About

I'm a Linux/Unix sysadmin with experience in High Availability, scaling and clustering, security, (Open)SSL and general linux system administration. I've worked as a sysadmin (devops) for Certificate Authorities, Hospitals, Managed Service providers, Datacenters Development shops and large Internet Service providers. I currently work for an Openstack provider. I like to design, build and manage large, complex and high available systems. I like to work with configuration management tools and version control systems. Documentation, monitoring and backups are things I do first, not when the time allows it later.
This is my personal website, please do note that these articles do not reflect opinions or policies of any of my (previous) employers, only my personal one.


Latest Items

Stong SSL Security on lighttpd

25-03-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the lighttpd webserver. We do this by disabling SSL Compression to mitigate the CRIME attack, disable SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also set up HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A on the Qually Labs SSL Test.

Read more...

Strong SSL Security on nginx

25-03-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the nginx webserver. We do this by disabling SSL Compression to mitigate the CRIME attack, disable SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also enable HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A on the Qually Labs SSL Test.

Read more...

systemd: Don't fear change

25-03-2015 | Jonathan Roberts

This article talks about systemd in Red Hat Enterprise Linux / CentOS 7. It gives some usage examples and talks about the differences between systemd, upstart and sysvinit.

Read more...

Strong SSL Security on Apache2

25-03-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the Apache2 webserver. We do this by disabling SSL Compression to mitigate the CRIME attack, disable SSLv3 and below because of vulnerabilities in the protocol and we will set up a ciphersuite that enables Forward Secrecy when possible. We also set up HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A on the Qually Labs SSL Test.

Read more...

Keep messages secure with GPG

22-03-2015 | Ben Everard

This article shows you how to get started with GPG and Mailvelope. It discusses public/private key crypto and shows you how to use the Mailvelope software to encrypt and decrypt GPG messages on any webmail provider.

Read more...

OpenSSL: Manually verify a certificate against a CRL

22-03-2015 | Remy van Elst

This article shows you how to manually verfify a certificate against a CRL. CRL stands for Certificate Revocation List and is one way to validate a certificate status. It is an alternative to the OCSP, Online Certificate Status Protocol.

Read more...

How I got a valid SSL certificate for my ISP's main domain, xs4all.nl

21-03-2015 | Remy van Elst

I got a valid SSL certificate for a domain that is not mine by creating an email alias. In this article I'll explain what happened, why that was possible and how we all can prevent this.

Read more...

Olimex OlinuXino A20 LIME2 mainline 4.0.0 kernel, u-boot and debian rootfs image building tutorial

21-03-2015 | Remy van Elst

The Olimex OlinuXino A20 LIME2 is an amazing, powerfull and cheap open source ARM development board. It costs EUR 45, and has 160 GPIO pins. This is a guide to build a linux image with Debian and the mainline 4.0.0 kernel for the Olimex A20-Lime2 board, from scratch. By default it comes with an 3.4 kernel with binary blobs and patches from Allwinner. Recently the mainline kernel has gained support for these boards, you can now run and use the mainline kernel without these awfull non-free binary blobs.

Read more...

Automating Openstack with cloud init run a script on VM's first boot

11-03-2015 | Remy van Elst

This tutorial will show you how to create a VM in Openstack and execute a script at the first boot using cloud-init's user-data feature. This way you can eliminate some more manual labor and keep a small base image, instead of requiring all kinds of specific images for specific tasks. This tutorial will also give you a few example scripts to use with cloud-init and to create Openstack virtual machines from the command line.

Read more...

Build a Flexible and Powerful System with Arch Linux

09-03-2015 | Graham Morrison

This article covers the basic installation and configuration of Arch Linux, the distro that adheres to the Keep It Simple, Stupid principle. Arch Linux is a rolling release, that means that you always have the latest and greatest software. With Arch, you're on your own. In a world where where technology is taking your personal responsibility and giving it to the cloud, or to an internet search filter or the device manufacturers, getting your hands dirty with an operating system can be a revelation. Not only will you learn a great deal about how Linux works and what holds the whole thing together, you'll get a system you understand from the inside-out, and one that can be instantly upgraded to all the latest packages. You may also learn something about yourself in the process. And despite its reputation, it's not that difficult.

Read more...

Ada Lovelace and The Analytical Engine

09-03-2015 | Juliet Kemp

This article discusses an important piece of computing history, the Analytical Engine. It was designed by Charles Babbage. The history of Ada Lovelace is also covered, she also worked on and programmed the Analytical Engine. This article explains how the Analytical Engine works and gives us a few example programs. It also covers the calculation of the Bernoulli numbers with the Analytical Engine.

Read more...

Solve word puzzles with bash

08-03-2015 | Ben Everard

This article shows you how to solve word puzzles with Bash. It covers the grep tool including regular expressions to solve different kinds of word puzzles.

Read more...

Python: build dynamic web pages

08-03-2015 | Ben Everard

This article shows you various ways of creating a dynamic webpage. It covers iframes, widgets and a few Python modules including Tornado, feedparser and JSON. We'll build a page which has RSS feeds, the weather and the current exchange rates.

Read more...

Euclid's algorithm: recursion and python

08-03-2015 | Graham Morrison

This article talks about Euclids Algorithm. The problem that Euclid's algorithm solves is easy enough to understand: what is the largest common divisor of two integers? Take the numbers 100 and 80, for example: what's the largest number that divides into both? It walks us through Python example code explaining the function.

Read more...

Openstack Glance Image Download, download Openstack images

25-02-2015 | Remy van Elst

This guide shows you how download Openstack Images to your local machine using the command line Glance client. You can use this, for example, to download a copy of an image created from a VM, or to download the images your Openstack provider provides and adapt those.

Read more...

Installing Virtual Machines with virt-install, plus copy pastable distro install one-liners

08-02-2015 | Remy van Elst

virt-install is a command line tool for creating new KVM , Xen or Linux container guests using the libvirt hypervisor management library. It allows you to create a VM and start an installation from the command line. This article has a few copy pastable getting started examples for different distro's.

Read more...

Remove Installatron from a (Directadmin) server

08-02-2015 | Remy van Elst

This is a short guide which shows you how to remove Installatron from a server.

Read more...

Raspberry Pi FM radio transmitter with Buttons

04-02-2015 | Remy van Elst

The PiFM project allows you to use a Raspberry Pi to send out a WAV file on the FM band. This is awesome because every normal radio then can receive your music/podcast without expensive (sonos) equipment. I've used a lasercutter to craft a new top plate for my Pi which has room for three buttons. These are hooked up to a python script which allows me to start and stop the transmission, and skip or go back songs. It also allows me to shut down the Pi instead of just pulling the power cable.

Read more...

Olimex OlinuXino A20 LIME2 Minimal Debian 7 Image

28-01-2015 | Remy van Elst

The Olimex OlinuXino A20 LIME2 is an amazing, powerfull and cheap open source ARM development board. It costs EUR 45, and has 160 GPIO pins. The default Debian image from OlimeX is quite huge and bloated, over 2,5 GB, with X and all. I do not want a huge image, so I stripped it down to a 200 MB image with only dhcp and ssh and a few basic tools. It uses about 15 MB of RAM. This image allows you to start with almost nothing and build up only what you need.

Read more...

OpenVZ/Proxmox - pre-backup all container dump script

18-01-2015 | Remy van Elst

This simple script creates a vzdump of all the OpenVZ containers on a machine. It can be used before an actual backup, in my case the actual backup excludes the container path /var/lib/vz/private. This because a dump is easier to backup because it has much less files in it.

Read more...

Filtering IMAP mail with imapfilter

17-01-2015 | Remy van Elst

I have several email accounts at different providers. Most of them don't offer filtering capabilites like Sieve, or only their own non exportable rule system (Google Apps). My mail client of choice, Thunderbird, has filtering capabilities but my phone has not and I don't want to leave my machine running Thunderbird all the time since it gets quite slow with huge mailboxes. Imapfilter is a mail filtering utility written in Lua which connects to one or more IMAP accounts and filters on the server using IMAP queries. It is a lightweight command line utility, the configuration can be versioned and is simple text and it is very fast.

Read more...

All Items