About

I'm a Linux/Unix sysadmin with experience in High Availability, scaling and clustering, security, (Open)SSL and general linux system administration. I've worked as a sysadmin (devops) for Certificate Authorities, Hospitals, Managed Service providers, Datacenters Development shops and large Internet Service providers. I currently work for an Openstack provider. I like to design, build and manage large, complex and high available systems. I like to work with configuration management tools and version control systems. Documentation, monitoring and backups are things I do first, not when the time allows it later.
This is my personal website, please do note that these articles do not reflect opinions or policies of any of my (previous) employers, only my personal one.


Latest Items

The awesomely epic guide to KDE

04-05-2015 | Graham Morrison

This article shows gives an overview of the major KDE features like font management, visual effects, file management, eye candy, the panels, the task switcer and more great KDE stuff.

Read more...

Filing Effective Bug Reports

03-05-2015 | Ben Everard

This article shows you how to report bugs properly and help open source projects by doing so. It explains the things that help create a good bug report, one on which the developers can actually work on. It also explains the process of bug reporting, what happens after you've did the initial report?

Read more...

Raspberry Pi Arcade Machine

03-05-2015 | Graham Morrison

This article shows you how to build your own full size arcade machine using a Raspberry Pi. It involves a real, full size arcade cabinet, a converter device called a J-Pac and the MAME emulator software.

Read more...

OpenSSL command line Root and Intermediate CA including OCSP, CRL and revocation

31-03-2015 | Remy van Elst

These are quick and dirty notes on generating a certificate authority (CA), intermediate certificate authorities and end certificates using the OpenSSL command line tools. It includes OCSP, CRL and CA Issuer information and specific issue and expiry dates. We'll set up our own root CA. We'll use the root CA to generate an example intermediate CA. We'll use the intermediate CA to sign end user certificates.

Read more...

Stong SSL Security on lighttpd

25-03-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the lighttpd webserver. We do this by disabling SSL Compression to mitigate the CRIME attack, disable SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also set up HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A on the Qually Labs SSL Test.

Read more...

Strong SSL Security on nginx

25-03-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the nginx webserver. We do this by disabling SSL Compression to mitigate the CRIME attack, disable SSLv3 and below because of vulnerabilities in the protocol and we will set up a strong ciphersuite that enables Forward Secrecy when possible. We also enable HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A on the Qually Labs SSL Test.

Read more...

systemd: Don't fear change

25-03-2015 | Jonathan Roberts

This article talks about systemd in Red Hat Enterprise Linux / CentOS 7. It gives some usage examples and talks about the differences between systemd, upstart and sysvinit.

Read more...

Strong SSL Security on Apache2

25-03-2015 | Remy van Elst

This tutorial shows you how to set up strong SSL security on the Apache2 webserver. We do this by disabling SSL Compression to mitigate the CRIME attack, disable SSLv3 and below because of vulnerabilities in the protocol and we will set up a ciphersuite that enables Forward Secrecy when possible. We also set up HSTS and HPKP. This way we have a strong and future proof ssl configuration and we get an A on the Qually Labs SSL Test.

Read more...

Keep messages secure with GPG

22-03-2015 | Ben Everard

This article shows you how to get started with GPG and Mailvelope. It discusses public/private key crypto and shows you how to use the Mailvelope software to encrypt and decrypt GPG messages on any webmail provider.

Read more...

OpenSSL: Manually verify a certificate against a CRL

22-03-2015 | Remy van Elst

This article shows you how to manually verfify a certificate against a CRL. CRL stands for Certificate Revocation List and is one way to validate a certificate status. It is an alternative to the OCSP, Online Certificate Status Protocol.

Read more...

How I got a valid SSL certificate for my ISP's main domain, xs4all.nl

21-03-2015 | Remy van Elst

I got a valid SSL certificate for a domain that is not mine by creating an email alias. In this article I'll explain what happened, why that was possible and how we all can prevent this.

Read more...

Olimex OlinuXino A20 LIME2 mainline 4.0.0 kernel, u-boot and debian rootfs image building tutorial

21-03-2015 | Remy van Elst

The Olimex OlinuXino A20 LIME2 is an amazing, powerfull and cheap open source ARM development board. It costs EUR 45, and has 160 GPIO pins. This is a guide to build a linux image with Debian and the mainline 4.0.0 kernel for the Olimex A20-Lime2 board, from scratch. By default it comes with an 3.4 kernel with binary blobs and patches from Allwinner. Recently the mainline kernel has gained support for these boards, you can now run and use the mainline kernel without these awfull non-free binary blobs.

Read more...

Automating Openstack with cloud init run a script on VM's first boot

11-03-2015 | Remy van Elst

This tutorial will show you how to create a VM in Openstack and execute a script at the first boot using cloud-init's user-data feature. This way you can eliminate some more manual labor and keep a small base image, instead of requiring all kinds of specific images for specific tasks. This tutorial will also give you a few example scripts to use with cloud-init and to create Openstack virtual machines from the command line.

Read more...

Build a Flexible and Powerful System with Arch Linux

09-03-2015 | Graham Morrison

This article covers the basic installation and configuration of Arch Linux, the distro that adheres to the Keep It Simple, Stupid principle. Arch Linux is a rolling release, that means that you always have the latest and greatest software. With Arch, you're on your own. In a world where where technology is taking your personal responsibility and giving it to the cloud, or to an internet search filter or the device manufacturers, getting your hands dirty with an operating system can be a revelation. Not only will you learn a great deal about how Linux works and what holds the whole thing together, you'll get a system you understand from the inside-out, and one that can be instantly upgraded to all the latest packages. You may also learn something about yourself in the process. And despite its reputation, it's not that difficult.

Read more...

Ada Lovelace and The Analytical Engine

09-03-2015 | Juliet Kemp

This article discusses an important piece of computing history, the Analytical Engine. It was designed by Charles Babbage. The history of Ada Lovelace is also covered, she also worked on and programmed the Analytical Engine. This article explains how the Analytical Engine works and gives us a few example programs. It also covers the calculation of the Bernoulli numbers with the Analytical Engine.

Read more...

Python: build dynamic web pages

08-03-2015 | Ben Everard

This article shows you various ways of creating a dynamic webpage. It covers iframes, widgets and a few Python modules including Tornado, feedparser and JSON. We'll build a page which has RSS feeds, the weather and the current exchange rates.

Read more...

Solve word puzzles with bash

08-03-2015 | Ben Everard

This article shows you how to solve word puzzles with Bash. It covers the grep tool including regular expressions to solve different kinds of word puzzles.

Read more...

Euclid's algorithm: recursion and python

08-03-2015 | Graham Morrison

This article talks about Euclids Algorithm. The problem that Euclid's algorithm solves is easy enough to understand: what is the largest common divisor of two integers? Take the numbers 100 and 80, for example: what's the largest number that divides into both? It walks us through Python example code explaining the function.

Read more...

Openstack Glance Image Download, download Openstack images

25-02-2015 | Remy van Elst

This guide shows you how download Openstack Images to your local machine using the command line Glance client. You can use this, for example, to download a copy of an image created from a VM, or to download the images your Openstack provider provides and adapt those.

Read more...

Installing Virtual Machines with virt-install, plus copy pastable distro install one-liners

08-02-2015 | Remy van Elst

virt-install is a command line tool for creating new KVM , Xen or Linux container guests using the libvirt hypervisor management library. It allows you to create a VM and start an installation from the command line. This article has a few copy pastable getting started examples for different distro's.

Read more...

Remove Installatron from a (Directadmin) server

08-02-2015 | Remy van Elst

This is a short guide which shows you how to remove Installatron from a server.

Read more...

All Items