker container with chrome. Destroying the container each time that you start a browser is a easy way to get rid of your cookies and browser history.

Read more...

lxc templates in Fedora 20

9 minute read
Date:

I’m a big fan of containers and used them a lot on Solaris and jails on Freebsd. Containers/jails are the fastest way to spinup an new system and the easiest way to isolate services.

As always with virtualization you’ve to careful with sharing systems or containers that doesn’t below to the same customer or service on the same physical machine since you’re never sure which traces are left behind in the memory etc.

Linux containers are getting more popular since the release of docker

When I tried to create a few containers on Fedora 20, the first attempt (a debian container) wasn’t an success.

On a newly create debian container networking didn’t work.

Read more...
Back to top ↑

centos

Building Your Own Docker Base Images (Part 3: Yum)

3 minute read
Date:

fedora_logo_small.png

In my previous two posts (1, 2 ), we created Docker Debian and Arch-based images from scratch for the i386 architecture.

In this blog post - last one in this series - we’ll do the same for yum based distributions like CentOS and Fedora.

Building your own Docker base images isn’t difficult and let you trust your distribution Gpg signing keys instead of the docker hub. As explained in the first blog post. The mkimage scripts in the contrib directory of the Moby project git repository is a good place to start if you want to build own docker images.

Read more...

Howto use centos cloud images with cloud-init on KVM/libvirtd

6 minute read
Date:

Images versus unattended setup

Old-school

Unattended setup

In a traditional environment, systems are installed from a CDROM. The configuration is executed by the system administrator through the installer. This soon becomes a borning and unpractical task when we need to set up a lot of systems also it is important that systems are configured in same - and hopefully correct - way.

In a traditional environment, this can be automated by booting via BOOTP/PXE boot and configured is by a system that “feeds” the installer. Examples are:

Read more...

Setting up OpenStack-Ansible All-In-One on a Centos 7 system

6 minute read
Date:

openstack-logo

Openstack is a nice platform to deploy an Infrastructure as a service and is a collection of projects but it can be a bit difficult to setup. The documentation is really great if you want to setup openstack by hand and there are a few openstack distributions that makes it easier to install it.

Ansible is a very nice tool for system automatisation and is one that’s easier to learn.

ansible-logo-red

Wouldn’t be nice if we could make the openstack installation easier with ansible? That’s exactly what Openstack-Ansible does.

In this blog post we’ll setup “an all-in-one” openstack installation on Centos 7. The installer will install openstack into lxc containers and it’s nice way to learn how openstack works and how to operate it.

Preparation

Read more...

Openvas 7: adding credentials failed

less than 1 minute read
Date:

I’m creating a new openvas 7 system running centos 7 as a KVM instance.

The installation went fine but it was impossible to create new credentials.

I had a similar issue with my openvas 6 installation, this was resolved by creating the /etc/openvas/gnupg directory and creating the key openvasmd --create-credentials-encryption-key

But on my openvas 7 installation a creation of the encryption key was slooooow. As always Good Randomness is important for creating keys. So I decided to install haveged to get more randomness and hopefully this would speed up key creation.

[root@localhost ~]# yum install haveged

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * atomic: www6.atomicorp.com
 * base: centos.cu.be
 * extras: centos.cu.be
 * updates: centos.cu.be
Package haveged-1.9.1-2.el7.art.x86_64 already installed and latest version
Nothing to do
[root@localhost ~]# 
[root@localhost ~]# systemct list-unit-files --type=service | grep haveged
-bash: systemct: command not found
[root@localhost ~]# systemctl list-unit-files --type=service | grep haveged
haveged.service                             disabled
[root@localhost ~]# systemctl enable haveged
ln -s '/usr/lib/systemd/system/haveged.service' '/etc/systemd/system/multi-user.target.wants/haveged.service'
[root@localhost ~]# systemctl start haveged
[root@localhost ~]# 

The key creation took a only sec.

[root@localhost ~]# openvasmd --create-credentials-encryption-key
Key creation succeeded.
[root@localhost ~]# 

Adding new credentials works like a charm now.

Happy hacking!

Read more...
Back to top ↑

kvm

Migrate a windows vmware virtual machine to Linux KVM

6 minute read
Date:

Linux KVM is getting more and more useable for desktop virtualization thanks to the the virtio and QXL/SPICE drivers.

Most Linux distributes have the virtio & QXL drivers you might need to install the spice-vdagent.

On Windows you can download and install the virtio and QXL drivers.

Using the virtio drivers will improve your guest system performance and your virtualization experience.

Read more...

High screen resolution on a KVM virtual machine with QXL

4 minute read
Date:

When you create an new virtual KVM virtual system the video ram is limited to 16MB by default to use a higer screen resolution you need to increase the video ram. The available resolution reported by the virtual screen may also not include the resolution that you want to utilize.

You’ll find my journey to enable higher screen resolutions in my KVM (qemu) virtual systems below.

Read more...

Openvas 7: adding credentials failed

less than 1 minute read
Date:

I’m creating a new openvas 7 system running centos 7 as a KVM instance.

The installation went fine but it was impossible to create new credentials.

I had a similar issue with my openvas 6 installation, this was resolved by creating the /etc/openvas/gnupg directory and creating the key openvasmd --create-credentials-encryption-key

But on my openvas 7 installation a creation of the encryption key was slooooow. As always Good Randomness is important for creating keys. So I decided to install haveged to get more randomness and hopefully this would speed up key creation.

[root@localhost ~]# yum install haveged

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * atomic: www6.atomicorp.com
 * base: centos.cu.be
 * extras: centos.cu.be
 * updates: centos.cu.be
Package haveged-1.9.1-2.el7.art.x86_64 already installed and latest version
Nothing to do
[root@localhost ~]# 
[root@localhost ~]# systemct list-unit-files --type=service | grep haveged
-bash: systemct: command not found
[root@localhost ~]# systemctl list-unit-files --type=service | grep haveged
haveged.service                             disabled
[root@localhost ~]# systemctl enable haveged
ln -s '/usr/lib/systemd/system/haveged.service' '/etc/systemd/system/multi-user.target.wants/haveged.service'
[root@localhost ~]# systemctl start haveged
[root@localhost ~]# 

The key creation took a only sec.

[root@localhost ~]# openvasmd --create-credentials-encryption-key
Key creation succeeded.
[root@localhost ~]# 

Adding new credentials works like a charm now.

Happy hacking!

Read more...
Back to top ↑

jails

Freebsd 9.1 jails with Qjail

4 minute read
Date:


I’m using ezjail now.

The reason for this is that the port is marked as RESTRICTED. Since it seems to be a fork from ezjail without respecting the copyright and license https://lists.freebsd.org/pipermail/freebsd-jail/2013-March/002149.html.

</strong>


I’m adding more services to my freebsd system

I’m coming from the solaris world where it’s a common practice to run services in separated containers for security reasons.

On FreeBSD there are jails to isolate services and improve security.

At first I didn’t like jails the way the freebsd handbook describes it requires a buildworld which takes a long time on my system with a AMD C-60 CPU.

Lucky Qjail makes the deployment a lot easier.

Read more...
Back to top ↑

libreboot

How to install libreboot on a ThinkPad W500

12 minute read
Date:

w500 and pi

I got a Lenovo Thinkpad W500 from www.2dehands.be for a nice price.

Actually, I got it a couple of months back but I didn’t have time to play with it and it took some time to get some parts from Aliexpress.

The Thinkpad W500 is probably the most powerful system that is compatible with Libreboot, it has a nice high-resolution display with a 1920 x 1200 resolution which is even a higher screen resolution than the Full HD resolution used on most new laptops today.

Security

Keep in mind that the core duo CPU does not get microcode updates from Intel for [spectre and meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability). There is no solution (currently) for spectre 3a - Rogue System Register Read - CVE-2018-3640 and Spectre 4 - Speculative Store Bypass CVE-2018-3639 without a microcode update.

Binary blobs are bad. Having a closed source binary-only piece of software on your system is not only unacceptable for Free Software activists it also makes it more difficult to review what it really does and makes it more difficult to review it for security concerns.

Having your system vulnerable is also a bad thing of course. Can’t wait to get a computer system with an open CPU architecture like RISC-V.

Preparation

Read more...

Install Parabola GNU/Linux on an Encrypted btrfs logical volume

14 minute read
Date:

413px-Gnu10-mascot-logo_100ppi.png

I finally found time to complete the installation of my Libreboot laptop

I decided to give Parabola GNU/Linux a try as my daily driver to get a fully Free Software Laptop/tablet.

Download the Parabola GNU/Linux iso and boot it

After Parabola GNU/Linux is booted verify that you have internet access if the network card is support and dhcp is enabled on you network you should get a network address.

Read more...

How to install libreboot on a ThinkPad X60

13 minute read
Date:


 
I got a ThinkPad x60 (tablet version) from ebay.be to install libreboot on it.
 
I tried to compile libreboot on Debian and Parabola GNU/Linux but both failed, compling Libreboot on Trisquel 7 works fine so I’ll use Trisquel to replace the BIOS with libreboot.
 
I’m not sure that I’ll use Trisquel 7 as my daily driver since it is a bit outdated… I might go with Debian Strech without the non-free repositories to get a fully Free Software Laptop/tablet. I’ll need to replace the Intel wifi adapter since this requires non-free firmware.
 
You’ll find a small howto install libreboot on a Thinkpad X60 below.
 

Thinkpad

Build Libreboot

The latest version of libreboot isn’t available via a binary distribution so I decided to build it from source.

Read more...
Back to top ↑

parabola

Building your own docker images (Part2: Arch GNU/Linux & Co)

2 minute read
Date:

In my previous post, we started with creating Debian based docker images from scratch for the i386 architecture.

In this blog post, we’ll create Arch GNU/Linux based images.

Arch GNU/Linux

Arch Linux stopped supporting i386 systems. When you want to run Archlinux on an i386 system there is a community maintained Archlinux32 project and the Free software version Parabola GNU/Linux-libre.

For the arm architecture, there is Archlinux Arm project that I used.

Read more...

Install Parabola GNU/Linux on an Encrypted btrfs logical volume

14 minute read
Date:

413px-Gnu10-mascot-logo_100ppi.png

I finally found time to complete the installation of my Libreboot laptop

I decided to give Parabola GNU/Linux a try as my daily driver to get a fully Free Software Laptop/tablet.

Download the Parabola GNU/Linux iso and boot it

After Parabola GNU/Linux is booted verify that you have internet access if the network card is support and dhcp is enabled on you network you should get a network address.

Read more...

How to install libreboot on a ThinkPad X60

13 minute read
Date:


 
I got a ThinkPad x60 (tablet version) from ebay.be to install libreboot on it.
 
I tried to compile libreboot on Debian and Parabola GNU/Linux but both failed, compling Libreboot on Trisquel 7 works fine so I’ll use Trisquel to replace the BIOS with libreboot.
 
I’m not sure that I’ll use Trisquel 7 as my daily driver since it is a bit outdated… I might go with Debian Strech without the non-free repositories to get a fully Free Software Laptop/tablet. I’ll need to replace the Intel wifi adapter since this requires non-free firmware.
 
You’ll find a small howto install libreboot on a Thinkpad X60 below.
 

Thinkpad

Build Libreboot

The latest version of libreboot isn’t available via a binary distribution so I decided to build it from source.

Read more...
Back to top ↑

bacula

Bacula on FreeBSD (part 2 Bacula Catalog over SSL )

25 minute read
Date:

PostgreSSL

In my previous post, I setup on my PostgresSQL FreeBSD jail, In this post we continue with the bacaula server.

In this post we will continue with the database connection (Catalog) we’ll go the extra mile 1,609344 km and encrypt the catalog connection with ssl. Why? We encrypt.. because we can!

Bacula Components

  • Bacula Director
    The Bacula Director is daemon that runs in the backgroud that control all backup operations.

  • Bacula Console
    The Bacula console is an administrator program that allows an system administrator to control the Bacula director.

  • Bacula File
    The Bacula File is a backup client install on the backup client.

  • Bacula Storage
    The backup media.

  • Catalog
    The Catalog is the index of the backups. Bacula supports three types of index databases mySQL ( mariaDB), PostgreSQL and SQLite

  • Bacula monitor
    A Bacula monitor service is a program that allows the system administrator to cerify the status of the bacula Directors, Bacula File Daemons and Bacula Storage Daemons.

Bacula Server

Read more...

Bacula on FreeBSD (part 1 PostgresSQL in a jail)

9 minute read
Date:

I do take backups; my current solution are couple of shell script wrapper around dump/zfs send/btrfs send/rsync which is a mess. So decided give bacula a try

I use ezjail to manage my FreeBSD jails. PostgresSQL is my favorite database and will use this database as the backend for bacula and will use this database as the backend for bacula. I want to move all my databases to 1 FreeBSD jail this should make the easier to create reliable database backup in the further. For this reason we’ll setup 2 FreeBSD jails 1 for the database and 1 for bacula.

You’ll find my journey of installing PostgreSQL on a FreeBSD jail. In another blog post we will continue with the installation of baccula.

Read more...
Back to top ↑

backup

Bacula on FreeBSD (part 2 Bacula Catalog over SSL )

25 minute read
Date:

PostgreSSL

In my previous post, I setup on my PostgresSQL FreeBSD jail, In this post we continue with the bacaula server.

In this post we will continue with the database connection (Catalog) we’ll go the extra mile 1,609344 km and encrypt the catalog connection with ssl. Why? We encrypt.. because we can!

Bacula Components

  • Bacula Director
    The Bacula Director is daemon that runs in the backgroud that control all backup operations.

  • Bacula Console
    The Bacula console is an administrator program that allows an system administrator to control the Bacula director.

  • Bacula File
    The Bacula File is a backup client install on the backup client.

  • Bacula Storage
    The backup media.

  • Catalog
    The Catalog is the index of the backups. Bacula supports three types of index databases mySQL ( mariaDB), PostgreSQL and SQLite

  • Bacula monitor
    A Bacula monitor service is a program that allows the system administrator to cerify the status of the bacula Directors, Bacula File Daemons and Bacula Storage Daemons.

Bacula Server

Read more...

Bacula on FreeBSD (part 1 PostgresSQL in a jail)

9 minute read
Date:

I do take backups; my current solution are couple of shell script wrapper around dump/zfs send/btrfs send/rsync which is a mess. So decided give bacula a try

I use ezjail to manage my FreeBSD jails. PostgresSQL is my favorite database and will use this database as the backend for bacula and will use this database as the backend for bacula. I want to move all my databases to 1 FreeBSD jail this should make the easier to create reliable database backup in the further. For this reason we’ll setup 2 FreeBSD jails 1 for the database and 1 for bacula.

You’ll find my journey of installing PostgreSQL on a FreeBSD jail. In another blog post we will continue with the installation of baccula.

Read more...
Back to top ↑

opnsense

OPNsense upgrade failed: Out of inodes

7 minute read
Date:

opnsense with no inodes

I use OPNsense as my firewall on a Pcengines Alix.

The primary reason is to have a firewall that will be always up-to-update, unlike most commercial customer grade firewalls that are only supported for a few years. Having a firewall that runs opensource software - it’s based on FreeBSD - also make it easier to review and to verify that there are no back doors.

When I tried to upgrade it to the latest release - 19.1.7 - the upgrade failed because the filesystem ran out of inodes. There is already a topic about this at the OPNsense forum and a fix available for the upcoming nano OPNsense images.

Read more...

32 bits matters!

1 minute read
Date:

32bits_opnsense.jpg

pfsense 2.3

My firewall is a pcengines alix.

It was running pfsense and was quite happy about it. Pfsense dropped support for 32 bits in their pfsense 2.4 release.

This would left me with a unsupported firewall which was one of the reasons to use pfsense instead of a closed source commercial router.

I could have moved to a new firewall like the pcengines apu but there is no reason to replace hardware that works fine.

The nice thing about opensource software is that we’ve options to choose from if software doesn’t match your usecase we’ve other options to choose from.

OPNsense

Read more...
Back to top ↑

dns

DNS Privacy with Stubby (Part 1 GNU/Linux)

9 minute read
Date:

** Installing and configuring an encrypted dns server is straightforward, there is no reason to use an unencrypted dns service. **

DNS is not secure or private

DNS traffic is insecure and runs over UDP port 53 (TCP for zone transfers ) unecrypted by default.

This make your unencrypted DNS traffic a privacy risk and a security risk:

  • anyone that is able to sniff your network traffic can collect a lot information from your leaking DNS traffic.
  • with a DNS spoofing attack an attacker can trick you let go to malicious website or try to intercept your email traffic.

Encrypt your dns traffic

Encrypting your network traffic is always a good idea for privacy and security reasons - ** we encrypt, because we can! ** - . More information about dns privacy can be found at https://dnsprivacy.org/

On this site you’ll find also the DNS Privacy Daemon - Stubby that let’s you send your DNS request over TLS to an alternative DNS provider. You should use a DNS provider that you trust and has a no logging policy. quad9, cloudflare and google dns are well-known alternative dns providers. At https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers you can find a few other options.

You’ll find my journey to setup Stubby on a few operation systems I use (or I’m force to use) below …

GNU/Linux

Read more...
Back to top ↑

blog

Migrate from octopress to jekyll

2 minute read
Date:

octopress_logo I migrated my blog from Octopress to Jekyll. The primary reason is that octopress isn’t maintained any more. I’m sure its great theme will live on in a lot of projects.

I like static webpage creators, they allow you to create nice websites without the need to have any code on the remote website. Anything that runs code has the possibility to be cracked, having a static website limit the attack vectors. You still need to protect the upload of the website and the system(s) that hosts your site of course.

Read more...

RIP: pluto

less than 1 minute read
Date:

RIP After 10 year, my fileserver pluto died. Pluto was a AMD64 had 1GB RAM and 4 too loud samsung drives (160GB).

( 1 minute silence …. )

I take backups of course ;-) I already ordered the parts to build a new pluto.

Pluto still hosted some CSV repositorties like CGIpaf. But it’s time to move the source to a safer place. This will be github.

I also decided to create a blog and I wanted something that integrated well with github. Octopress seems to be the most logical choose. It’s written in ruby which is a nice bonus.

Read more...
Back to top ↑

cvs

CGIpaf uploaded to github

less than 1 minute read
Date:

I finally converted the cgipaf cvs repository to github.

I used cvs2git It took a bit longer than expected.

My first attempt didn’t had the release tags right.

Adding --retain-conflicting-attic-files to cvs2git resolved this issue.

You’ll find how I did it it below.

Read more...

RIP: pluto

less than 1 minute read
Date:

RIP After 10 year, my fileserver pluto died. Pluto was a AMD64 had 1GB RAM and 4 too loud samsung drives (160GB).

( 1 minute silence …. )

I take backups of course ;-) I already ordered the parts to build a new pluto.

Pluto still hosted some CSV repositorties like CGIpaf. But it’s time to move the source to a safer place. This will be github.

I also decided to create a blog and I wanted something that integrated well with github. Octopress seems to be the most logical choose. It’s written in ruby which is a nice bonus.

Read more...
Back to top ↑

qjail

Freebsd 9.1 jails with Qjail

4 minute read
Date:


I’m using ezjail now.

The reason for this is that the port is marked as RESTRICTED. Since it seems to be a fork from ezjail without respecting the copyright and license https://lists.freebsd.org/pipermail/freebsd-jail/2013-March/002149.html.

</strong>


I’m adding more services to my freebsd system

I’m coming from the solaris world where it’s a common practice to run services in separated containers for security reasons.

On FreeBSD there are jails to isolate services and improve security.

At first I didn’t like jails the way the freebsd handbook describes it requires a buildworld which takes a long time on my system with a AMD C-60 CPU.

Lucky Qjail makes the deployment a lot easier.

Read more...
Back to top ↑

clang

Back to top ↑

ssd

Back to top ↑

pam

Back to top ↑

zfs

yum update on fedora 19 and zfs on linux

2 minute read
Date:

zfs

I use zfs on linux on fedora now.

The installation was pretty straightforward but after the installation of zfs yum update failed.


[root@vicky etc]# yum update -y
Loaded plugins: langpacks, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
fedora/19/x86_64/metalink                                                                                                                                                                   |  33 kB  00:00:00     
fedora                                                                                                                                                                                      | 4.2 kB  00:00:00     
fedora-chromium-stable                                                                                                                                                                      | 3.4 kB  00:00:00     
google-chrome                                                                                                                                                                               |  951 B  00:00:00     
rpmfusion-free                                                                                                                                                                              | 3.3 kB  00:00:00     
rpmfusion-free-updates                                                                                                                                                                      | 3.3 kB  00:00:00     
rpmfusion-nonfree                                                                                                                                                                           | 3.3 kB  00:00:00     
rpmfusion-nonfree-updates                                                                                                                                                                   | 3.3 kB  00:00:00     
updates/19/x86_64/metalink                                                                                                                                                                  |  30 kB  00:00:00     
updates                                                                                                                                                                                     | 4.4 kB  00:00:00     
zfs                                                                                                                                                                                         | 2.9 kB  00:00:00     
(1/6): fedora-chromium-stable/19/x86_64/primary_db                                                                                                                                          |  20 kB  00:00:00     
(2/6): zfs/19/x86_64/primary_db                                                                                                                                                             | 6.7 kB  00:00:00     
(3/6): updates/19/x86_64/group_gz                                                                                                                                                           | 385 kB  00:00:02     
(4/6): fedora/19/x86_64/group_gz                                                                                                                                                            | 384 kB  00:00:06     
(5/6): updates/19/x86_64/primary_db                                                                                                                                                         | 8.8 MB  00:01:53     
(6/6): fedora/19/x86_64/primary_db                                                                                                                                                          |  17 MB  00:03:34     
(1/10): google-chrome/primary                                                                                                                                                               | 1.9 kB  00:00:00     
(2/10): rpmfusion-free-updates/19/x86_64/primary_db                                                                                                                                         | 217 kB  00:00:01     
(3/10): rpmfusion-nonfree/19/x86_64/primary_db                                                                                                                                              | 149 kB  00:00:00     
(4/10): rpmfusion-free/19/x86_64/primary_db                                                                                                                                                 | 440 kB  00:00:03     
(5/10): rpmfusion-nonfree-updates/19/x86_64/primary_db                                                                              b                                                       |  97 kB  00:00:00     
(6/10): rpmfusion-nonfree-updates/19/x86_64/group_gz                                                                                                                                        |  990 B  00:00:05     
(7/10): rpmfusion-nonfree/19/x86_64/group_gz                                                                                                                                                |  993 B  00:00:07     
(8/10): rpmfusion-free/19/x86_64/group_gz                                                                                                                                                   | 1.6 kB  00:00:07     
(9/10): rpmfusion-free-updates/19/x86_64/group_gz                                                                                                                                           | 1.6 kB  00:00:07     
(10/10): updates/19/x86_64/updateinfo                                                                                                                                                       | 861 kB  00:00:09     
google-chrome                                                                                                                                                                                                  3/3
Resolving Dependencies
--> Running transaction check
---> Package dkms.noarch 0:2.2.0.3-14.zfs1.fc19 will be updated
--> Processing Dependency: dkms = 2.2.0.3-14.zfs1.fc19 for package: zfs-dkms-0.6.2-1.fc19.noarch
---> Package dkms.noarch 0:2.2.0.3-17.fc19 will be an update
--> Finished Dependency Resolution
Error: Package: zfs-dkms-0.6.2-1.fc19.noarch (@zfs)
           Requires: dkms = 2.2.0.3-14.zfs1.fc19
           Removing: dkms-2.2.0.3-14.zfs1.fc19.noarch (@zfs)
               dkms = 2.2.0.3-14.zfs1.fc19
           Updated By: dkms-2.2.0.3-17.fc19.noarch (updates)
               dkms = 2.2.0.3-17.fc19
           Available: dkms-2.2.0.3-5.fc19.noarch (fedora)
               dkms = 2.2.0.3-5.fc19
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@vicky etc]# 

On another fedora system yum update worked fine, after reviewing the differences in the yum configuration it seems that yum-plugin-priorities wasn’t installed on my box. After installing yum-plugin-priorities

[root@vicky etc]# yum install yum-plugin-priorities
Loaded plugins: langpacks, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-priorities.noarch 0:1.1.31-18.fc19 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                                     Arch                                         Version                                              Repository                                     Size
===================================================================================================================================================================================================================
Installing:
 yum-plugin-priorities                                       noarch                                       1.1.31-18.fc19                                       updates                                        22 k

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total download size: 22 k
Installed size: 28 k
Is this ok [y/d/N]: y
Downloading packages:
yum-plugin-priorities-1.1.31-18.fc19.noarch.rpm                                                                                                                                             |  22 kB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : yum-plugin-priorities-1.1.31-18.fc19.noarch                                                                                                                                                     1/1 
  Verifying  : yum-plugin-priorities-1.1.31-18.fc19.noarch                                                                                                                                                     1/1 

Installed:
  yum-plugin-priorities.noarch 0:1.1.31-18.fc19                                                                                                                                                                    

Complete!
[root@vicky etc]# 

And make sure that the zfs has the priority

[root@localhost etc]# cat yum.repos.d/zfs.repo
[zfs]
name=ZFS of Linux for Fedora $releasever
baseurl=http://archive.zfsonlinux.org/fedora/$releasever/$basearch/
enabled=1
priority=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
Requires:       yum-plugin-priorities

[zfs-source]
name=ZFS of Linux for Fedora $releasever - Source
baseurl=http://archive.zfsonlinux.org/fedora/$releasever/SRPMS/
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
[root@vicky etc]# 

yum update works again.

[root@vicky etc]# yum update -y
Loaded plugins: langpacks, priorities, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
2 packages excluded due to repository priority protections
No packages marked for update
[root@vicky etc]# 

Read more...
Back to top ↑

yum

Building Your Own Docker Base Images (Part 3: Yum)

3 minute read
Date:

fedora_logo_small.png

In my previous two posts (1, 2 ), we created Docker Debian and Arch-based images from scratch for the i386 architecture.

In this blog post - last one in this series - we’ll do the same for yum based distributions like CentOS and Fedora.

Building your own Docker base images isn’t difficult and let you trust your distribution Gpg signing keys instead of the docker hub. As explained in the first blog post. The mkimage scripts in the contrib directory of the Moby project git repository is a good place to start if you want to build own docker images.

Read more...

yum update on fedora 19 and zfs on linux

2 minute read
Date:

zfs

I use zfs on linux on fedora now.

The installation was pretty straightforward but after the installation of zfs yum update failed.


[root@vicky etc]# yum update -y
Loaded plugins: langpacks, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
fedora/19/x86_64/metalink                                                                                                                                                                   |  33 kB  00:00:00     
fedora                                                                                                                                                                                      | 4.2 kB  00:00:00     
fedora-chromium-stable                                                                                                                                                                      | 3.4 kB  00:00:00     
google-chrome                                                                                                                                                                               |  951 B  00:00:00     
rpmfusion-free                                                                                                                                                                              | 3.3 kB  00:00:00     
rpmfusion-free-updates                                                                                                                                                                      | 3.3 kB  00:00:00     
rpmfusion-nonfree                                                                                                                                                                           | 3.3 kB  00:00:00     
rpmfusion-nonfree-updates                                                                                                                                                                   | 3.3 kB  00:00:00     
updates/19/x86_64/metalink                                                                                                                                                                  |  30 kB  00:00:00     
updates                                                                                                                                                                                     | 4.4 kB  00:00:00     
zfs                                                                                                                                                                                         | 2.9 kB  00:00:00     
(1/6): fedora-chromium-stable/19/x86_64/primary_db                                                                                                                                          |  20 kB  00:00:00     
(2/6): zfs/19/x86_64/primary_db                                                                                                                                                             | 6.7 kB  00:00:00     
(3/6): updates/19/x86_64/group_gz                                                                                                                                                           | 385 kB  00:00:02     
(4/6): fedora/19/x86_64/group_gz                                                                                                                                                            | 384 kB  00:00:06     
(5/6): updates/19/x86_64/primary_db                                                                                                                                                         | 8.8 MB  00:01:53     
(6/6): fedora/19/x86_64/primary_db                                                                                                                                                          |  17 MB  00:03:34     
(1/10): google-chrome/primary                                                                                                                                                               | 1.9 kB  00:00:00     
(2/10): rpmfusion-free-updates/19/x86_64/primary_db                                                                                                                                         | 217 kB  00:00:01     
(3/10): rpmfusion-nonfree/19/x86_64/primary_db                                                                                                                                              | 149 kB  00:00:00     
(4/10): rpmfusion-free/19/x86_64/primary_db                                                                                                                                                 | 440 kB  00:00:03     
(5/10): rpmfusion-nonfree-updates/19/x86_64/primary_db                                                                              b                                                       |  97 kB  00:00:00     
(6/10): rpmfusion-nonfree-updates/19/x86_64/group_gz                                                                                                                                        |  990 B  00:00:05     
(7/10): rpmfusion-nonfree/19/x86_64/group_gz                                                                                                                                                |  993 B  00:00:07     
(8/10): rpmfusion-free/19/x86_64/group_gz                                                                                                                                                   | 1.6 kB  00:00:07     
(9/10): rpmfusion-free-updates/19/x86_64/group_gz                                                                                                                                           | 1.6 kB  00:00:07     
(10/10): updates/19/x86_64/updateinfo                                                                                                                                                       | 861 kB  00:00:09     
google-chrome                                                                                                                                                                                                  3/3
Resolving Dependencies
--> Running transaction check
---> Package dkms.noarch 0:2.2.0.3-14.zfs1.fc19 will be updated
--> Processing Dependency: dkms = 2.2.0.3-14.zfs1.fc19 for package: zfs-dkms-0.6.2-1.fc19.noarch
---> Package dkms.noarch 0:2.2.0.3-17.fc19 will be an update
--> Finished Dependency Resolution
Error: Package: zfs-dkms-0.6.2-1.fc19.noarch (@zfs)
           Requires: dkms = 2.2.0.3-14.zfs1.fc19
           Removing: dkms-2.2.0.3-14.zfs1.fc19.noarch (@zfs)
               dkms = 2.2.0.3-14.zfs1.fc19
           Updated By: dkms-2.2.0.3-17.fc19.noarch (updates)
               dkms = 2.2.0.3-17.fc19
           Available: dkms-2.2.0.3-5.fc19.noarch (fedora)
               dkms = 2.2.0.3-5.fc19
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@vicky etc]# 

On another fedora system yum update worked fine, after reviewing the differences in the yum configuration it seems that yum-plugin-priorities wasn’t installed on my box. After installing yum-plugin-priorities

[root@vicky etc]# yum install yum-plugin-priorities
Loaded plugins: langpacks, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-priorities.noarch 0:1.1.31-18.fc19 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================
 Package                                                     Arch                                         Version                                              Repository                                     Size
===================================================================================================================================================================================================================
Installing:
 yum-plugin-priorities                                       noarch                                       1.1.31-18.fc19                                       updates                                        22 k

Transaction Summary
===================================================================================================================================================================================================================
Install  1 Package

Total download size: 22 k
Installed size: 28 k
Is this ok [y/d/N]: y
Downloading packages:
yum-plugin-priorities-1.1.31-18.fc19.noarch.rpm                                                                                                                                             |  22 kB  00:00:01     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : yum-plugin-priorities-1.1.31-18.fc19.noarch                                                                                                                                                     1/1 
  Verifying  : yum-plugin-priorities-1.1.31-18.fc19.noarch                                                                                                                                                     1/1 

Installed:
  yum-plugin-priorities.noarch 0:1.1.31-18.fc19                                                                                                                                                                    

Complete!
[root@vicky etc]# 

And make sure that the zfs has the priority

[root@localhost etc]# cat yum.repos.d/zfs.repo
[zfs]
name=ZFS of Linux for Fedora $releasever
baseurl=http://archive.zfsonlinux.org/fedora/$releasever/$basearch/
enabled=1
priority=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
Requires:       yum-plugin-priorities

[zfs-source]
name=ZFS of Linux for Fedora $releasever - Source
baseurl=http://archive.zfsonlinux.org/fedora/$releasever/SRPMS/
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux
[root@vicky etc]# 

yum update works again.

[root@vicky etc]# yum update -y
Loaded plugins: langpacks, priorities, refresh-packagekit
Repository google-chrome is listed more than once in the configuration
2 packages excluded due to repository priority protections
No packages marked for update
[root@vicky etc]# 

Read more...
Back to top ↑

squid

bash saved my day

less than 1 minute read
Date:

I was creating an ugly quick-and-dirty script to setup the squid cache_dir automatically with puppet based on the diskspace and memory available.

When you are developing you sometimes forget to create backups and push it to git, and mistakes are around the corner.

Lucky bash saved my day!

$ ./create_cache_entries.sh  > create_cache_entries.sh 
-bash: ./create_cache_entries.sh: /bin/bash: bad interpreter: Text file busy
$ vi create_cache_entries.sh 

Read more...
Back to top ↑

pfsense

32 bits matters!

1 minute read
Date:

32bits_opnsense.jpg

pfsense 2.3

My firewall is a pcengines alix.

It was running pfsense and was quite happy about it. Pfsense dropped support for 32 bits in their pfsense 2.4 release.

This would left me with a unsupported firewall which was one of the reasons to use pfsense instead of a closed source commercial router.

I could have moved to a new firewall like the pcengines apu but there is no reason to replace hardware that works fine.

The nice thing about opensource software is that we’ve options to choose from if software doesn’t match your usecase we’ve other options to choose from.

OPNsense

Read more...
Back to top ↑

lxc

Setting up OpenStack-Ansible All-In-One on a Centos 7 system

6 minute read
Date:

openstack-logo

Openstack is a nice platform to deploy an Infrastructure as a service and is a collection of projects but it can be a bit difficult to setup. The documentation is really great if you want to setup openstack by hand and there are a few openstack distributions that makes it easier to install it.

Ansible is a very nice tool for system automatisation and is one that’s easier to learn.

ansible-logo-red

Wouldn’t be nice if we could make the openstack installation easier with ansible? That’s exactly what Openstack-Ansible does.

In this blog post we’ll setup “an all-in-one” openstack installation on Centos 7. The installer will install openstack into lxc containers and it’s nice way to learn how openstack works and how to operate it.

Preparation

Read more...

lxc templates in Fedora 20

9 minute read
Date:

I’m a big fan of containers and used them a lot on Solaris and jails on Freebsd. Containers/jails are the fastest way to spinup an new system and the easiest way to isolate services.

As always with virtualization you’ve to careful with sharing systems or containers that doesn’t below to the same customer or service on the same physical machine since you’re never sure which traces are left behind in the memory etc.

Linux containers are getting more popular since the release of docker

When I tried to create a few containers on Fedora 20, the first attempt (a debian container) wasn’t an success.

On a newly create debian container networking didn’t work.

Read more...
Back to top ↑

openbsd

Lookat 1.4.4 released

less than 1 minute read
Date:

Lookat 1.4.4 is the latest stable release of Lookat/Bekijk the userfriendly file browser/viewer.

Read more...
Back to top ↑

hsm

Starting to protect my private keys with SmartCard-Hsm

15 minute read
Date:

I still have too many private keys on a local filesystem, I started to use the yubikey neo for my ssh authentication. Mainly because the nice formfactor of the yubikey.

For my other private keys/data I was looking for something cheeper since I need to have a backup of my secured data so I bought a few Smartcard-HSM smartcards they cost 16 € each while a yubi-key neo cost 54 € at amazon.de

Read more...
Back to top ↑

archlinux

Building your own docker images (Part2: Arch GNU/Linux & Co)

2 minute read
Date:

In my previous post, we started with creating Debian based docker images from scratch for the i386 architecture.

In this blog post, we’ll create Arch GNU/Linux based images.

Arch GNU/Linux

Arch Linux stopped supporting i386 systems. When you want to run Archlinux on an i386 system there is a community maintained Archlinux32 project and the Free software version Parabola GNU/Linux-libre.

For the arm architecture, there is Archlinux Arm project that I used.

Read more...

Install Arch on an encrypted btrfs partition

13 minute read
Date:

Arch

I’m preparing to move my workstation to arch linux Before I’ll install it on my physical workstation I did the installation on a virtual machine. I’ll use btrfs as the filesystem during the installation. btrfs is a nice filesystem but it had some serious dataloss issue with RAID5/RAID6 recently.

btrfs might not stable enough for a production environment but it has some nice features like snapshots, send/recieve, compression etc. I use zfs for my important date anyway.

Read more...
Back to top ↑

btrfs

Install Parabola GNU/Linux on an Encrypted btrfs logical volume

14 minute read
Date:

413px-Gnu10-mascot-logo_100ppi.png

I finally found time to complete the installation of my Libreboot laptop

I decided to give Parabola GNU/Linux a try as my daily driver to get a fully Free Software Laptop/tablet.

Download the Parabola GNU/Linux iso and boot it

After Parabola GNU/Linux is booted verify that you have internet access if the network card is support and dhcp is enabled on you network you should get a network address.

Read more...

Install Arch on an encrypted btrfs partition

13 minute read
Date:

Arch

I’m preparing to move my workstation to arch linux Before I’ll install it on my physical workstation I did the installation on a virtual machine. I’ll use btrfs as the filesystem during the installation. btrfs is a nice filesystem but it had some serious dataloss issue with RAID5/RAID6 recently.

btrfs might not stable enough for a production environment but it has some nice features like snapshots, send/recieve, compression etc. I use zfs for my important date anyway.

Read more...
Back to top ↑

luks

Install Parabola GNU/Linux on an Encrypted btrfs logical volume

14 minute read
Date:

413px-Gnu10-mascot-logo_100ppi.png

I finally found time to complete the installation of my Libreboot laptop

I decided to give Parabola GNU/Linux a try as my daily driver to get a fully Free Software Laptop/tablet.

Download the Parabola GNU/Linux iso and boot it

After Parabola GNU/Linux is booted verify that you have internet access if the network card is support and dhcp is enabled on you network you should get a network address.

Read more...

Install Arch on an encrypted btrfs partition

13 minute read
Date:

Arch

I’m preparing to move my workstation to arch linux Before I’ll install it on my physical workstation I did the installation on a virtual machine. I’ll use btrfs as the filesystem during the installation. btrfs is a nice filesystem but it had some serious dataloss issue with RAID5/RAID6 recently.

btrfs might not stable enough for a production environment but it has some nice features like snapshots, send/recieve, compression etc. I use zfs for my important date anyway.

Read more...
Back to top ↑

thinkpad

How to install libreboot on a ThinkPad W500

12 minute read
Date:

w500 and pi

I got a Lenovo Thinkpad W500 from www.2dehands.be for a nice price.

Actually, I got it a couple of months back but I didn’t have time to play with it and it took some time to get some parts from Aliexpress.

The Thinkpad W500 is probably the most powerful system that is compatible with Libreboot, it has a nice high-resolution display with a 1920 x 1200 resolution which is even a higher screen resolution than the Full HD resolution used on most new laptops today.

Security

Keep in mind that the core duo CPU does not get microcode updates from Intel for [spectre and meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability). There is no solution (currently) for spectre 3a - Rogue System Register Read - CVE-2018-3640 and Spectre 4 - Speculative Store Bypass CVE-2018-3639 without a microcode update.

Binary blobs are bad. Having a closed source binary-only piece of software on your system is not only unacceptable for Free Software activists it also makes it more difficult to review what it really does and makes it more difficult to review it for security concerns.

Having your system vulnerable is also a bad thing of course. Can’t wait to get a computer system with an open CPU architecture like RISC-V.

Preparation

Read more...

How to install libreboot on a ThinkPad X60

13 minute read
Date:


 
I got a ThinkPad x60 (tablet version) from ebay.be to install libreboot on it.
 
I tried to compile libreboot on Debian and Parabola GNU/Linux but both failed, compling Libreboot on Trisquel 7 works fine so I’ll use Trisquel to replace the BIOS with libreboot.
 
I’m not sure that I’ll use Trisquel 7 as my daily driver since it is a bit outdated… I might go with Debian Strech without the non-free repositories to get a fully Free Software Laptop/tablet. I’ll need to replace the Intel wifi adapter since this requires non-free firmware.
 
You’ll find a small howto install libreboot on a Thinkpad X60 below.
 

Thinkpad

Build Libreboot

The latest version of libreboot isn’t available via a binary distribution so I decided to build it from source.

Read more...
Back to top ↑

postgresql

Bacula on FreeBSD (part 2 Bacula Catalog over SSL )

25 minute read
Date:

PostgreSSL

In my previous post, I setup on my PostgresSQL FreeBSD jail, In this post we continue with the bacaula server.

In this post we will continue with the database connection (Catalog) we’ll go the extra mile 1,609344 km and encrypt the catalog connection with ssl. Why? We encrypt.. because we can!

Bacula Components

  • Bacula Director
    The Bacula Director is daemon that runs in the backgroud that control all backup operations.

  • Bacula Console
    The Bacula console is an administrator program that allows an system administrator to control the Bacula director.

  • Bacula File
    The Bacula File is a backup client install on the backup client.

  • Bacula Storage
    The backup media.

  • Catalog
    The Catalog is the index of the backups. Bacula supports three types of index databases mySQL ( mariaDB), PostgreSQL and SQLite

  • Bacula monitor
    A Bacula monitor service is a program that allows the system administrator to cerify the status of the bacula Directors, Bacula File Daemons and Bacula Storage Daemons.

Bacula Server

Read more...

Bacula on FreeBSD (part 1 PostgresSQL in a jail)

9 minute read
Date:

I do take backups; my current solution are couple of shell script wrapper around dump/zfs send/btrfs send/rsync which is a mess. So decided give bacula a try

I use ezjail to manage my FreeBSD jails. PostgresSQL is my favorite database and will use this database as the backend for bacula and will use this database as the backend for bacula. I want to move all my databases to 1 FreeBSD jail this should make the easier to create reliable database backup in the further. For this reason we’ll setup 2 FreeBSD jails 1 for the database and 1 for bacula.

You’ll find my journey of installing PostgreSQL on a FreeBSD jail. In another blog post we will continue with the installation of baccula.

Read more...
Back to top ↑

jenkins

20 core Dual Processor jenkins build workstation

1 minute read
Date:

Xeon


My jenkins builds are taking too long mainly due the lack of memory. I mainly use jenkins to verify that my software work on different operation systems (GNU/Linux distributions / *BSD / Solaris).

Looking for a solution that is still affordable I ended up with building a dual Xeon workstation. CPU and memory comes from www.ebay.be


 

Read more...
Back to top ↑

qemu

High screen resolution on a KVM virtual machine with QXL

4 minute read
Date:

When you create an new virtual KVM virtual system the video ram is limited to 16MB by default to use a higer screen resolution you need to increase the video ram. The available resolution reported by the virtual screen may also not include the resolution that you want to utilize.

You’ll find my journey to enable higher screen resolutions in my KVM (qemu) virtual systems below.

Read more...
Back to top ↑

privacy

DNS Privacy with Stubby (Part 1 GNU/Linux)

9 minute read
Date:

** Installing and configuring an encrypted dns server is straightforward, there is no reason to use an unencrypted dns service. **

DNS is not secure or private

DNS traffic is insecure and runs over UDP port 53 (TCP for zone transfers ) unecrypted by default.

This make your unencrypted DNS traffic a privacy risk and a security risk:

  • anyone that is able to sniff your network traffic can collect a lot information from your leaking DNS traffic.
  • with a DNS spoofing attack an attacker can trick you let go to malicious website or try to intercept your email traffic.

Encrypt your dns traffic

Encrypting your network traffic is always a good idea for privacy and security reasons - ** we encrypt, because we can! ** - . More information about dns privacy can be found at https://dnsprivacy.org/

On this site you’ll find also the DNS Privacy Daemon - Stubby that let’s you send your DNS request over TLS to an alternative DNS provider. You should use a DNS provider that you trust and has a no logging policy. quad9, cloudflare and google dns are well-known alternative dns providers. At https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers you can find a few other options.

You’ll find my journey to setup Stubby on a few operation systems I use (or I’m force to use) below …

GNU/Linux

Read more...
Back to top ↑

openstack

Howto use centos cloud images with cloud-init on KVM/libvirtd

6 minute read
Date:

Images versus unattended setup

Old-school

Unattended setup

In a traditional environment, systems are installed from a CDROM. The configuration is executed by the system administrator through the installer. This soon becomes a borning and unpractical task when we need to set up a lot of systems also it is important that systems are configured in same - and hopefully correct - way.

In a traditional environment, this can be automated by booting via BOOTP/PXE boot and configured is by a system that “feeds” the installer. Examples are:

Read more...

Setting up OpenStack-Ansible All-In-One on a Centos 7 system

6 minute read
Date:

openstack-logo

Openstack is a nice platform to deploy an Infrastructure as a service and is a collection of projects but it can be a bit difficult to setup. The documentation is really great if you want to setup openstack by hand and there are a few openstack distributions that makes it easier to install it.

Ansible is a very nice tool for system automatisation and is one that’s easier to learn.

ansible-logo-red

Wouldn’t be nice if we could make the openstack installation easier with ansible? That’s exactly what Openstack-Ansible does.

In this blog post we’ll setup “an all-in-one” openstack installation on Centos 7. The installer will install openstack into lxc containers and it’s nice way to learn how openstack works and how to operate it.

Preparation

Read more...
Back to top ↑

ubuntu

Howto use centos cloud images with cloud-init on KVM/libvirtd

6 minute read
Date:

Images versus unattended setup

Old-school

Unattended setup

In a traditional environment, systems are installed from a CDROM. The configuration is executed by the system administrator through the installer. This soon becomes a borning and unpractical task when we need to set up a lot of systems also it is important that systems are configured in same - and hopefully correct - way.

In a traditional environment, this can be automated by booting via BOOTP/PXE boot and configured is by a system that “feeds” the installer. Examples are:

Read more...
Back to top ↑

nas

RIP: pluto

less than 1 minute read
Date:

RIP After 10 year, my fileserver pluto died. Pluto was a AMD64 had 1GB RAM and 4 too loud samsung drives (160GB).

( 1 minute silence …. )

I take backups of course ;-) I already ordered the parts to build a new pluto.

Pluto still hosted some CSV repositorties like CGIpaf. But it’s time to move the source to a safer place. This will be github.

I also decided to create a blog and I wanted something that integrated well with github. Octopress seems to be the most logical choose. It’s written in ruby which is a nice bonus.

Read more...
Back to top ↑

ezjail

Back to top ↑

llvm

Back to top ↑

sun

Ide is still alive…

less than 1 minute read
Date:

sta2ide

The dvd drive in my sun blade 1500 workstation broke down. I use this system acausally for some development, it's always handy to have a big endian system at hand.

The dvd drive was still handy to load another operating system on it.
The dvd drive has an ide interface which are hard to get these days…

dvd

I found a ide to sata convertor and a new dvd drive with a sata interface at conrad. This should convert the sata interface to an ide interface without any driver and works with any operating system.

Well let's put this to a test on a sparc system with solaris :-)

on

The installation was pretty straightforward, luckily the dvd rom drive has a plastic back since the converter touches the back of the dvd rom drive.

sun

After a quick test it seems to work like a charm. I might install opensxce on it.

It seems to be the only option to run an opensolaris ancestor on sparc hardware.

Read more...
Back to top ↑

sun blade 1500

Ide is still alive…

less than 1 minute read
Date:

sta2ide

The dvd drive in my sun blade 1500 workstation broke down. I use this system acausally for some development, it's always handy to have a big endian system at hand.

The dvd drive was still handy to load another operating system on it.
The dvd drive has an ide interface which are hard to get these days…

dvd

I found a ide to sata convertor and a new dvd drive with a sata interface at conrad. This should convert the sata interface to an ide interface without any driver and works with any operating system.

Well let's put this to a test on a sparc system with solaris :-)

on

The installation was pretty straightforward, luckily the dvd rom drive has a plastic back since the converter touches the back of the dvd rom drive.

sun

After a quick test it seems to work like a charm. I might install opensxce on it.

It seems to be the only option to run an opensolaris ancestor on sparc hardware.

Read more...
Back to top ↑

ide

Ide is still alive…

less than 1 minute read
Date:

sta2ide

The dvd drive in my sun blade 1500 workstation broke down. I use this system acausally for some development, it's always handy to have a big endian system at hand.

The dvd drive was still handy to load another operating system on it.
The dvd drive has an ide interface which are hard to get these days…

dvd

I found a ide to sata convertor and a new dvd drive with a sata interface at conrad. This should convert the sata interface to an ide interface without any driver and works with any operating system.

Well let's put this to a test on a sparc system with solaris :-)

on

The installation was pretty straightforward, luckily the dvd rom drive has a plastic back since the converter touches the back of the dvd rom drive.

sun

After a quick test it seems to work like a charm. I might install opensxce on it.

It seems to be the only option to run an opensolaris ancestor on sparc hardware.

Read more...
Back to top ↑

sata

Ide is still alive…

less than 1 minute read
Date:

sta2ide

The dvd drive in my sun blade 1500 workstation broke down. I use this system acausally for some development, it's always handy to have a big endian system at hand.

The dvd drive was still handy to load another operating system on it.
The dvd drive has an ide interface which are hard to get these days…

dvd

I found a ide to sata convertor and a new dvd drive with a sata interface at conrad. This should convert the sata interface to an ide interface without any driver and works with any operating system.

Well let's put this to a test on a sparc system with solaris :-)

on

The installation was pretty straightforward, luckily the dvd rom drive has a plastic back since the converter touches the back of the dvd rom drive.

sun

After a quick test it seems to work like a charm. I might install opensxce on it.

It seems to be the only option to run an opensolaris ancestor on sparc hardware.

Read more...
Back to top ↑

opensxce

Ide is still alive…

less than 1 minute read
Date:

sta2ide

The dvd drive in my sun blade 1500 workstation broke down. I use this system acausally for some development, it's always handy to have a big endian system at hand.

The dvd drive was still handy to load another operating system on it.
The dvd drive has an ide interface which are hard to get these days…

dvd

I found a ide to sata convertor and a new dvd drive with a sata interface at conrad. This should convert the sata interface to an ide interface without any driver and works with any operating system.

Well let's put this to a test on a sparc system with solaris :-)

on

The installation was pretty straightforward, luckily the dvd rom drive has a plastic back since the converter touches the back of the dvd rom drive.

sun

After a quick test it seems to work like a charm. I might install opensxce on it.

It seems to be the only option to run an opensolaris ancestor on sparc hardware.

Read more...
Back to top ↑

LLVM

Back to top ↑

smoking

Back to top ↑

intel

Back to top ↑

haswell

Back to top ↑

i7

Back to top ↑

intel i7

Back to top ↑

boottime

Back to top ↑

ovirt

Back to top ↑

kndle

Running kindle on GNU/Linux with wine

less than 1 minute read
Date:

desktop

I enjoy reading ebooks during my train trip to work on my nexus 7.

At home I prefer to read on my monitor since this is bigger.

Most of the time I use epub or pdf for reading, I bought a kindle version of a book from amazon assuming that I could read with amazon cloud reader at home.

Unfortunately this books is not compatible with cloud reader.

Proprietary_formats should be avoid, lesson learned (again).

To read my book at home I decided to give the windows version of kindle on wine a try

The installation was pretty straightforward on Fedora 19.

  • Install wine
[root@vicky ~]# yum install wine
Loaded plugins: langpacks, refresh-packagekit

  • Download Kindle for Window xp

Download it from: http://www.amazon.com/gp/feature.html/ref=kcp_pc_ln_ar?docId=1000426311

  • Run the installer
[swagemakers@vicky ~]$ wine ~/Downloads/KindleForPC-installer.exe 
  • Create kindle startup script
wine $HOME/.wine/drive_c/Program\ Files\ \(x86\)/Amazon/Kindle/Kindle.exe &

Happy reading

but

It’s better to only read ebooks in an open format

Read more...
Back to top ↑

wine

Running kindle on GNU/Linux with wine

less than 1 minute read
Date:

desktop

I enjoy reading ebooks during my train trip to work on my nexus 7.

At home I prefer to read on my monitor since this is bigger.

Most of the time I use epub or pdf for reading, I bought a kindle version of a book from amazon assuming that I could read with amazon cloud reader at home.

Unfortunately this books is not compatible with cloud reader.

Proprietary_formats should be avoid, lesson learned (again).

To read my book at home I decided to give the windows version of kindle on wine a try

The installation was pretty straightforward on Fedora 19.

  • Install wine
[root@vicky ~]# yum install wine
Loaded plugins: langpacks, refresh-packagekit

  • Download Kindle for Window xp

Download it from: http://www.amazon.com/gp/feature.html/ref=kcp_pc_ln_ar?docId=1000426311

  • Run the installer
[swagemakers@vicky ~]$ wine ~/Downloads/KindleForPC-installer.exe 
  • Create kindle startup script
wine $HOME/.wine/drive_c/Program\ Files\ \(x86\)/Amazon/Kindle/Kindle.exe &

Happy reading

but

It’s better to only read ebooks in an open format

Read more...
Back to top ↑

bash

bash saved my day

less than 1 minute read
Date:

I was creating an ugly quick-and-dirty script to setup the squid cache_dir automatically with puppet based on the diskspace and memory available.

When you are developing you sometimes forget to create backups and push it to git, and mistakes are around the corner.

Lucky bash saved my day!

$ ./create_cache_entries.sh  > create_cache_entries.sh 
-bash: ./create_cache_entries.sh: /bin/bash: bad interpreter: Text file busy
$ vi create_cache_entries.sh 

Read more...
Back to top ↑

puppet

bash saved my day

less than 1 minute read
Date:

I was creating an ugly quick-and-dirty script to setup the squid cache_dir automatically with puppet based on the diskspace and memory available.

When you are developing you sometimes forget to create backups and push it to git, and mistakes are around the corner.

Lucky bash saved my day!

$ ./create_cache_entries.sh  > create_cache_entries.sh 
-bash: ./create_cache_entries.sh: /bin/bash: bad interpreter: Text file busy
$ vi create_cache_entries.sh 

Read more...
Back to top ↑

tux

Back to top ↑

2014

Back to top ↑

convertPgsSub

Back to top ↑

wd live

Back to top ↑

mkv

Back to top ↑

monitor

Size matters, but …

less than 1 minute read
Date:

dell2713 Size matters, but … resolution and image quality are as import.

Since I was diagnosed with diabetes I have eyes issues things are getting better recently but I still needs glasses for reading etc.

My “no smoking” Piggy Bank was fat enough for some “eye candy”. I bought a Dell UltraSharp U2713HM a 27 inch WQHD (2560x1440) IPS display.

Compared to the others screens I used to work with the image quality is amazing and the higher resolution give so much more space.

Dell 2713HM images

Read more...
Back to top ↑

dell 2713

Size matters, but …

less than 1 minute read
Date:

dell2713 Size matters, but … resolution and image quality are as import.

Since I was diagnosed with diabetes I have eyes issues things are getting better recently but I still needs glasses for reading etc.

My “no smoking” Piggy Bank was fat enough for some “eye candy”. I bought a Dell UltraSharp U2713HM a 27 inch WQHD (2560x1440) IPS display.

Compared to the others screens I used to work with the image quality is amazing and the higher resolution give so much more space.

Dell 2713HM images

Read more...
Back to top ↑

diabetes

Size matters, but …

less than 1 minute read
Date:

dell2713 Size matters, but … resolution and image quality are as import.

Since I was diagnosed with diabetes I have eyes issues things are getting better recently but I still needs glasses for reading etc.

My “no smoking” Piggy Bank was fat enough for some “eye candy”. I bought a Dell UltraSharp U2713HM a 27 inch WQHD (2560x1440) IPS display.

Compared to the others screens I used to work with the image quality is amazing and the higher resolution give so much more space.

Dell 2713HM images

Read more...
Back to top ↑

no smoking

Size matters, but …

less than 1 minute read
Date:

dell2713 Size matters, but … resolution and image quality are as import.

Since I was diagnosed with diabetes I have eyes issues things are getting better recently but I still needs glasses for reading etc.

My “no smoking” Piggy Bank was fat enough for some “eye candy”. I bought a Dell UltraSharp U2713HM a 27 inch WQHD (2560x1440) IPS display.

Compared to the others screens I used to work with the image quality is amazing and the higher resolution give so much more space.

Dell 2713HM images

Read more...
Back to top ↑

chromecast

Back to top ↑

2015

Back to top ↑

chrome

Run google chrome inside a fedora docker container over ssh

less than 1 minute read
Date:


Update (Mon Jun 8 2015): Running google-chrome inside a docker container isn't stable for me. I switched back to LXC to run google-chrome which seems to be more stable.


Created a docker image to start a docker container with chrome. Destroying the container each time that you start a browser is a easy way to get rid of your cookies and browser history.

Read more...
Back to top ↑

openvas

Openvas 7: adding credentials failed

less than 1 minute read
Date:

I’m creating a new openvas 7 system running centos 7 as a KVM instance.

The installation went fine but it was impossible to create new credentials.

I had a similar issue with my openvas 6 installation, this was resolved by creating the /etc/openvas/gnupg directory and creating the key openvasmd --create-credentials-encryption-key

But on my openvas 7 installation a creation of the encryption key was slooooow. As always Good Randomness is important for creating keys. So I decided to install haveged to get more randomness and hopefully this would speed up key creation.

[root@localhost ~]# yum install haveged

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * atomic: www6.atomicorp.com
 * base: centos.cu.be
 * extras: centos.cu.be
 * updates: centos.cu.be
Package haveged-1.9.1-2.el7.art.x86_64 already installed and latest version
Nothing to do
[root@localhost ~]# 
[root@localhost ~]# systemct list-unit-files --type=service | grep haveged
-bash: systemct: command not found
[root@localhost ~]# systemctl list-unit-files --type=service | grep haveged
haveged.service                             disabled
[root@localhost ~]# systemctl enable haveged
ln -s '/usr/lib/systemd/system/haveged.service' '/etc/systemd/system/multi-user.target.wants/haveged.service'
[root@localhost ~]# systemctl start haveged
[root@localhost ~]# 

The key creation took a only sec.

[root@localhost ~]# openvasmd --create-credentials-encryption-key
Key creation succeeded.
[root@localhost ~]# 

Adding new credentials works like a charm now.

Happy hacking!

Read more...
Back to top ↑

gpg

Back to top ↑

yubikey

Back to top ↑

smartcard

Back to top ↑

ssh

Back to top ↑

pkgng

Back to top ↑

arm

Running Docker on ARM

22 minute read
Date:

odroid

I own an odroid u3 that I used for my media center with xbmc while I like the performance of the Exynos4412 CPU but the drivers for the Mali GPU aren’t opensource.

I like ARM but unfortunatelly a lot of the ARM soc’s have no opensource drivers for the GPU

The manufacturer of the odroid u3 - hardkernel - provides ubuntu 14.04 images with xbmc and mali support. It isn’t possible to get the newer of version of xbmc - now kodi - running, or I didn’t succeed withit. I’ll look for another solution for my media server needs this might be my raspberry pi 1 model B+ that is laying around doing nothing running openelec

odroid

Like I said I like the performance of the ordoid U3 that why I installed archLinuxArm to play with Docker. I could have sticked with Ubuntu 14.04 but with Arch Linux I get more up-to-date software.

The installion was pretty straightforward even the docker installation was the same as on a x86 platform.

Since we are using docker on arm we have to build our own docker base images instead of using the docker registery. I have security concerns about installtion and using unsigned non-verified software anyway. If you build your own image it possible to audit/verify the build process.

Read more...
Back to top ↑

arch

Running Docker on ARM

22 minute read
Date:

odroid

I own an odroid u3 that I used for my media center with xbmc while I like the performance of the Exynos4412 CPU but the drivers for the Mali GPU aren’t opensource.

I like ARM but unfortunatelly a lot of the ARM soc’s have no opensource drivers for the GPU

The manufacturer of the odroid u3 - hardkernel - provides ubuntu 14.04 images with xbmc and mali support. It isn’t possible to get the newer of version of xbmc - now kodi - running, or I didn’t succeed withit. I’ll look for another solution for my media server needs this might be my raspberry pi 1 model B+ that is laying around doing nothing running openelec

odroid

Like I said I like the performance of the ordoid U3 that why I installed archLinuxArm to play with Docker. I could have sticked with Ubuntu 14.04 but with Arch Linux I get more up-to-date software.

The installion was pretty straightforward even the docker installation was the same as on a x86 platform.

Since we are using docker on arm we have to build our own docker base images instead of using the docker registery. I have security concerns about installtion and using unsigned non-verified software anyway. If you build your own image it possible to audit/verify the build process.

Read more...
Back to top ↑

odroid

Running Docker on ARM

22 minute read
Date:

odroid

I own an odroid u3 that I used for my media center with xbmc while I like the performance of the Exynos4412 CPU but the drivers for the Mali GPU aren’t opensource.

I like ARM but unfortunatelly a lot of the ARM soc’s have no opensource drivers for the GPU

The manufacturer of the odroid u3 - hardkernel - provides ubuntu 14.04 images with xbmc and mali support. It isn’t possible to get the newer of version of xbmc - now kodi - running, or I didn’t succeed withit. I’ll look for another solution for my media server needs this might be my raspberry pi 1 model B+ that is laying around doing nothing running openelec

odroid

Like I said I like the performance of the ordoid U3 that why I installed archLinuxArm to play with Docker. I could have sticked with Ubuntu 14.04 but with Arch Linux I get more up-to-date software.

The installion was pretty straightforward even the docker installation was the same as on a x86 platform.

Since we are using docker on arm we have to build our own docker base images instead of using the docker registery. I have security concerns about installtion and using unsigned non-verified software anyway. If you build your own image it possible to audit/verify the build process.

Read more...
Back to top ↑

2016

Back to top ↑

thunderbird

Thunderbird: Importing s/mime certificate failed

3 minute read
Date:

thunderbird

On http://kb.mozillazine.org/Getting_an_SMIME_certificate you get a list of free s/mime certificate.

I ordered a free 30 days certificate at globalsign: https://www.globalsign.com/en/personalsign/trial/

The import of the pkcs12 failed in Thunderbird with the message: “The PKCS #12 operation failed for unknown reasons.”

Searching the internet didn’t provide a solution. To debug this issue I started to extract the private / certificate from the pkcs12 file provided by globalsign and creating a new one.

To execute this command I use an encrypted luks volume.

Create a new pkcs12 file

Read more...
Back to top ↑

2017

Back to top ↑

trisquel

How to install libreboot on a ThinkPad X60

13 minute read
Date:


 
I got a ThinkPad x60 (tablet version) from ebay.be to install libreboot on it.
 
I tried to compile libreboot on Debian and Parabola GNU/Linux but both failed, compling Libreboot on Trisquel 7 works fine so I’ll use Trisquel to replace the BIOS with libreboot.
 
I’m not sure that I’ll use Trisquel 7 as my daily driver since it is a bit outdated… I might go with Debian Strech without the non-free repositories to get a fully Free Software Laptop/tablet. I’ll need to replace the Intel wifi adapter since this requires non-free firmware.
 
You’ll find a small howto install libreboot on a Thinkpad X60 below.
 

Thinkpad

Build Libreboot

The latest version of libreboot isn’t available via a binary distribution so I decided to build it from source.

Read more...
Back to top ↑

x60

How to install libreboot on a ThinkPad X60

13 minute read
Date:


 
I got a ThinkPad x60 (tablet version) from ebay.be to install libreboot on it.
 
I tried to compile libreboot on Debian and Parabola GNU/Linux but both failed, compling Libreboot on Trisquel 7 works fine so I’ll use Trisquel to replace the BIOS with libreboot.
 
I’m not sure that I’ll use Trisquel 7 as my daily driver since it is a bit outdated… I might go with Debian Strech without the non-free repositories to get a fully Free Software Laptop/tablet. I’ll need to replace the Intel wifi adapter since this requires non-free firmware.
 
You’ll find a small howto install libreboot on a Thinkpad X60 below.
 

Thinkpad

Build Libreboot

The latest version of libreboot isn’t available via a binary distribution so I decided to build it from source.

Read more...
Back to top ↑

ssl

Bacula on FreeBSD (part 2 Bacula Catalog over SSL )

25 minute read
Date:

PostgreSSL

In my previous post, I setup on my PostgresSQL FreeBSD jail, In this post we continue with the bacaula server.

In this post we will continue with the database connection (Catalog) we’ll go the extra mile 1,609344 km and encrypt the catalog connection with ssl. Why? We encrypt.. because we can!

Bacula Components

  • Bacula Director
    The Bacula Director is daemon that runs in the backgroud that control all backup operations.

  • Bacula Console
    The Bacula console is an administrator program that allows an system administrator to control the Bacula director.

  • Bacula File
    The Bacula File is a backup client install on the backup client.

  • Bacula Storage
    The backup media.

  • Catalog
    The Catalog is the index of the backups. Bacula supports three types of index databases mySQL ( mariaDB), PostgreSQL and SQLite

  • Bacula monitor
    A Bacula monitor service is a program that allows the system administrator to cerify the status of the bacula Directors, Bacula File Daemons and Bacula Storage Daemons.

Bacula Server

Read more...
Back to top ↑

xeon

20 core Dual Processor jenkins build workstation

1 minute read
Date:

Xeon


My jenkins builds are taking too long mainly due the lack of memory. I mainly use jenkins to verify that my software work on different operation systems (GNU/Linux distributions / *BSD / Solaris).

Looking for a solution that is still affordable I ended up with building a dual Xeon workstation. CPU and memory comes from www.ebay.be


 

Read more...
Back to top ↑

keyboard

model-m tux update…

less than 1 minute read
Date:

modelm_tux_only.jpg

I own a Unicomp model-m keyboard. The keyboard has a nice key feel but it has windows super key(s).


I don’t use super key(s), and would prefer to have a keyboard without it. But when it has super keys I’d rather have it without the windows logo on it so it was time to replace them with the tux version

Read more...
Back to top ↑

modelm

model-m tux update…

less than 1 minute read
Date:

modelm_tux_only.jpg

I own a Unicomp model-m keyboard. The keyboard has a nice key feel but it has windows super key(s).


I don’t use super key(s), and would prefer to have a keyboard without it. But when it has super keys I’d rather have it without the windows logo on it so it was time to replace them with the tux version

Read more...
Back to top ↑

spectre

Update your CPU microcode on Arch Linux

10 minute read
Date:

Meltdown & spectre

With Meldown https://nvd.nist.gov/vuln/detail/CVE-2017-5754, Spectre Variant 1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 and Spectre Variant 2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 out in the wild there is a lot of confusing going about updating microcode.

There is a “Spectre & Meltdown Checker” available at https://github.com/speed47/spectre-meltdown-checker

Usage is very easy just clone the git repository and run the script.

Microcode

Microcode isn’t uploaded to the CPU but loaded during the boot strap of the CPU. Normally the BIOS upload the microcode to the CPU but this can also be done by the by the bootloader, or the operating system kernel.

Read more...
Back to top ↑

meltdown

Update your CPU microcode on Arch Linux

10 minute read
Date:

Meltdown & spectre

With Meldown https://nvd.nist.gov/vuln/detail/CVE-2017-5754, Spectre Variant 1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 and Spectre Variant 2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 out in the wild there is a lot of confusing going about updating microcode.

There is a “Spectre & Meltdown Checker” available at https://github.com/speed47/spectre-meltdown-checker

Usage is very easy just clone the git repository and run the script.

Microcode

Microcode isn’t uploaded to the CPU but loaded during the boot strap of the CPU. Normally the BIOS upload the microcode to the CPU but this can also be done by the by the bootloader, or the operating system kernel.

Read more...
Back to top ↑

arch linux

Update your CPU microcode on Arch Linux

10 minute read
Date:

Meltdown & spectre

With Meldown https://nvd.nist.gov/vuln/detail/CVE-2017-5754, Spectre Variant 1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 and Spectre Variant 2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 out in the wild there is a lot of confusing going about updating microcode.

There is a “Spectre & Meltdown Checker” available at https://github.com/speed47/spectre-meltdown-checker

Usage is very easy just clone the git repository and run the script.

Microcode

Microcode isn’t uploaded to the CPU but loaded during the boot strap of the CPU. Normally the BIOS upload the microcode to the CPU but this can also be done by the by the bootloader, or the operating system kernel.

Read more...
Back to top ↑

microcode

Update your CPU microcode on Arch Linux

10 minute read
Date:

Meltdown & spectre

With Meldown https://nvd.nist.gov/vuln/detail/CVE-2017-5754, Spectre Variant 1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 and Spectre Variant 2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 out in the wild there is a lot of confusing going about updating microcode.

There is a “Spectre & Meltdown Checker” available at https://github.com/speed47/spectre-meltdown-checker

Usage is very easy just clone the git repository and run the script.

Microcode

Microcode isn’t uploaded to the CPU but loaded during the boot strap of the CPU. Normally the BIOS upload the microcode to the CPU but this can also be done by the by the bootloader, or the operating system kernel.

Read more...
Back to top ↑

mail

Postfix smarthost with authentication

1 minute read
Date:

postfix

I used the relay host of my internet provider but this was causing issues since my email was getting mark as SPAM in gmail.
 
It was already on my to-do list to move my outgoing mail to my mail provider also to make it easier to move to another ISP or to implement SPF but was not on the top of my to-do list.
 
My email provider requires authentication, so I needed to reconfigure postfix in my FreeBSD mail jail to use a relay host with authentication.

Read more...
Back to top ↑

postfix

Postfix smarthost with authentication

1 minute read
Date:

postfix

I used the relay host of my internet provider but this was causing issues since my email was getting mark as SPAM in gmail.
 
It was already on my to-do list to move my outgoing mail to my mail provider also to make it easier to move to another ISP or to implement SPF but was not on the top of my to-do list.
 
My email provider requires authentication, so I needed to reconfigure postfix in my FreeBSD mail jail to use a relay host with authentication.

Read more...
Back to top ↑

qxl

High screen resolution on a KVM virtual machine with QXL

4 minute read
Date:

When you create an new virtual KVM virtual system the video ram is limited to 16MB by default to use a higer screen resolution you need to increase the video ram. The available resolution reported by the virtual screen may also not include the resolution that you want to utilize.

You’ll find my journey to enable higher screen resolutions in my KVM (qemu) virtual systems below.

Read more...
Back to top ↑

vdsl

How to start DLM monitoring on a VDSL line in Belgium

less than 1 minute read
Date:

In Belgium/Flanders we have two main internet line providers;

  • telenet the cablenet network provider.
  • proximus is the telephone network provider.

On telephone network there are alternative internet providers but they use the network of proximus.

I switched my internet connection from ADSL to VDSL and switched to a new provider ( edpnet). The internet speed was below the expectations and my modem reported errors on the line. After fixing the internal phone cabbeling in my appartment I wanted the retrigger the DLM monitoring.

The process is explained in the this post https://userbase.be/forum/viewtopic.php?t=48767 at usebase.be

To start the DLM monitoring in Belgium you need to call 0800 22 424 and type in your line number. If you don’t have a proximus phone number the line number is not the same as your phone number. To get your line number you need to connect an analog phone to our line and call 1924 this will read aloud your line number.

** Have fun **

Read more...
Back to top ↑

pcengines

32 bits matters!

1 minute read
Date:

32bits_opnsense.jpg

pfsense 2.3

My firewall is a pcengines alix.

It was running pfsense and was quite happy about it. Pfsense dropped support for 32 bits in their pfsense 2.4 release.

This would left me with a unsupported firewall which was one of the reasons to use pfsense instead of a closed source commercial router.

I could have moved to a new firewall like the pcengines apu but there is no reason to replace hardware that works fine.

The nice thing about opensource software is that we’ve options to choose from if software doesn’t match your usecase we’ve other options to choose from.

OPNsense

Read more...
Back to top ↑

duckdns

32 bits matters!

1 minute read
Date:

32bits_opnsense.jpg

pfsense 2.3

My firewall is a pcengines alix.

It was running pfsense and was quite happy about it. Pfsense dropped support for 32 bits in their pfsense 2.4 release.

This would left me with a unsupported firewall which was one of the reasons to use pfsense instead of a closed source commercial router.

I could have moved to a new firewall like the pcengines apu but there is no reason to replace hardware that works fine.

The nice thing about opensource software is that we’ve options to choose from if software doesn’t match your usecase we’ve other options to choose from.

OPNsense

Read more...
Back to top ↑

vmware

Migrate a windows vmware virtual machine to Linux KVM

6 minute read
Date:

Linux KVM is getting more and more useable for desktop virtualization thanks to the the virtio and QXL/SPICE drivers.

Most Linux distributes have the virtio & QXL drivers you might need to install the spice-vdagent.

On Windows you can download and install the virtio and QXL drivers.

Using the virtio drivers will improve your guest system performance and your virtualization experience.

Read more...
Back to top ↑

unbound

Back to top ↑

stubby

Back to top ↑

dnsmasq

Back to top ↑

2019

Back to top ↑

ansible

Setting up OpenStack-Ansible All-In-One on a Centos 7 system

6 minute read
Date:

openstack-logo

Openstack is a nice platform to deploy an Infrastructure as a service and is a collection of projects but it can be a bit difficult to setup. The documentation is really great if you want to setup openstack by hand and there are a few openstack distributions that makes it easier to install it.

Ansible is a very nice tool for system automatisation and is one that’s easier to learn.

ansible-logo-red

Wouldn’t be nice if we could make the openstack installation easier with ansible? That’s exactly what Openstack-Ansible does.

In this blog post we’ll setup “an all-in-one” openstack installation on Centos 7. The installer will install openstack into lxc containers and it’s nice way to learn how openstack works and how to operate it.

Preparation

Read more...
Back to top ↑

coreboot

How to install libreboot on a ThinkPad W500

12 minute read
Date:

w500 and pi

I got a Lenovo Thinkpad W500 from www.2dehands.be for a nice price.

Actually, I got it a couple of months back but I didn’t have time to play with it and it took some time to get some parts from Aliexpress.

The Thinkpad W500 is probably the most powerful system that is compatible with Libreboot, it has a nice high-resolution display with a 1920 x 1200 resolution which is even a higher screen resolution than the Full HD resolution used on most new laptops today.

Security

Keep in mind that the core duo CPU does not get microcode updates from Intel for [spectre and meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability). There is no solution (currently) for spectre 3a - Rogue System Register Read - CVE-2018-3640 and Spectre 4 - Speculative Store Bypass CVE-2018-3639 without a microcode update.

Binary blobs are bad. Having a closed source binary-only piece of software on your system is not only unacceptable for Free Software activists it also makes it more difficult to review what it really does and makes it more difficult to review it for security concerns.

Having your system vulnerable is also a bad thing of course. Can’t wait to get a computer system with an open CPU architecture like RISC-V.

Preparation

Read more...
Back to top ↑

raspberry-pi

How to install libreboot on a ThinkPad W500

12 minute read
Date:

w500 and pi

I got a Lenovo Thinkpad W500 from www.2dehands.be for a nice price.

Actually, I got it a couple of months back but I didn’t have time to play with it and it took some time to get some parts from Aliexpress.

The Thinkpad W500 is probably the most powerful system that is compatible with Libreboot, it has a nice high-resolution display with a 1920 x 1200 resolution which is even a higher screen resolution than the Full HD resolution used on most new laptops today.

Security

Keep in mind that the core duo CPU does not get microcode updates from Intel for [spectre and meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability). There is no solution (currently) for spectre 3a - Rogue System Register Read - CVE-2018-3640 and Spectre 4 - Speculative Store Bypass CVE-2018-3639 without a microcode update.

Binary blobs are bad. Having a closed source binary-only piece of software on your system is not only unacceptable for Free Software activists it also makes it more difficult to review what it really does and makes it more difficult to review it for security concerns.

Having your system vulnerable is also a bad thing of course. Can’t wait to get a computer system with an open CPU architecture like RISC-V.

Preparation

Read more...
Back to top ↑

bios

How to install libreboot on a ThinkPad W500

12 minute read
Date:

w500 and pi

I got a Lenovo Thinkpad W500 from www.2dehands.be for a nice price.

Actually, I got it a couple of months back but I didn’t have time to play with it and it took some time to get some parts from Aliexpress.

The Thinkpad W500 is probably the most powerful system that is compatible with Libreboot, it has a nice high-resolution display with a 1920 x 1200 resolution which is even a higher screen resolution than the Full HD resolution used on most new laptops today.

Security

Keep in mind that the core duo CPU does not get microcode updates from Intel for [spectre and meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability). There is no solution (currently) for spectre 3a - Rogue System Register Read - CVE-2018-3640 and Spectre 4 - Speculative Store Bypass CVE-2018-3639 without a microcode update.

Binary blobs are bad. Having a closed source binary-only piece of software on your system is not only unacceptable for Free Software activists it also makes it more difficult to review what it really does and makes it more difficult to review it for security concerns.

Having your system vulnerable is also a bad thing of course. Can’t wait to get a computer system with an open CPU architecture like RISC-V.

Preparation

Read more...
Back to top ↑

w500

How to install libreboot on a ThinkPad W500

12 minute read
Date:

w500 and pi

I got a Lenovo Thinkpad W500 from www.2dehands.be for a nice price.

Actually, I got it a couple of months back but I didn’t have time to play with it and it took some time to get some parts from Aliexpress.

The Thinkpad W500 is probably the most powerful system that is compatible with Libreboot, it has a nice high-resolution display with a 1920 x 1200 resolution which is even a higher screen resolution than the Full HD resolution used on most new laptops today.

Security

Keep in mind that the core duo CPU does not get microcode updates from Intel for [spectre and meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability). There is no solution (currently) for spectre 3a - Rogue System Register Read - CVE-2018-3640 and Spectre 4 - Speculative Store Bypass CVE-2018-3639 without a microcode update.

Binary blobs are bad. Having a closed source binary-only piece of software on your system is not only unacceptable for Free Software activists it also makes it more difficult to review what it really does and makes it more difficult to review it for security concerns.

Having your system vulnerable is also a bad thing of course. Can’t wait to get a computer system with an open CPU architecture like RISC-V.

Preparation

Read more...
Back to top ↑

flashrom

How to install libreboot on a ThinkPad W500

12 minute read
Date:

w500 and pi

I got a Lenovo Thinkpad W500 from www.2dehands.be for a nice price.

Actually, I got it a couple of months back but I didn’t have time to play with it and it took some time to get some parts from Aliexpress.

The Thinkpad W500 is probably the most powerful system that is compatible with Libreboot, it has a nice high-resolution display with a 1920 x 1200 resolution which is even a higher screen resolution than the Full HD resolution used on most new laptops today.

Security

Keep in mind that the core duo CPU does not get microcode updates from Intel for [spectre and meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability). There is no solution (currently) for spectre 3a - Rogue System Register Read - CVE-2018-3640 and Spectre 4 - Speculative Store Bypass CVE-2018-3639 without a microcode update.

Binary blobs are bad. Having a closed source binary-only piece of software on your system is not only unacceptable for Free Software activists it also makes it more difficult to review what it really does and makes it more difficult to review it for security concerns.

Having your system vulnerable is also a bad thing of course. Can’t wait to get a computer system with an open CPU architecture like RISC-V.

Preparation

Read more...
Back to top ↑

cloud-init

Howto use centos cloud images with cloud-init on KVM/libvirtd

6 minute read
Date:

Images versus unattended setup

Old-school

Unattended setup

In a traditional environment, systems are installed from a CDROM. The configuration is executed by the system administrator through the installer. This soon becomes a borning and unpractical task when we need to set up a lot of systems also it is important that systems are configured in same - and hopefully correct - way.

In a traditional environment, this can be automated by booting via BOOTP/PXE boot and configured is by a system that “feeds” the installer. Examples are:

Read more...
Back to top ↑

cloud

Howto use centos cloud images with cloud-init on KVM/libvirtd

6 minute read
Date:

Images versus unattended setup

Old-school

Unattended setup

In a traditional environment, systems are installed from a CDROM. The configuration is executed by the system administrator through the installer. This soon becomes a borning and unpractical task when we need to set up a lot of systems also it is important that systems are configured in same - and hopefully correct - way.

In a traditional environment, this can be automated by booting via BOOTP/PXE boot and configured is by a system that “feeds” the installer. Examples are:

Read more...
Back to top ↑

octopress

Migrate from octopress to jekyll

2 minute read
Date:

octopress_logo I migrated my blog from Octopress to Jekyll. The primary reason is that octopress isn’t maintained any more. I’m sure its great theme will live on in a lot of projects.

I like static webpage creators, they allow you to create nice websites without the need to have any code on the remote website. Anything that runs code has the possibility to be cracked, having a static website limit the attack vectors. You still need to protect the upload of the website and the system(s) that hosts your site of course.

Read more...
Back to top ↑

jekyll

Migrate from octopress to jekyll

2 minute read
Date:

octopress_logo I migrated my blog from Octopress to Jekyll. The primary reason is that octopress isn’t maintained any more. I’m sure its great theme will live on in a lot of projects.

I like static webpage creators, they allow you to create nice websites without the need to have any code on the remote website. Anything that runs code has the possibility to be cracked, having a static website limit the attack vectors. You still need to protect the upload of the website and the system(s) that hosts your site of course.

Read more...
Back to top ↑