Google recently published a new blog post on Kyber. Let's try getting ML-KEM / Kyber working in Google Chrome 131 and Firefox Nightly 133.
OpenSSL 3+ exposes an API for SSL-providers that allows us to only compile the provider instead of having to recompile the application itself.
liboqs is …
Here's a fun little thing that happens between a more ops oriented system administrator and developers. Considering the crap colleges produce every year, there's more and more people with fancy degrees that don't mean anything who manage to wrestle the permissions to publish releases from the Ops crowd. Of …
This blog post uses Fedora 40 and the 6.10 kernel. The focus is to get the technology working on a 'real' system via a series of experiments. Serial experiments help build-up the knowledge, experience, tooling etc. to handle real-world use-cases.
In this part we'll try using the Fedora-native …
This awesome paper https://web.mit.edu/nelsonr/www/Repenning=Sterman_CMR_su01_.pdf indicates that for the chemical industry, there was a need to create a game scenario for participants to understand how the optimal strategy behaves over longer periods of time. The paper is awesome, however, the lessons are …
KeyDB sounds like a viable redis alternative in 2024, however there are issues with how active-active
replication works. It mostly boils down to issues with reconciling data when writes arrive
at both instances. https://en.wikipedia.org/wiki/Conflict-free_replicated_data_type is
a good introductory read.
The relevant …
There was a lot of coverage around the titan submarine but most of it wasn't very useful. The only useful newspaper article I have found is: https://www.vanityfair.com/news/2023/08/titan-submersible-implosion-warnings
I highly recommend reading it in full.
This blog post uses Fedora 40 and the 6.10 kernel. The focus is to get the technology working on a 'real' system via a series of experiments. Serial experiments help build-up the knowledge, experience, tooling etc. to handle real-world use-cases.
Kernel livepatching is a nice technology that doesn't …
This is an example of how to unpack an image and access the files from an img file. The problem is that depending on the actual file, different procedures (and tools) need to be used.
A ubuntu 22.04 cloud image from https://cloud-images.ubuntu.com/jammy/current …
One of the more fun things in 2024 is evaluating software for use as part of a CI/CD pipeline. I think that kicking off a CI/CD pipeline should involve some kind of human intervention in the form of a person with a gpg smartcard, or a HSM-powered …
There might be a time when you'll need to purge a yubikey without access to your gpg stubs (or if you want to avoid importing them). In this case the below method works, even though googling won't reveal at first glance. In short, the procedure involves entering a pin …
Core dumps are extremely useful for debugging purposes. However, it is often non-trivial to enable them as many production systems require twiddling with some configuration options to get core dumps working (most notably, the kernel.core_pattern sysctl, and the core file size setable with ulimit -c \<some value …
RHEL7 doesn't support signing RPM packages with GPG subkeys. The tooling will however allow you to shoot yourself in the foot, allowing you to sign a package with a subkey no problemo.
It is only when you attempt to install the package on a RHEL7 system that the …
For my private infrastructure it doesn't make sense to create full-blown ansible roles unless I'm showing off. Therefore I use a set of simple, ansible playbooks that do one thing and cover the most common tasks. These playbooks are mostly intended to make the new …
All views expressed on this sitre are my own and do not represent the opinions of any entity whatsoever with which I have been, am now, or will be affiliated.
The author is not to be held responsible for your use of the information contained in or linked from …
Since I always forget to write down all the dependencies and make options, here are my scribbly notes on how to compile HAProxy on Fedora 29/Fedora 30.
The GitHub URL is a mirror of the main repository and doesn't contain the other branches …
The official definition for Ansible is the following:
Ansible is a radically simple IT automation engine that automates
cloud provisioning, configuration management, application deployment,
intra-service orchestration, and many other IT needs.
Or explained simply, ansible is ssh on steroids wrapped in python+yaml bubblewrap to prevent sysadmins from …