FreeBSD 13 remote install on IBM x3200 M3

Trying to install OS on a remote server have multiple constraints, especially if the machine does not have full function BMC to boot from a remote disk, or IP-KVM to enter BIOS/UEFI setup screen. This is not a step-to-step guide, but a summary of pitfalls to avoid when installing FreeBSD 13 on IBM x3200 M3 over PXE with limited BMC functionality, without a “virtual media key” on the motherboard.

Continue reading “FreeBSD 13 remote install on IBM x3200 M3”

EdgeRouter IPsec site-to-site config example – one site static IP, another site dynamic Internet IP and behind NAT

I’ve been using OpenVPN for years and enjoy the convenience that OpenVPN only require one TCP or UDP port, which is fairly easy to set up even when one of the site is behind NAT or having dynamic IP. In comparison, setup IPsec is more complicated in this case.

However, EdgeRouter hardware offloading does not support OpenVPN. In this example, we will set up IPsec site-to-site using EdgeRouter, with one site having static IP, another site is using dynamic Internet IP and behind a NAT device (e.g. ISP-provided router). In my case, the ISP-provided router is an Optus/Sagemcom router, and the example config is available in another article. If your environment is not that complicated, refer to Ubiquiti help articles.

Continue reading “EdgeRouter IPsec site-to-site config example – one site static IP, another site dynamic Internet IP and behind NAT”

Dynamic DNS using Route 53 and Lambda

This article illustrates how to use Route 53 and Lambda to setup single-tenant DDNS service, with code examples.

It’s technically possible to use a Python script as a DDNS client to update the DNS record on Route 53 directly. However, an AWS access key and secret access key need to be loaded to that node. If that node is compromised, other DNS records in that hosted zone may get tempered because IAM policy does not allow fine-grained permission on a single DNS record. The risk can be mitigated using AWS Lambda.

Continue reading “Dynamic DNS using Route 53 and Lambda”

Data integrity – why I choose Btrfs (silent data corruption)

Not every file system do data block checksumming. And the most popular one on Linux ecosystem – ext4 file system – is one of them. That means if there is a silent data corruption occur on the disk, it may not get noticed. The corrupted data may get backed up to the off-site storage device, and by time, the backup will get corrupted after it’s been replaced by up-to-date (corrupted) version. This is potentially dangerous if the data need to be stored for a long period of time.

Continue reading “Data integrity – why I choose Btrfs (silent data corruption)”

Difference between Markdown and Discount

Discount is a C implementation of Markdown, and Markdown a text-to-HTML converter written in Perl. They are pretty similar but different in the following behaviours

  • Discount will replace double quote "" with “” and single and double quote ' with . Where Markdown will keep the single and double quote as-is.
  • To have a second level indentation on bullet points, Discount require two spaces, where Markdown only require one.

Continue reading “Difference between Markdown and Discount”

Prevent accidental erasure of internal drive while using dd to write USB flash drive

It is risky to issue a command like sudo dd if=image of=/dev/sdb bs=1M due to the risk of typing sdb to something else (e.g. internal drive). If an error has been made, the internal hard drive may get erased. This post proposes a solution by using udev rules, which will allow read/write access to USB drive without sudo and no password required. These udev rules does not affect SATA-based storage devices.

Continue reading “Prevent accidental erasure of internal drive while using dd to write USB flash drive”

ThinkPad X280 CPU load and throttling test on Ubuntu 18.04 (bionic)

Before purchasing ThinkPad X280, I was concerned about the CPU throttling bug. It’s a bug which will throttle the CPU performance once it’s been triggered and will not restore the performance without a reboot.

I’ve developed a Ruby script for this test, and run it on X280 with i5-8250U processor. I did not reproduce the throttling issue that requires a reboot to restore the performance – whether the machine is powered by battery or connected to the power supply. However, I did discover a symptom which will under-clock the process to 123MHz under the certain load.

Continue reading “ThinkPad X280 CPU load and throttling test on Ubuntu 18.04 (bionic)”