/techblog

The network is a very proprietary place. When you buy an IP router or an Ethernet switch, what you’re really buying is a tightly integrated bundle of hardware and software.

Mixing and matching software and hardware components in order to design a network infrastructure tailored to your precise set of requirements is something that has previously been completely unheard of.

For example, imagine that you’ve found a Cisco Systems switch that has the exact hardware specifications you’re after. However, ... [continue reading]

If you rely on SSL/TLS certificates and you have a slew of services to maintain online, things can quickly get out of hand. If you don’t have the time or the resources to keep up to speed with what ciphers to disable or what techniques to employ server-side, you might quickly fall prey to the next “Exploit with a Logo”. Heartbleed, Beast, Poodle and friends come to mind.

The guys at Mozilla have taken measures to give all of us ... [continue reading]

The Varnish Cache project recently released varnish-5.0, and Varnish Software released hitch-1.4.1. I have wrapped packages for Fedora and EPEL.

The World is running out of IPv4 addresses, but luckily, we have IPv6 here now, and running the whole data center on IPv6 only is not just happening, it’s becoming the standard. But what if you have an app, a daemon, or a container that actually needs IPv4 connectivity? Then you may use 464XLAT to provide an IPv4 tunnel through your IPv6 only infrastructure. Clatd is one component in 464XLAT.

On a laptop, per-distribution network tools like ifupdown, network-scripts and netcfg are a bit limiting. NetworkManager is a reasonable solution to roaming and using multiple networks, but for those of us who don’t run environments like GNOME, it’s a little opaque, even now that it has nmcli.

Systemd ... [continue reading]

Given the focus on security breaches leaking account information the last few years, we have taken a fresh look at how secure our LDAP passwords really are, and if we can let OpenLDAP use a modern hash algorithm.

Why Btrfs?

Btrfs is full of new features to take advantage of, such as copy-on-write, storage pools, checksums, support for 16 exabyte file-systems, online grow and shrink, and space-efficient live snapshots. So, if you are used to mange storage with LVM and RAID, Btrfs can replace ... [continue reading]

The Varnish Cache project recently released varnish-4.1.3 and varnish-modules-0.9.1. Of course, we want updated RPMs for Fedora and EPEL.

So, management wants a microsite for blog-entries ASAP, while the techs wants to use tools they are used to - markdown and git. On top of that, we have a limited spare time for implementing a new solution.

In the intersection of that lies Jekyll!

Performance tuning is done to increase system performance, reduce power usage or to ease the application impact on the rest of the system. If done prematurely, or without any measurements, performance tuning may, of course, have the opposite effect.

But done systematically, performance tuning can be more of a science than an art form.

The method

Start by figuring out what the “normal” situation is.

Look for potential performance issues, and adjust tuning parameters to fix them. Look for ... [continue reading]