Other articles

  1. Speaking at HAProxyConf

    Do 07 November 2019 | tags: tech

    Next week, a colleague and I will present our current load balancing setup at HAProxyConf. At UPB we have an active-active setup with HAProxy and anycast in place, that scales quite nicely. A short abstract of our presentation is available here [1]. I will publish a link to the video …

    read more
  2. Working with gopass

    Mo 11 März 2019 | tags: tech

    I recently discovered gopass as a nifty tool for managing passwords. Because I also moved my GPG key to a nitrokey, I now have a rather secure approach to managing passwords.

    Of course, there are several drawbacks to gopass, if you don't have a HSM that needs physical approval of …

    read more
  3. Personal#2 - Server Migration

    Today, I moved my hosting to a newer platform. This went surprisingly well, because I ignored all safety precautions I usually take. I simply called my new machine the same and set the DNS TTL to 300 beforehand. This way, I could simply rsync my old machine to the new …

    read more
  4. Notes on Thread Safety

    We recently had a problem with our central config management. Two identically configured servers sometimes got bad config files and assigned wrong listening ports. The errors seemed to flap and a very loose correlation to a time window could be seen as well.

    After days of debugging a colleague of …

    read more
  5. Thoughts on Kerberos Two-Factor-Authentication with TOTP

    Do 10 Januar 2019 | tags: tech

    Kerberos itself is a neat protocol when you disregard some security problems and its misuse of the HTTP protocol when authenticating through it. At work, we wanted to deploy a Two-Factor-Authentication using TOTP. We already have a nice TOTP-API in place that can store and validate Tokens using our central …

    read more
  6. IPv6 Prefix Delegation and iptables

    Maybe you have encountered the same problem. You have a dual-stack home connection and are used to having NAT + port forwards in your firewall to allow external access. This only works with v6 if you have static addresses, but with ipv6-pd your prefix will change from time to time, depending …

    read more
  7. Two-Disk Layout for VMs

    If you are an administrator and you manage multiple Debian VMs then you might have heard of this problem:

    DISK CRITICAL - free space: / 2474 MB (10% inode=73%);

    But what to do? Resizing the disk can be done while the VM is running, but usually the Linux kernel will prevent …

    read more
  8. The Beauty of Bcfg2

    Mi 08 August 2018 | tags: bcfg2

    At work, I often use bcfg2. Most people ask what the hell it even is. bcfg2 is a very mature configuration management system. It is a competitor to the alternatives like salt, ansible, chef, or puppet.

    It utilizes an agent that is usually run using cron or systemd.timer-units …

    read more
  9. Personal#1

    Mi 08 August 2018 | tags: first

    I always wanted a blog. Now I have one. Let's see how far I can take this project.

    read more

Page 1 / 1

social