Index ¦ Archives ¦ Atom

Using post-quantum cryptography kyber / ML-KEM (X25519MLKEM768) using Open Quantum Safe library and HAProxy

Introduction

Google recently published a new blog post on Kyber. Let's try getting ML-KEM / Kyber working in Google Chrome 131 and Firefox Nightly 133.

OpenSSL 3+ exposes an API for SSL-providers that allows us to only compile the provider instead of having to recompile the application itself.

Disclaimer

liboqs is …


A commentary on AWS leadership principles: Customer obsession

Introduction

Disclaimer: This post doesn't aim to be a serious evaluation of the Amazon principles. Seattle-based IT companies are generally allergic to questioning of their social status and philosophy, so might as well start with a disclaimer. To think is to write: You cannot do real thinking without writing. Occassionally …


Why developers doing devops without supervision ends up in disaster

Introduction

Here's a fun little thing that happens between a more ops oriented system administrator and developers. Considering the crap colleges produce every year, there's more and more people with fancy degrees that don't mean anything who manage to wrestle the permissions to publish releases from the Ops crowd. Of …


Kernel livepatching on Fedora part 2

Introduction

This blog post uses Fedora 40 and the 6.10 kernel. The focus is to get the technology working on a 'real' system via a series of experiments. Serial experiments help build-up the knowledge, experience, tooling etc. to handle real-world use-cases.

In this part we'll try using the Fedora-native …


The Atreides principles of self-organization

Introduction

The Dune books have some interesting psychological research embedded into them that (finally) after 50 years might be discussed and used (like Frank Herbert predicted). However it is also likely that the perversion that is the Dune movies (which are visually stunning, but in many ways lacking story-wise) will …


Dumbledore Management: When your manager isn't relaying critical information

Introduction

"Ah yes, of course, I haven't told you," said Dumbledore

Warning: Contains spoilers to the Harry Potter series.

One of the most notable parts of the Harry Potter series is that Harry might have ended up dead at the end of book 7, as Snape notes in his conversation with Dumbledore. Dumbledore kept Harry alive "to be sacrificed at …


You are not paying your "offshore" staff enough to compete

Introduction

TL;DR If you are evaluating everyone using the same framework (even if you are adjusting for income) it's unlikely that your less-payed will ever be competitive. This is not because they do not produce good work: It's social and psychological effects that have an enormous and compounding effect …


Factorio DevOps lessons

Introduction

This awesome paper https://web.mit.edu/nelsonr/www/Repenning=Sterman_CMR_su01_.pdf indicates that for the chemical industry, there was a need to create a game scenario for participants to understand how the optimal strategy behaves over longer periods of time. The paper is awesome, however, the lessons are …


KeyDB active-active replication issues

Introduction

KeyDB sounds like a viable redis alternative in 2024, however there are issues with how active-active replication works. It mostly boils down to issues with reconciling data when writes arrive at both instances. https://en.wikipedia.org/wiki/Conflict-free_replicated_data_type is a good introductory read.

The relevant issues

The relevant …


Lessons from the OceanGate disaster

Introduction

There was a lot of coverage around the titan submarine but most of it wasn't very useful. The only useful newspaper article I have found is: https://www.vanityfair.com/news/2023/08/titan-submersible-implosion-warnings

I highly recommend reading it in full.

Some of the key highlights

Some key takeaways …


Kernel livepatching on Fedora part 1

Introduction

This blog post uses Fedora 40 and the 6.10 kernel. The focus is to get the technology working on a 'real' system via a series of experiments. Serial experiments help build-up the knowledge, experience, tooling etc. to handle real-world use-cases.

Kernel livepatching is a nice technology that doesn't …


The invisible sabotage part 1

Introduction

Smart people sabotage their competition in ways that most common people find hard to follow or comprehend. Even other smart people might find it hard to follow the ways they are being sabotaged. Hence, raising awareness of these matters levels the playing field.

Most DEI initiatives seem to miss …


Why Rick Prime kills c137 Diane

Introduction

The feud between Rick Prime and c137 Rick is the central conflict of the Rick and Morty series. What's not obvious is why Rick Prime decided to hurt c137 Rick.

TL;DR

Once Rick Prime realized that c137 Rick couldn't be controlled, the only way he could stay "on …


Unpacking img files ubuntu

Introduction

This is an example of how to unpack an image and access the files from an img file. The problem is that depending on the actual file, different procedures (and tools) need to be used.

Preparation

A ubuntu 22.04 cloud image from https://cloud-images.ubuntu.com/jammy/current …


Gitlab locks security features behind paywall

Introduction

One of the more fun things in 2024 is evaluating software for use as part of a CI/CD pipeline. I think that kicking off a CI/CD pipeline should involve some kind of human intervention in the form of a person with a gpg smartcard, or a HSM-powered …


Psychological failures and high-availability: Knowledgeable engineers and scientists horrible at execution

Introduction

This is an unfun thing to write, but I need to be able to also remind myself about the objective criteria for failure and success and not the bullshit peddled by the current ruling class. When failures happen so rarely, it is tempting to cover them up, which is …


Resetting a yubikey

Introduction

There might be a time when you'll need to purge a yubikey without access to your gpg stubs (or if you want to avoid importing them). In this case the below method works, even though googling won't reveal at first glance. In short, the procedure involves entering a pin …


Testing if core dumps are enabled correctly

The problem

Core dumps are extremely useful for debugging purposes. However, it is often non-trivial to enable them as many production systems require twiddling with some configuration options to get core dumps working (most notably, the kernel.core_pattern sysctl, and the core file size setable with ulimit -c \<some value …


Signing RPM packages with subkeys on RHEL7

The problem

RHEL7 doesn't support signing RPM packages with GPG subkeys. The tooling will however allow you to shoot yourself in the foot, allowing you to sign a package with a subkey no problemo.

It is only when you attempt to install the package on a RHEL7 system that the …


One-off ansible bootstrapping playbooks

The case for simple playbooks

For my private infrastructure it doesn't make sense to create full-blown ansible roles unless I'm showing off. Therefore I use a set of simple, ansible playbooks that do one thing and cover the most common tasks. These playbooks are mostly intended to make the new …


Disclaimer and terms of use

Disclaimer

All views expressed on this sitre are my own and do not represent the opinions of any entity whatsoever with which I have been, am now, or will be affiliated.

The author is not to be held responsible for your use of the information contained in or linked from …


Links and books for an effective workplace in IT

There are books about the workplace (and articles) that I really like. Disclaimer: I do not endorse that these be applied blindly in any workplace, nor should any of them be used to bash people over the head with. Life is more complicated than books, and management is tough. However …


Compiling HAProxy from source on Fedora

Introduction

Since I always forget to write down all the dependencies and make options, here are my scribbly notes on how to compile HAProxy on Fedora 29/Fedora 30.

Where to get the source

The GitHub URL is a mirror of the main repository and doesn't contain the other branches …


Ad-hoc Ansible for infrastructure navigation

Introduction

The official definition for Ansible is the following:

Ansible is a radically simple IT automation engine that automates
cloud provisioning, configuration management, application deployment,
intra-service orchestration, and many other IT needs.

Or explained simply, ansible is ssh on steroids wrapped in python+yaml bubblewrap to prevent sysadmins from …


Contact

Email:

  • bhenc { at } ceresia . ch

IRC:

GitHub: brhenc

Gitlab: brhenc

© Bruno Henc. Built using Pelican. Theme by Giulio Fidente on github.