About

I'm a Linux/Unix sysadmin with experience in High Availability, scaling and clustering, security, (Open)SSL and general linux system administration. I've worked as a sysadmin (devops) for Certificate Authorities, Hospitals, Managed Service providers, Datacenters Development shops and large Internet Service providers. I currently work for an Openstack provider. I like to design, build and manage large, complex and high available systems. I like to work with configuration management tools and version control systems. Documentation, monitoring and backups are things I do first, not when the time allows it later.
This is my personal website, please do note that these articles do not reflect opinions or policies of any of my (previous) employers, only my personal one.


Latest Items

Running TSS/8 on the DEC PiDP-8/i and SIMH

26-07-2015 | Remy van Elst

In this guide I'll show you how run the TSS/8 operating system on the PiDP replica by Oscar Vermeulen, and on SIMH on any other computer. I'll also cover a few basic commands like the editor, user management and system information. TSS-8 was a little time-sharing operating system released in 1968 and requires a minimum of 12K words of memory and a swapping device; on a 24K word machine, it supports up to 17 users. Each user gets a virtual 4K PDP-8; many of the utilities users ran on these virtual machines were only slightly modified versions of utilities from the Disk Monitor System or paper-tape environments. Internally, TSS-8 consists of RMON, the resident monitor, DMON, the disk monitor (file system), and KMON, the keyboard monitor (command shell). BASIC was well supported, while restricted (4K) versions of FORTRAN D and Algol were available.

Read more...

Running Adventure on the DEC PDP-8 with SIMH

23-07-2015 | Remy van Elst

In this guide I'll show you how run the classic Colossal Cave Adventure game on a PDP-8, emulated by the SIMH emulator. The PDP-8 was an 12 bit minicomputer made in 1964 by DEC, the Digital Equipment Corporation. We will install and set up SIMH, the emulator with a RK05 diskimage running OS/8. We will use FORTRAN on OS/8 to load ADVENTURE, then we use our brain to play the game. As a bonus, I also show you how to edit files using EDIT, and show you a bit of the OS/8 system.

Read more...

Find all services using libssl to restart after an OpenSSL update

14-07-2015 | Remy van Elst

When you update OpenSSL, the software that currently has the ssl libraries loaded in memory do not automatically load the updated libraries. A full system reboot resolves that problem, but sometimes that is not possible. This command shows you all the software that has loaded the libraries, allowing you to restart only those services. If you don't restart or reload after an update, the software might still be vulnerable to issues that the update fixed.

Read more...

Stong SSL Security on lighttpd

14-06-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the lighttpd webserver. We do this by updating OpenSSL to the latest version to mitigate attacks like Heartbleed, disabling SSL Compression and EXPORT ciphers to mitigate attacks like FREAK, CRIME and LogJAM, disabling SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also enable HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A+ on the Qually Labs SSL Test.

Read more...

Strong SSL Security on nginx

14-06-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the nginx webserver. We do this by updating OpenSSL to the latest version to mitigate attacks like Heartbleed, disabling SSL Compression and EXPORT ciphers to mitigate attacks like FREAK, CRIME and LogJAM, disabling SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also enable HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A+ on the Qually Labs SSL Test.

Read more...

Strong SSL Security on Apache2

14-06-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the Apache2 webserver. We do this by updating OpenSSL to the latest version to mitigate attacks like Heartbleed, disabling SSL Compression and EXPORT ciphers to mitigate attacks like FREAK, CRIME and LogJAM, disabling SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also enable HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A+ on the Qually Labs SSL Test.

Read more...

Openstack - (Manually) migrating (KVM) Nova compute virtual machines

13-06-2015 | Remy van Elst

This guide shows you how to migrate KVM virtual machines with the Openstack Nova compute service, either manually or with the Openstack tooling. Openstack provides a few different ways to migrate virtual machines from one compute node to another. Each option has different requirements and restrictions, for example, you can't live-migrate without shared storage. You can't live-migrate if you have a configdrive enabled. You can't select the target host if you use the nova migrate (non-live) command etc. This article describes the most common migration scenario's including live and manual migration using native linux tools.

Read more...

The awesomely epic guide to KDE

04-05-2015 | Graham Morrison

This article shows gives an overview of the major KDE features like font management, visual effects, file management, eye candy, the panels, the task switcer and more great KDE stuff.

Read more...

Filing Effective Bug Reports

03-05-2015 | Ben Everard

This article shows you how to report bugs properly and help open source projects by doing so. It explains the things that help create a good bug report, one on which the developers can actually work on. It also explains the process of bug reporting, what happens after you've did the initial report?

Read more...

Raspberry Pi Arcade Machine

03-05-2015 | Graham Morrison

This article shows you how to build your own full size arcade machine using a Raspberry Pi. It involves a real, full size arcade cabinet, a converter device called a J-Pac and the MAME emulator software.

Read more...

OpenSSL command line Root and Intermediate CA including OCSP, CRL and revocation

31-03-2015 | Remy van Elst

These are quick and dirty notes on generating a certificate authority (CA), intermediate certificate authorities and end certificates using the OpenSSL command line tools. It includes OCSP, CRL and CA Issuer information and specific issue and expiry dates. We'll set up our own root CA. We'll use the root CA to generate an example intermediate CA. We'll use the intermediate CA to sign end user certificates.

Read more...

systemd: Don't fear change

25-03-2015 | Jonathan Roberts

This article talks about systemd in Red Hat Enterprise Linux / CentOS 7. It gives some usage examples and talks about the differences between systemd, upstart and sysvinit.

Read more...

Keep messages secure with GPG

22-03-2015 | Ben Everard

This article shows you how to get started with GPG and Mailvelope. It discusses public/private key crypto and shows you how to use the Mailvelope software to encrypt and decrypt GPG messages on any webmail provider.

Read more...

OpenSSL: Manually verify a certificate against a CRL

22-03-2015 | Remy van Elst

This article shows you how to manually verfify a certificate against a CRL. CRL stands for Certificate Revocation List and is one way to validate a certificate status. It is an alternative to the OCSP, Online Certificate Status Protocol.

Read more...

How I got a valid SSL certificate for my ISP's main domain, xs4all.nl

21-03-2015 | Remy van Elst

I got a valid SSL certificate for a domain that is not mine by creating an email alias. In this article I'll explain what happened, why that was possible and how we all can prevent this.

Read more...

Olimex OlinuXino A20 LIME2 mainline 4.0.0 kernel, u-boot and debian rootfs image building tutorial

21-03-2015 | Remy van Elst

The Olimex OlinuXino A20 LIME2 is an amazing, powerfull and cheap open source ARM development board. It costs EUR 45, and has 160 GPIO pins. This is a guide to build a linux image with Debian and the mainline 4.0.0 kernel for the Olimex A20-Lime2 board, from scratch. By default it comes with an 3.4 kernel with binary blobs and patches from Allwinner. Recently the mainline kernel has gained support for these boards, you can now run and use the mainline kernel without these awfull non-free binary blobs.

Read more...

Automating Openstack with cloud init run a script on VM's first boot

11-03-2015 | Remy van Elst

This tutorial will show you how to create a VM in Openstack and execute a script at the first boot using cloud-init's user-data feature. This way you can eliminate some more manual labor and keep a small base image, instead of requiring all kinds of specific images for specific tasks. This tutorial will also give you a few example scripts to use with cloud-init and to create Openstack virtual machines from the command line.

Read more...

Build a Flexible and Powerful System with Arch Linux

09-03-2015 | Graham Morrison

This article covers the basic installation and configuration of Arch Linux, the distro that adheres to the Keep It Simple, Stupid principle. Arch Linux is a rolling release, that means that you always have the latest and greatest software. With Arch, you're on your own. In a world where where technology is taking your personal responsibility and giving it to the cloud, or to an internet search filter or the device manufacturers, getting your hands dirty with an operating system can be a revelation. Not only will you learn a great deal about how Linux works and what holds the whole thing together, you'll get a system you understand from the inside-out, and one that can be instantly upgraded to all the latest packages. You may also learn something about yourself in the process. And despite its reputation, it's not that difficult.

Read more...

Ada Lovelace and The Analytical Engine

09-03-2015 | Juliet Kemp

This article discusses an important piece of computing history, the Analytical Engine. It was designed by Charles Babbage. The history of Ada Lovelace is also covered, she also worked on and programmed the Analytical Engine. This article explains how the Analytical Engine works and gives us a few example programs. It also covers the calculation of the Bernoulli numbers with the Analytical Engine.

Read more...

Python: build dynamic web pages

08-03-2015 | Ben Everard

This article shows you various ways of creating a dynamic webpage. It covers iframes, widgets and a few Python modules including Tornado, feedparser and JSON. We'll build a page which has RSS feeds, the weather and the current exchange rates.

Read more...

Solve word puzzles with bash

08-03-2015 | Ben Everard

This article shows you how to solve word puzzles with Bash. It covers the grep tool including regular expressions to solve different kinds of word puzzles.

Read more...

All Items