Raymii.org
Quis custodiet ipsos custodes?Home | About | All pages | Cluster Status | RSS Feed
Hi there!
I'm Remy, a developer from The Netherlands with a focus on C++, C, some C#, Linux and embedded systems.
I currently work on a C++ and Qt stack running on Yocto Linux. It controls hardware, runs the UI and has a few utilities for IoT connectivity and configuration. Technologies I'm fluid in include C, C# & C++, Windows (MFC/Win32), .NET (Core, Xaml, Framework and C++/CLI), Flash, Qt, Ansible, Bash & PowerShell. I was Linux and UNIX sysadmin for over 10 years before I got into development.
To read more or get in touch, click here. This is my personal website, these articles do not reflect or are based on work, opinions or policies of any of my (previous) employers. Any resemblance to reality is pure coincidence.
Latest Items
Logging all C++ destructors, poor mans run-time tracing
21-09-2024 23:59 | Remy van ElstI recently faced a challenging issue with an application that wasn't shutting down correctly, either segfaulting or terminating without an active exception. Running the program via valgrind
to check for memory leaks wasn't possible because the program couldn’t perform its cleanup if it didn't shut down correctly. This article covers adding runtime instrumentation provided by gcc
to log destructors. This helped me figure out what was still left over from the closed-source framework in use preventing correct shutdowns or causing segfaults. It includes example code, setup instructions and insights into handling shutdown issues in large, multi-threaded codebases.
Compiling TETRIS from 1992 on OpenVMS x86 in 2024!
18-08-2024 14:33 | Remy van ElstSince DECWindows / CDE now works on OpenVMS x86 (from 9.2-3 onwards) there is much fun stuff to do. Back in 2021 I wrote an article on the CDE desktop on Alpha / AXPbox and also an article on how to run CDE on modern linux, since it's still developed. Both articles included a game, GENERIC-TETRIS from 1992, written by Qiang Alex Zhao. After getting the (remote) desktop working I wanted to compile and run Tetris to continue this lineage, from VAX, to Alpha, to Linux/CDE, to x86 VMS. I haven't got an Itanium to run it on, but if anyone has one left willing to send this way, feel free to contact me. This article includes the precompiled tetris binary for OpenVMS x86 and instructions to compile the source. The code required some minor modifications which I'll also cover, but that's not surprising for code that hasn't changed much since 1992 to be compiled in 2024. This article also shows you how to install curl on OpenVMS.
Read more...OpenVMS x86 E9.2-3 fixes CDE (DECWindows) and adds a Guest Console (no serial port required anymore)
14-08-2024 23:58 | Remy van ElstI'm a big fan of OpenVMS. You can read all my OpenVMS articles here. Since the licensing changes to the Hobbyist Program, I applied and was included in to the Ambassador Program. A new update of the X86 field test is released and this includes to major changes for hobbyists. One is a new feature, the Guest Console, which makes installing easier by no longer requiring a serial port and fiddling with Putty or your telnet client and the second is a fix to the C/C++ compiler which, (probably by accident), fixes CDE and DECWindows. The Common Desktop Environment (CDE) is still under development and can be installed on Linux quite easily. This post shows the two new features, the Guest Console and CDE working.
Read more...OpenVMS 9.2 for x86, Getting Started part 1, install guide with VirtualBox
Published: 11-04-2023 22:30 | Last update: 14-08-2024 23:57 | Author: Remy van ElstOpenVMS on x86 is now available for hobbyists! Almost a year after the official release. This is a part 1 of my getting started guide, showing you how to install OpenVMS on VirtualBox on Windows 10/11. More parts will follow, documenting license installation, network setup, ssh, application installation etc.
Read more...Create Kubernetes user restricted to one namespace with resource limits
29-07-2024 04:39 | Remy van ElstThis guide shows you how to use Role-based access control (RBAC) to create a user account that only has rights for one specific namespace. I'll also show you how to limit the resource usage of that Namespace
. Last but not least, I'll also show you how to create a kubeconfig
file for that specific user.
nameConstraints on your Self Signed Root CA in Kubernetes with cert-manager
17-07-2024 23:22 | Remy van ElstIf you have set up a Self Signed Root CA for your local Kubernetes Cluster and have trusted the Root Certificate, you are at risk if the key is compromised. If the key is stolen, it can be used to create trusted certificates for everything. Luckily there is something we can do, using nameConstraints
to limit the scope of the Root Certificate to, in our case, a single domain (k3s.homelab.mydomain.org
). This means that if your key would be compromised, it would only be able to issue certificates for anything under that domain, not your bank for example.
Self-signed Root CA in Kubernetes with k3s, cert-manager and traefik. Bonus howto on regular certificates
17-07-2024 04:22 | Remy van ElstNow that I'm learning Kubernetes for a few weeks, I'm finally at the point where I was 20 years ago with regular boring old tech, being able to host multiple domains, password protection and high available clusters. It seems we have to re-invent the wheel every time but in the end, it's just resume-driven development, the underlying stack costs more, is way more complex but for the user, nothing changes, they see the same website as always. Not all change is progress. Enough of being a curmudgeon, time to continue with Kubernetes. In this episode of 'Remy discovers Kubernetes', I'm setting up cert-manager
, not with Lets Encrypt, but with a self-signed certificate authority. I'll also show you how to set up a regular certificate, one you've for example bought somewhere. I'll also cover nameConstraints
to make the risk of compromise of your trusted root ca lower.
OpenSSL get entire certificate chain from a domain or loop over entire chain in file
16-07-2024 18:30 | Remy van ElstThe openssl x509
command can be used to get information from a certificate. If you supply a filename, the command will only use the topmost certificate in the file, not all certificates in the file, like in the case of a certificate chain. The openssl s_client -connect
command can connect to a server and show all certificates served by that server. The command I'm providing in this snippet splits up all certificates found in a file or as the result of openssl s_client
and allows openssl x509
to loop over each one individually.
Password protect web services in Kubernetes (k3s/traefik) with basic auth
15-07-2024 20:11 | Remy van ElstNow that I have a high-available local kubernetes cluster and am experimenting with deploying apps, it's also time to look into securing those apps using certificates and passwords. In this case I'm going to set up password authentication, like a .htaccess
file in Apache2
, to protect the Longhorn
dashboad, which by default requires no authentication. This means deploying an Ingress
, a Middleware
and a Secret
.
Leaf Node Monitoring v2024.02 released, autostart, ssl certificate expiry and minimize to tray
12-07-2024 22:30 | Remy van ElstI'm pleased to announce the next version of Leaf Node Monitoring, the simple and easy to use open source site and server monitoring tool. Major new features include minimizing to the tray, automatic startup on Windows and Linux and a new check, SSL Certificate Expiry. This post goes over everything that is new in this release.
Read more...Using nodeSelector to deploy a Kubernetes Helm chart only on x86/amd64 nodes, not arm64
11-07-2024 23:39 | Remy van ElstMy k3s cluster runs on Orange Pi Zero 3 small board computers, with a 1.5 GHz Allwinner H618 Quad-Core Cortex-A53 ARM64 CPU. Nowadays most popular software has support for aarch64
due to the popularity of boards like the Raspberry Pi and the Apple M1 series processors, but smaller projects or niche software often can only run on x86/amd64. If you write your own yaml files for deployment you can use a nodeSelector
combined with the kubernetes.io/arch=amd64
, but with a Helm Chart this is not that obvious. This small snippets shows you the correct syntax to force deploy a Helm Chart to only amd64 nodes in your cluster. This assumes you have a mixed cluster, I added a small virtual machine to it for testing.