Linux

Intro # This is far from exhaustive, but I needed to perform some light benchmarks in CRC, MD5 and SHA hashing. The idea was to compare crc, md5 and sha as well as compare Naive Python hashing to Linux based tools.

My home Internet connection is a VDSL/FTTC (fibre to the cabinet) which comes over the telephone line into a BT master socket which has an ADSL filter and requires a modem. The modems are now usually built into the BT Home/Smart Hub CPE (Customer-premises equipment) but I still use a Huawei HG612 standalone modem as I don’t particularly like the CPE I was given. So I need a router to talk PPPoE to the modem and also firewall, route and NAT my home lan traffic to the Internet. I used a pair of Linksys WRT3200ACM devices: one as a router and wireless access point and the other as just a wireless access point. However while I was quite happy with them, the overall experience was not great: Ring devices would not connect, Tapo devices would not upgrade firmware and the overall signal quality around the house was not very good. So I upgraded to some Aruba Mesh wireless access points, which turned out to be great. However this left most of the functionality of the WRT3200ACM unneeded in what is quite a large physical footprint, also I don’t want to overload the device by turning my internet router into a NAS. Thus I needed to find a replacement device that just does the routing. Also with the new access points I also changed to a managed network switches with vlans to allow guest wifi, an untrusted iot network, etc. Thus the new device could just be a single port router on a stick with a single trunk link.

When running the Gnome Desktop Environment on Debian there is a secrets tool that automatically runs called Gnome Keyring. This tool provides multiple functions:

I recently found out about DevTerm Kit R-01 via Bryan Lunduke. I’ve been interested in RISC V for ages and so far have resisted buying any dev boards as they would just sit in boxes. However because this is an entire portable computer it’s a great way to play, there is hope it can become a useful piece of kit, so I immediately decided to get one.

Linux Networking Config is a complex beast these days. In fairness networking is complicated, and there has to be a way to configure a multitude of technologies: Ethernet, Wi-Fi, PPP, VPN, mobile, bridge, bonding, VLAN, tunnels. Originally networking was configured during boot up in shell scripts as part of sysvinit. However over the last 20+ years many newer ways have popped up; this is a short comparison of the options.

Recently I wanted to see if I could make my public cloud-based Linux infra more secure via LUKS (Linux Unified Key Setup) disk encryption. I realise that one must fully trust one’s cloud provider, as they have access to the hardware. However it would be nice to know that data is encrypted when stored on disk. This does not mitigate against a very bad cloud provider, as ultimately if they are determined enough they can get at the data. However implementing some sort of encryption does offer some protection against reading the data if disks are reused and certainly makes the barrier much higher for access casually.

Modern Linux can have complicated DNS setup. However this is now necessary, gone are the days when you could just set one static name server in /etc/resolv.conf and walk away. This little piece just documents how I’ve got my systems setup.

Recently I helped troubleshoot a networking issue with a 1Gbps link that was being fully saturated. In the end we configured a mirror port and dumped the traffic to analyse it. We ended up with >1000, 100MB files covering a half hour window. I was not sure what to do with such a quantity of data ~100GB and in the end we looked at a few caps and found the issue. However I could not help but feel that because most of the caps only covered a few seconds that I was not really looking at the full picture.

Email is on Onyx

kunzite # Kunzite was my main UML and latterly kvm virtual machine hosted by Bytemark, they are an amazing company, and I highly recommend them! It was long lived, kunzite was first installed on 18th October 2005 with 80Meg ram with 4GB of disk and it finished with 488Meg ram and 20G disk. I’ve migrated all services to another VM called beryl running on Bytemark’s BigV.

My Tomsweb site has been on MoinMoin for 11 years and has served me well! However I’ve just migrated to a statically generated site builder called Hugo. It’s stored in gitlab.com/thomasdstewart/tomsweb/ and the CI/CD generates the pages and serves the content. So now I don’t need to run an Apache server anymore.

Red Hat Enterprise Linux OpenStack Platform Versions:

Introduction # This is a short howto on creating a small OpenStack proof of concept on CentOS. The aim is to create a proof of concept OpenStack Liberty deployment on a single Linux testing machine, where the deployment matches real world hardware deployments. The aim is not to just install all the OpenStack components in a single machine or virtual machine. The aim is to make use of Linux, KVM and libvirt to create virtual hardware to run the various OpenStack components to match a real world deployment. Each virtual machine represents what could be a physical host. It will use CentOS 7 as the base operating system and use the RDO OpenStack packages. This matches the Red Hat OpenStack Platform, however does not need subscriptions to install and test.

Intro # So I have an old Western Digital Sharespace NAS box that I used to use as my main home NAS. I’ve long since switched it off, support for it has more or less finished, there have been no updates in ages and the new WD support site does not list it anymore. That said it seems a shame to skip it so I tried a few times to re-purpose it. I did get root when I first got it, but was never able to do anything more as it had all my files on. After I stopped using it for a while I forgot about it. Some time later I found a few posts on the debian-arm mailing list from David Hicks, he had managed to get Debian installed at working! Yay I thought so I emailed him and he very helpfully gave me some instructions and some patches to get me started. Unfortunately I fell at the first hurdle and could not get the console working. Embarrassingly I had not turned flow control off within the minicom settings. After 18 months while working on a serial console for a Raspberry Pi it dawned on me that it was my mistake. So I got out the box and console cable and decided to have another go.

Black titles in Gnome3!

I recently had to use kdump to do some investigation into why my Lenovo W540 started crashing with recent Linux kernels. It all started when I upgraded from Linux 3.14 to 3.16 and I started having random crashes soon after booting. Being lazy I just ignored it and continued to use the old kernel expecting the issue to go away. However try as I might the issue persisted in 3.17, 3.18, 3.19 and 4.0.

Port knocking is the act of connecting to a port or sequence of ports that in turn opens up another port. There are many methods to do this; read more about them on the Port Knocking page on the Arch Linux wiki. I like just using the built in iptables module recent. I have used this for years to have port 22 closed unless the right port connection sequence is performed. This does not really give much more security, but it does clean up the system log from failed password attempts.

If you try to extract a initrd and only file some uncompressed cpio:

I have no name!

Look at Debian Buzz running on bochs: