/techblog

If you rely on SSL/TLS certificates and you have a slew of services to maintain online, things can quickly get out of hand. If you don’t have the time or the resources to keep up to speed with what ciphers to disable or what techniques to employ server-side, you might quickly fall prey to the next “Exploit with a Logo”. Heartbleed, Beast, Poodle and friends come to mind.

The guys at Mozilla have taken measures to give all of us ... [continue reading]

The Varnish Cache project recently released varnish-5.0, and Varnish Software released hitch-1.4.1. I have wrapped packages for Fedora and EPEL.

The World is running out of IPv4 addresses, but luckily, we have IPv6 here now, and running the whole data center on IPv6 only is not just happening, it’s becoming the standard. But what if you have an app, a daemon, or a container that actually needs IPv4 connectivity? Then you may use 464XLAT to provide an IPv4 tunnel through your IPv6 only infrastructure. Clatd is one component in 464XLAT.

On a laptop, per-distribution network tools like ifupdown, network-scripts and netcfg are a bit limiting. NetworkManager is a reasonable solution to roaming and using multiple networks, but for those of us who don’t run environments like GNOME, it’s a little opaque, even now that it has nmcli.

Systemd ... [continue reading]

Given the focus on security breaches leaking account information the last few years, we have taken a fresh look at how secure our LDAP passwords really are, and if we can let OpenLDAP use a modern hash algorithm.

Why Btrfs?

Btrfs is full of new features to take advantage of, such as copy-on-write, storage pools, checksums, support for 16 exabyte file-systems, online grow and shrink, and space-efficient live snapshots. So, if you are used to mange storage with LVM and RAID, Btrfs can replace ... [continue reading]

The Varnish Cache project recently released varnish-4.1.3 and varnish-modules-0.9.1. Of course, we want updated RPMs for Fedora and EPEL.

So, management wants a microsite for blog-entries ASAP, while the techs wants to use tools they are used to - markdown and git. On top of that, we have a limited spare time for implementing a new solution.

In the intersection of that lies Jekyll!

Performance tuning is done to increase system performance, reduce power usage or to ease the application impact on the rest of the system. If done prematurely, or without any measurements, performance tuning may, of course, have the opposite effect.

But done systematically, performance tuning can be more of a science than an art form.

The method

Start by figuring out what the “normal” situation is.

Look for potential performance issues, and adjust tuning parameters to fix them. Look for ... [continue reading]

Logging the elapse time in the web server access log can be very useful for statistics and problem solving. I usually throw it in at the end of the log line (that’s generally compatible with existing log-analysis tools like awstats), and on a keyword=value format so that it’s easy to grep out. There is a small performance cost, though.

The elapse time includes everything - when filtering out log lines with high elapse-time you may typically find mobile clients downloadi ... [continue reading]