Next week, a colleague and I will present our current load balancing setup at HAProxyConf. At UPB we have an active-active setup with HAProxy and anycast in place, that scales quite nicely. A short abstract of our presentation is available here [1]. I will publish a link to the video …
read moreOther articles
Working with gopass
I recently discovered gopass as a nifty tool for managing passwords. Because I also moved my GPG key to a nitrokey, I now have a rather secure approach to managing passwords.
Of course, there are several drawbacks to gopass, if you don't have a HSM that needs physical approval of …
read moreNotes on Thread Safety
We recently had a problem with our central config management. Two identically configured servers sometimes got bad config files and assigned wrong listening ports. The errors seemed to flap and a very loose correlation to a time window could be seen as well.
After days of debugging a colleague of …
read moreThoughts on Kerberos Two-Factor-Authentication with TOTP
Kerberos itself is a neat protocol when you disregard some security problems and its misuse of the HTTP protocol when authenticating through it. At work, we wanted to deploy a Two-Factor-Authentication using TOTP. We already have a nice TOTP-API in place that can store and validate Tokens using our central …
read moreIPv6 Prefix Delegation and iptables
Maybe you have encountered the same problem. You have a dual-stack home connection and are used to having NAT + port forwards in your firewall to allow external access. This only works with v6 if you have static addresses, but with ipv6-pd your prefix will change from time to time, depending …
read moreTwo-Disk Layout for VMs
If you are an administrator and you manage multiple Debian VMs then you might have heard of this problem:
DISK CRITICAL - free space: / 2474 MB (10% inode=73%);
But what to do? Resizing the disk can be done while the VM is running, but usually the Linux kernel will prevent …
read moreThe Beauty of Bcfg2
Page 1 / 1