Any IT security measure must be evaluated in the context of a specific set of threats with context specific relevance. IT security is much like the security of the windows of a house. In a bad neighborhood of a city having steel bars in front of your ground floor windows may be considered required to prevent people from breaking in, while in the countryside having them would be considered dangerous as it would prevent you from escaping the house in case of a fire. In short: no security measure can be evaluated without the context of a set of threats. ...

When writing LUKS tutorials I often made mistakes preventing my system to boot. This resulted in a dreadful message saying: ALERT! /dev/mapper/debian--vg-root does not exist. Dropping to a shell! Showing me a BusyBox shell and a prompt that looks like this: BusyBox v1.30.1 (Debian 1:1.30.1-6+b3) built-in shell (ash) Enter 'help' for a list of built-in commands. (initramfs) In this post I will describe how to quickly mount your root partition from the initramfs shell and also how to easily correct bigger problems using Debian’s Rescue mode. ...

I feel that using full disk encryption of servers is a must. Not to protect against attacks with physical access (to the unencrypted boot loader or unprotected BIOS), but to avoid leaking data when a disk or computer is either stolen or replaced. But what do you do when you need to reboot your server and have no console access to enter the passphrase? This post will explain how you can make the server run a HTTPS request during the boot process to do automatic unlocking of the encrypted root partition over the Internet. ...

I have a .net application that runs on SQL Server that I want to migrate to MariaDB for licensing reasons. The .net code to query MariaDB looks a lot like the code to query SQL Server, so that is not much work (mainly search and replace). Also the SQL queries need adjusting, but I’m so much more well-versed in MariaDB that rewriting the SQL is a joy. I use a Debian LAMP server to host the ClickOnce .net application. I use a SSH tunnel with a private/public key-pair instead of a password to encrypt the database connection. This allows me to connect remote to the database even though the database server is not accessible over the Internet (only listens on localhost). ...

I’ve built another small form factor PC for office use (and light gaming). This time I wanted to upgrade my silent but powerful small form factor PC. You can read about my Antec ISK 110 with and how it’s AMD 3400G CPU was limited by the power supply here. The Chieftec IX-03B-OP case is as small as you can go with Mini-ITX. The Chieftec case The Chieftec IX-03B-OP is smaller than the Antec ISK 110, but it does not have the 4 front USB ports that the Antec has. In return you get a smaller and easier to work with case with only 3 cables inside: HDD LED, power switch and power LED. The case has 2 holes that fit the PicoPSU power jack perfectly. The SATA power cables can be removed from the PicoPSU, minimizing the number of cables, making the build really clean. The motherboard is slightly raised from the side-panel of the case using built-in standoffs. There is clearance and air flow for a rear side M2 slot on the motherboard. Also, the Noctua NH-L9a-AM4 fitted easily with about 3-4 millimeters to spare. The Leicke power brick is rather large, but it is silent (no coil whine) and very powerful. ...

Today I am celebrating the 7 years that the TQdev.com blog exists. In this period I have written 198 blog posts on various software development related topics. Best visited post was the “The “Boring Software” manifesto” with more than 43 thousand visitors. Below you find the visitors of the blog per month and the top 3 of best visited posts. Visitors graph The graph below shows the unique visitors per month. I count the number of unique IP address seen per day and add all days of the month. ...

Zola is a very fast static site generator written in Rust with 10k stars on Github. It is faster than Hugo (written in Go) that has 65k stars on Github. But there are more reasons that Zola may become the new world’s most popular Static Site Generator (SSG). In this blog post I will list the things I’ve found to be better about Zola than Hugo and the other way around. ...

The J6412 Venoen 12th Gen Mini PC is a compact and powerful computer that offers exceptional performance and energy efficiency. This mini PC is powered by a 12th Generation Intel processor and has a fanless design, making it ideal for what I use it for: an always on Linux server on my desk. Design and Performance The J6412 Venoen 12th Gen Mini PC features is a small and powerful machine. It measures just 150mm x 150mm x 58mm, not taking up too much space on the desk. The mini PC features 2x SO-DIMM slots that support up to 64GB of DDR4 memory. It also features an M.2 slot that supports NVMe SSDs for super fast I/O. ...

You probably have heard about cloud engineers and what they do. In short they take your servers and put them in the (public) cloud using benefits that only the cloud can bring. These cloud providers belong to large corporations, such as Amazon, Google, Microsoft or even Oracle. What I expect to see become mainstream in the coming years is the role of “cloud exiteer” (a term cleverly coined by my friend Mark), which is exactly the opposite of a cloud engineer. Cloud exiteers are not working to bring a company “into the cloud”, but help them quickly move “away from the cloud”. The companies employing cloud exiteers strive for “cloud neutrality”, which means that they can effortless switch from one cloud provider to another. Note that “cloud neutrality” is a much stronger goal than “multi-cloud” which is not as clearly defined and brings less benefits. ...

Whether you deploy using git push, rsync or even sftp you never want your site to be down or inconsistent during updates. If your site has high traffic you may not only do frequent updates, you may also have significant traffic during these updates. With “zero downtime” deployments you can assure that all traffic can keep flowing and that there is little chance that anyone notices your deployment. Naive approach: delete first A naive deployment of an Apache website may go like this: ...