The most common firewall setups reject inbound traffic initiated from the internet as such, but let all traffic pass through as long as the connection was initiated from the intranet. I strongly believe that such firewalls are overrated and that it makes as much sense (maybe even more sense) to filter outbound traffic.

The Log4Shell case

Yesterday some of us got quite busy with patching things and searching for vulnerable software due to the Log4Shell 0-day exploit. This ... [continue reading]

TLDR: Jump to the end for the quick explanations of how to do this.

At Redpill Linpro we use Zimbra for our email hosting.

It has the same email and calendar functionality as Microsoft Exchange, so it’s a great alternative to Office 365. Especially if you don’t want to have your data stored in Microsoft’s datacenters.

But if you like to use Microsoft Office, it’s not directly intuitive to get Outlook fully integrated with Zimbra. If you try to ... [continue reading]

Pipewire, the new default audio subsystem in Fedora 34, introduces support for the mSBC audio codec for the Bluetooth Headset Profile (HSP), which is used for transmitting bi-directional audio to/from Bluetooth headsets. The mSBC codec provides greatly improved audio quality over the CVSD, the default codec used with HSP. If you are using a Bluetooth headset to participate in teleconferences, you will most definitively want to use mSBC if your headset supports it. Your colleagues will sound better ... [continue reading]

GraphQL is a modern approach to APIs that simplifies integrations. This is an introduction to what GraphQL is, and we build a simple GraphQL service with the help of Vert.X.

What you’ll need to follow along

This introduction will barely scratch the surface of the potential and power that GraphQL together with Vert.X offers. Understanding of programming and the REST protocol is assumed.

Make sure to have the following installed:

  • JDK 8+
  • Maven
  • IDE

Source code for ... [continue reading]

Getting a single random row, or a few rows, from a table in order to get representative data for example is a frequent need. The most common way to do this in PostgreSQL is using ORDER BY random() like:

SELECT id FROM data ORDER BY random() LIMIT 1 

But when run on a large table this can be very slow. Jonathan Katz mentioned a ... [continue reading]

Backup verification for Veeam Agent for Windows

As mentioned in my previous post, we have some interesting projects involving Hyper-V. One of them being a way to automatically verify that our Windows server backups are functional.

This post is about how we’ve set that up.

TLDR: check the script on github

Windows backup on OpenStack

Our main virtualization platform is OpenStack, which is awesome. And while we try to mostly utilize open-source solutions, there are times when that’s just not the best way to ... [continue reading]

TLDR: Jump to the end for the XML tags we found necessary to get this working.

We have a few projects coming up where we for different and exciting reasons need to use Hyper-V. But running Hyper-V on bare-metal would in this case take up more resources than reasonable for us, so we’re nesting it inside one of our kvm clusters.

But getting Hyper-V 2019 to actually run steadily using nested virtualization inside of qemu-kvm provided some challenges that turned ... [continue reading]

Finalizing the VPC template

I want to wrap up the VPC template from the previous blog entry “Moving forward with Cloudformation templates”

What we ended up with there was a VPC with a Private and a Public Subnet in 3 Availability Zones.

Now I want to start to use the Outputs section of the template.

And when that has been introduced, I want to use Nested Stacks

Why Outputs?

When we create a VPC with the template from the last ... [continue reading]

Clojure is a really nice, dynamic programming language on the Java virtual machine. It gives you the expressivity of a lisp, full interop with the whole Java/Kotlin/Scala ecosystem of libraries, a battle-hardened VM, and it’s elegant.

The downside is that it runs on the JVM and has to pay a heavy cold start penalty. We can fix that, using GraalVM, and have our cake, eat it, and space-time fold it too.

We will be using a few containers, podman and GraalVM’s native-image ... [continue reading]

Free Software and Open Source: Get involved

Contributing to Free Software using Open Source methodics may look like intimidating deep expert work. But it doesn’t have to be that. Most Free Software communities are friendly to newcomers, and welcome all kind of contributions

... [continue reading]