In a previous post I have showed how to install Debian 12 with disk encryption. In this post I will show how to install KVM on it, so that you can start using it as a GNU/Linux hypervisor to run virtual (Windows 10) machines. In this post I will also show how to load a graphical tool to connect to your KVM enabled server. Install KVM KVM requires CPU virtualization support (VT-x/AMD-V) to be enabled in the BIOS. You can check if your CPU is supported by installing cpu-checker and running the kvm-ok command. ...

In this tutorial I’ll walk you through the steps of setting up Debian 12 with LUKS full disk encryption on a server you bought from the Hetzner auction. I’m using the recommended method using the “installimage” script (that Hetzner provides) to make things really easy for myself. Enter the rescue mode Login to the Robot robot.hetzner.com and go to the “Server” page. Click on “Server” > “Key Management” > “New Key”, add your public key and click “Add Key”. Click on “Server” and click your server and choose the “Rescue” tab. Select your “Public key” and click “Activate Rescue System”. Now click on the “Reset” tab and choose “Execute an automatic hardware reset” and click “Send”. Wait for 60 seconds (duration depends on the hardware) for the server to reboot. Use an SSH client to connect with username “root” to the IP address of your server. Installation instructions Add your public keys to the rescue image by using an editor and pasting the public keys: ...

The fairly new N100 processor was mainly available in mini PC’s and firewall devices, but now we have ASRock that offers it as “N100DC-ITX” on an ITX sized motherboard. I’m using it to rebuild a PC in my living room that I designed to be powerful and silent and always on. My previous build was an ASRock J5040-ITX motherboard in an Inter-Tech ITX-601 HTPC case with 32 GB of RAM a 1 TB SSD. It used 8 watt at idle and I wrote a post about it. No reason for real complaints as I’ve used the machine daily, but certain websites (and sometimes VSCode) started to feel a bit slow. I wanted a little better performance and the N100 should be able to deliver and hopefully it will not consume much more power. ...

In my last post I’ve told you about how I’m writing (simple) games in TypeScript. In this post I’ll share the source code of a Simple TicTacToe game I rewrote in TypeScript. I’m using Visual Studio Code and the TypeScript plugin. I’m working on Linux, but on Windows you should be able to use the same instructions within the WSL2 environment. Quick start Type the following commands to get started: git clone git@github.com:mevdschee/typescript-tictactoe.git cd typescript-tictactoe curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.5/install.sh | bash nvm install node npm install npm run dev Now use Visual Studio Code (with the TypeScript extension) to edit the content and see how the code is recompiled and the browser is reloaded when the code is saved. ...

I loved programming in Actionscript (for Flash) and I have tried Haxe and other languages when Flash was widely abandoned. I felt JavaScript was lacking features for better structural programming. Typescript and Visual Studio Code provide a great development experience for creating (well performing) cross-platform games. I have rewritten my AceCardGames.com solitaire card games in TypeScript. In this post I will share my development setup and some of my lessons learned. ...

Any IT security measure must be evaluated in the context of a specific set of threats with context specific relevance. IT security is much like the security of the windows of a house. In a bad neighborhood of a city having steel bars in front of your ground floor windows may be considered required to prevent people from breaking in, while in the countryside having them would be considered dangerous as it would prevent you from escaping the house in case of a fire. In short: no security measure can be evaluated without the context of a set of threats. ...

When writing LUKS tutorials I often made mistakes preventing my system to boot. This resulted in a dreadful message saying: ALERT! /dev/mapper/debian--vg-root does not exist. Dropping to a shell! Showing me a BusyBox shell and a prompt that looks like this: BusyBox v1.30.1 (Debian 1:1.30.1-6+b3) built-in shell (ash) Enter 'help' for a list of built-in commands. (initramfs) In this post I will describe how to quickly mount your root partition from the initramfs shell and also how to easily correct bigger problems using Debian’s Rescue mode. ...

I feel that using full disk encryption of servers is a must. Not to protect against attacks with physical access (to the unencrypted boot loader or unprotected BIOS), but to avoid leaking data when a disk or computer is either stolen or replaced. But what do you do when you need to reboot your server and have no console access to enter the passphrase? This post will explain how you can make the server run a HTTPS request during the boot process to do automatic unlocking of the encrypted root partition over the Internet. ...

I have a .net application that runs on SQL Server that I want to migrate to MariaDB for licensing reasons. The .net code to query MariaDB looks a lot like the code to query SQL Server, so that is not much work (mainly search and replace). Also the SQL queries need adjusting, but I’m so much more well-versed in MariaDB that rewriting the SQL is a joy. I use a Debian LAMP server to host the ClickOnce .net application. I use a SSH tunnel with a private/public key-pair instead of a password to encrypt the database connection. This allows me to connect remote to the database even though the database server is not accessible over the Internet (only listens on localhost). ...

I’ve built another small form factor PC for office use (and light gaming). This time I wanted to upgrade my silent but powerful small form factor PC. You can read about my Antec ISK 110 with and how it’s AMD 3400G CPU was limited by the power supply here. The Chieftec IX-03B-OP case is as small as you can go with Mini-ITX. The Chieftec case The Chieftec IX-03B-OP is smaller than the Antec ISK 110, but it does not have the 4 front USB ports that the Antec has. In return you get a smaller and easier to work with case with only 3 cables inside: HDD LED, power switch and power LED. The case has 2 holes that fit the PicoPSU power jack perfectly. The SATA power cables can be removed from the PicoPSU, minimizing the number of cables, making the build really clean. The motherboard is slightly raised from the side-panel of the case using built-in standoffs. There is clearance and air flow for a rear side M2 slot on the motherboard. Also, the Noctua NH-L9a-AM4 fitted easily with about 3-4 millimeters to spare. The Leicke power brick is rather large, but it is silent (no coil whine) and very powerful. ...