Hi, my name is Kevin.
I’ve spent the better part of the last decade working as a network engineer, cloud and systems architect, and programmer. I’ve worked at small startups, as well as companies working alongside Fortune 500 performers. It feels like I’ve been involved in a little bit of everything from: Development, product design, and deployment at scale. While I primarily write for this blog, I’ve also worked on sites for non-profits and open source projects.
Continue readingRunning a homelab is a great way to be introduced to a number of new technologies and methodologies with minimal risk.
One of the downsides of running a homelab however, is maintenance. In an ever evolving world of security threats and bad actors, it is important to keep your homelab updated and running recent software and hardware.
Since homelabs are generally educational ventures, it is unlikely that one is being paid to maintain them. In order to keep things running smoothly, automation is key to maintaining infrastructure hygeine.
Continue readingThe domain name system (DNS) is the backbone of the internet. Acting like a directory, DNS is a critical service that translates human parsable domain names such as example.com into IP addresses 93.184.215.14.
At the heart of this system are 13 root servers which contain a list of all the domains in the internet 1.
The root servers themselves get these names from top-level domain, and authoritative nameservers. These servers are ran by domain registrars, so when you purchase a domain from a reseller you’re simply paying them to update the information stored in their servers so that when the root servers reach out to find a domain they get the information that you provided.
Continue readingTalos OS (hereafter reffered to as Talos) is a linux based operating system designed specifically for running containerized workloads like K8s and Docker. Talos has a couple of features that make administration a breeze, such as immutable upgrades, container based management, and automatic provisioning.
There are a few prerequisites that are required when setting up Talos, but these also apply to K8s in general. Setting up the prerequisites goes beyond the scope of this article, but they are summarized below.
Continue readingIf you’re only interested in the blocklist, skip to it, here.
Mikrotik is a manufacturer of low cost and full featured routers and networking equipment. Routers built by Mikrotik run RouterOS, a customized Linux distribution and RouterOS utilizes iptables for filtering, shaping, and routing traffic and as such the interface is familiar to any seasoned Linux veteran.
Unfortunately, since RouterOS is using iptables under the hood it lacks a good number of features that are found in modern next-generation firewalls (NGFW). There are a number of solutions to provide differing levels of security to networks behind Mikrotik routers and I recommend running them in tandem with a modern NGFW. This article’s purpose is to help provide a solid foundation of defense by implementing a IP blocklist which will take some of the burden off of a downstream firewall, as well as provide a decent level of security.
Continue reading“Why do things always have to happen on a Friday?”, was the question I asked myself at 5:04 when I read the Grafana alert delivered to my phone. I had just booted up my gaming PC and I was going to get started on an early weekend gaming session when my phone began buzzing and the notifications began piling up.
Bereft of hundreds of frames per second for the moment I logged in to my dashboard to see what was wrong.
Continue readingI’ve recently needed to move to using a more robust logging solution that I was before. Previously, I had fluent running in a container collecting logs, but this was finicky and if something went wrong with the container, I would never know about it.
I installed rsyslog on a dedicated host and started pushing logs to this new VM. This was working great, I was now handling hundreds of messages a second without issue, so I installed Promtail and began exporting the logs, and here is where the issues arose. I had no labels any more, and organization is paramount when dealing with logs. I decided that I would try and figure out if I could extract data from the filenames generated by rsyslog and use that as a first step in the re-labelling process. Here is where I ran into some roadblocks, and what I did to fix the problem.
Continue readingEncryption has become increasingly important over the last several years, you would be hard pressed to find a site on the internet today that isn’t protected by HTTPS encryption. Some of the benefits of running HTTPS include:
Search engines favour HTTPS sites and will rank them higher. HTTPS is an important part of search engine optimization.
Since connections are encrypted, they are technically impossible to view in transit. This prevents eavedropping from third parties.
Continue reading
This article was originally posted 14 December 2022
OpenResty is a fork of nginx that contains a built in lua interpreter, allowing the web server to serve dynamic content on it’s own, or modify requests/responses going to a proxy.
A web application firewall (WAF) is a protective mechanism which inspects inbound requests to a web server. It can prevent malicious actors from sending specially crafted requests to a resource behind a web server.
Continue readingOver my years as a systems administrator, I’ve lost count of the number of databases that I’ve set up, and all of the idiosyncratic one-off scenarios that I’ve been forced to deal with.
It’s not often that I get to work with a brand new database, trying to find out what works best right off the bat. I’m usually dealing with arcane requirements for applications that have extremely specific requirements (read legacy software), and so it’s expected that the database is set up in a certain way.
Continue reading