Trying to install OS on a remote server have multiple constraints, especially if the machine does not have full function BMC to boot from a remote disk, or IP-KVM to enter BIOS/UEFI setup screen. This is not a step-to-step guide, but a summary of pitfalls to avoid when installing FreeBSD 13 on IBM x3200 M3 over PXE with limited BMC functionality, without a “virtual media key” on the motherboard.
Continue reading “FreeBSD 13 remote install on IBM x3200 M3”Modify FreeBSD 13 memstick to enable serial console
FreeBSD installer memstick does not have serial console enabled by default. But for some hardware, it’s not convenient to access the VGA console. This article described how to enable serial console by modifying /memstick/boot/loader.conf on a memstick.
FreeBSD 13 installation over PXE
This article provides an example config and procedure to set up FreeBSD DHCP/TFTP/NFS server so other machines on the network can boot over PXE, and install FreeBSD without using a USB memory stick or CD.
Continue reading “FreeBSD 13 installation over PXE”FreeBSD 13 root-on-ZFS installation with custom zroot partition size
The default FreeBSD “Guided Root-on-ZFS” installation allocates all the space for “zroot” storage pool. However, if you’d like to have a smaller zroot, you can modify the partitioning script or partition manually.
Continue reading “FreeBSD 13 root-on-ZFS installation with custom zroot partition size”EdgeRouter IPsec site-to-site config example – one site static IP, another site dynamic Internet IP and behind NAT
I’ve been using OpenVPN for years and enjoy the convenience that OpenVPN only require one TCP or UDP port, which is fairly easy to set up even when one of the site is behind NAT or having dynamic IP. In comparison, setup IPsec is more complicated in this case.
However, EdgeRouter hardware offloading does not support OpenVPN. In this example, we will set up IPsec site-to-site using EdgeRouter, with one site having static IP, another site is using dynamic Internet IP and behind a NAT device (e.g. ISP-provided router). In my case, the ISP-provided router is an Optus/Sagemcom router, and the example config is available in another article. If your environment is not that complicated, refer to Ubiquiti help articles.
Continue reading “EdgeRouter IPsec site-to-site config example – one site static IP, another site dynamic Internet IP and behind NAT”Optus (Sagemcom) router config example for forwarding IPsec VPN traffic
This article illustrates how to set up Optus router to forward UDP 500, UDP 4500, ESP and AH to the VPN gateway. This is required when setting up IPsec VPN gateway (e.g. EdgeRouter) behind NAT device (e.g. Optus router).
Continue reading “Optus (Sagemcom) router config example for forwarding IPsec VPN traffic”Dynamic DNS using Route 53 and Lambda
This article illustrates how to use Route 53 and Lambda to setup single-tenant DDNS service, with code examples.
It’s technically possible to use a Python script as a DDNS client to update the DNS record on Route 53 directly. However, an AWS access key and secret access key need to be loaded to that node. If that node is compromised, other DNS records in that hosted zone may get tempered because IAM policy does not allow fine-grained permission on a single DNS record. The risk can be mitigated using AWS Lambda.
Continue reading “Dynamic DNS using Route 53 and Lambda”Amazon S3 object lock (retention period) in Python with IAM policy example
S3 object lock is a feature to prevent permanent deletion on S3 objects, by accident and deliberate. This article focus on retention period in governance mode. For legal hold, please refer to another article.
Continue reading “Amazon S3 object lock (retention period) in Python with IAM policy example”Amazon S3 object lock configuration on buckets and objects
S3 buckets and objects have their own object lock configuration. This article explains how it works.
Continue reading “Amazon S3 object lock configuration on buckets and objects”Amazon S3 object lock (legal hold) in Python with IAM policy example
S3 object lock is a feature to prevent permanent deletion on S3 objects, by accident and deliberate. This article focus on legal hold. For setting the retention period in governance mode, please refer to another article.
Continue reading “Amazon S3 object lock (legal hold) in Python with IAM policy example”Asus ZenFone 5 ZE620KL (2018) review – two months after purchase
Update: I strongly against updating to Android 9 due to a bug in adaptive brightness.
I’ve purchased Asus ZenFone 5 model ZE620KL (4GB RAM, 64GB storage) in November 2018 in Taiwan at 8,800 NTD (~400 AUD). I’ve been using it for two months – it is reliable and offers good value of money.
Continue reading “Asus ZenFone 5 ZE620KL (2018) review – two months after purchase”Banking in Australia
This is part of the note I took after I started at Macquarie University in 2016.
Continue reading “Banking in Australia”Safety in NSW National Parks – it’s beautiful but could be dangerous
I don’t have a car so sometimes I make a day trip to NSW National Park by taking public transport. This is what I learned by visiting different parks and checking news on those areas.
Continue reading “Safety in NSW National Parks – it’s beautiful but could be dangerous”Tips for people new to Australia
This was part of the note I took in 2016 after I stared in Macquarie University. These notes are not Macquarie-specific.
Continue reading “Tips for people new to Australia”Tips for whom just started at Macquarie University
Here’s the note I took while I started at Macquarie in 2016. These notes are specific to Macquarie University.
Continue reading “Tips for whom just started at Macquarie University”Mifare Classic is supported on Asus ZenFone 5 ZE620KL
Mifare Classic read/write is supported on Asus ZenFone 5 model ZE620KL. Tested with
- Mifare Classic Tool (MCT) for binary read/write
- NXP TagWriter for writing NDEF
- NXP TagInfo for reading binary / NDEF
Cisco Aironet 2800 installation checklist
In most of the small and medium-sized enterprises (SMEs), we don’t have IT department and sometimes hire third-party for installation and setup. This post provides a checklist for things need to be aware while setting up Cisco Aironet 2800 access points.
Continue reading “Cisco Aironet 2800 installation checklist”Upload file larger than 5GB to Amazon S3 with Ruby
Several days ago I noticed one of my backup to Amazon S3 was failed because the file is larger than 5GB and I didn’t use multipart upload. Code snippet as below. Works on AWS SDK for Ruby v3.
Continue reading “Upload file larger than 5GB to Amazon S3 with Ruby”Safe deposit box comparison 2017 – Sydney CBD
This is a safe deposit box comparison I composed in December 2017 by comparing Guardian Vaults, Custodian Vaults, Westpac and Commonwealth Bank safe deposit boxes. Be aware that my purpose is to store A4 sized documents so I cannot use the smallest box.
Continue reading “Safe deposit box comparison 2017 – Sydney CBD”
Data integrity – why I choose Btrfs (silent data corruption)
Not every file system do data block checksumming. And the most popular one on Linux ecosystem – ext4 file system – is one of them. That means if there is a silent data corruption occur on the disk, it may not get noticed. The corrupted data may get backed up to the off-site storage device, and by time, the backup will get corrupted after it’s been replaced by up-to-date (corrupted) version. This is potentially dangerous if the data need to be stored for a long period of time.
Continue reading “Data integrity – why I choose Btrfs (silent data corruption)”Changing Cisco Aironet 2800 SSH password on every AP
While changing the password on Cisco Aironet 2800 controller over web-based management interface, it will update the password for the web interface and SSH login of the controller. However, it will not update the SSH login on every access points. This post provides a solution to change the SSH login for all the access points.
Continue reading “Changing Cisco Aironet 2800 SSH password on every AP”
VLAN config generation with Ruby for Cisco Catalyst 3750
VLAN configuration is very different between HP and Cisco switches. HP is VLAN centred and Cisco is based on physical port. While managing Cisco switches, using a script to generate the config may ease the task. This post proposes a simple script to generate the config.
Continue reading “VLAN config generation with Ruby for Cisco Catalyst 3750”
HP ProCurve Switch 5400zl timezone and daylight saving configuration in Sydney
Only two lines
time timezone 600 time daylight-time-rule user-defined begin-date 10/01 end-date 04/01
Continue reading “HP ProCurve Switch 5400zl timezone and daylight saving configuration in Sydney”
Cisco ASA timezone and daylight saving configuration in Sydney
Only two lines
clock timezone AEST 10 clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00
Continue reading “Cisco ASA timezone and daylight saving configuration in Sydney”
Difference between Markdown and Discount
Discount is a C implementation of Markdown, and Markdown a text-to-HTML converter written in Perl. They are pretty similar but different in the following behaviours
- Discount will replace double quote
""with“”and single and double quote'with’. Where Markdown will keep the single and double quote as-is. - To have a second level indentation on bullet points, Discount require two spaces, where Markdown only require one.
Prevent accidental erasure of internal drive while using dd to write USB flash drive
It is risky to issue a command like sudo dd if=image of=/dev/sdb bs=1M due to the risk of typing sdb to something else (e.g. internal drive). If an error has been made, the internal hard drive may get erased. This post proposes a solution by using udev rules, which will allow read/write access to USB drive without sudo and no password required. These udev rules does not affect SATA-based storage devices.
Precision brightness control on X280 running Ubuntu 18.04 (bionic)
ThinkPad X280 running Ubuntu 18.04 allows a brightness level from 0 to 1515. However, the Fn+F5/F6 hotkey only allows 21 levels of control. This post provides a solution and easy-to-use script for brightness control, best use with Guake.
Continue reading “Precision brightness control on X280 running Ubuntu 18.04 (bionic)”Prevent unwanted wake up for ThinkPad X280 running Ubuntu 18.04 (bionic)
There is an issue that X280 may wake up while it’s connected to the ThinkPad USB-C hub. Here is the workaround for this issue.
Continue reading “Prevent unwanted wake up for ThinkPad X280 running Ubuntu 18.04 (bionic)”ThinkPad X280 CPU load and throttling test on Ubuntu 18.04 (bionic)
Before purchasing ThinkPad X280, I was concerned about the CPU throttling bug. It’s a bug which will throttle the CPU performance once it’s been triggered and will not restore the performance without a reboot.
I’ve developed a Ruby script for this test, and run it on X280 with i5-8250U processor. I did not reproduce the throttling issue that requires a reboot to restore the performance – whether the machine is powered by battery or connected to the power supply. However, I did discover a symptom which will under-clock the process to 123MHz under the certain load.
Continue reading “ThinkPad X280 CPU load and throttling test on Ubuntu 18.04 (bionic)”
Review for ThinkPad X280 running Ubuntu 18.04 (bionic)
I’m an everyday Linux (Ubuntu) user moving from X201s to X280. This is my review after installing Ubuntu 18.04 (bionic) on X280.
Continue reading “Review for ThinkPad X280 running Ubuntu 18.04 (bionic)”Improved Let’s Encrypt certificate renewal on Bitnami WordPress
I’ve followed the instructions from Bitnami for installing Let’s Encrypt certificate on Amazon Lightsail instance with Bitnami WordPress preloaded. The guide is very user-friendly and easy to follow. However, there is room for improvement in step 5 in certificate renewal.
Continue reading “Improved Let’s Encrypt certificate renewal on Bitnami WordPress”