Using stunnel to Encrypt Database Connections

Most RDBMS such as PostgreSQL and MySQL support TLS connections to encrypt the data on the wire between the application and the database. However there also seems to be applications here and there that don’t support TLS connections to the database server.  Not the end of the world when your app is on the same server as the database server, but who does that? 😉 Read more

The Evolution Will Be Televised! Or At Least Talked About…

I recently listened to a podcast from the folks over at Packetpushers/Datanauts titled “SRE Vs. Cloud Native Vs. DevOps” and it was a great listen.  The show featured Rob Hirschfeld (of RackN / Digital Rebar), who lives and works in this space, to get his thoughts on the terminologies and how they relate to one another (or do not relate).  He talked about the differences and similarities between these terms and the one topic that stood out the most for me was that ops is only now starting to catch up to developers in terms of workflow and tooling, and how Google brought parity between developers and ops by creating Site Reliability Engineering (SRE) which allowed ops and development to work more closely in creating, shipping, and maintaining code.  I have often said that servers and network devices are just a meaningless jumble of electronics without software to run on top of them, so it makes sense for ops and software developers to work together to make the end product better. Read more

SSH – disable StrictHostChecking as well as writing key to known_hosts

I often do a lot of work with temporary Vagrant, Docker, VMs, and I don’t really want those host keys clogging up my ~/.ssh/known_hosts file. So I just add the following alias to my shell “rc” file. In my case, I use zsh so it’s ~/.zshrc :

alias ssh-nocheck="ssh -o 'StrictHostKeyChecking no' -o 'UserKnownHostsFile /dev/null'"

Viola!  Now all I need to is to use something akin to:

ssh-nocheck -p 2222 root@192.168.2.138

K.Y.V.S.S.

XenPandaI have a a disorder when it comes to my home lab. I always have to try something else, whether it’s the latest technology or just something “I’ve wanted to try”. This leads to a lot of reinstalling servers and networks. This is not all bad as I learn best by doing.  This time I wanted to revamp my lab virtualization. Read more

My Letter to the FCC

Dear Mr. Pai,

While I hold no illusions that you will change your mind, I urge you to at least think about what the Internet means to people, not just corporations. The Internet is no longer a technical experiment or a mere commercial venture to sell goods and content. It is part of the fabric of our society, much in the same way highways, roads and utilities are important to our society and economy. Whether for good or bad, it is becoming more difficult to function in society without touching the Internet in some way. Read more

Mac Guest User And the Pet Semetary

Well, this killed an hour this morning.  So I ran some Mac updates the other day and now every time I (re)start my Mac, the Guest user shows up as one of the user choices even though it was disabled.  I’m running OSX El Capitan and using FileVault and it looks like some weird bug with the EFI implementation.  So at least there is a fix found by someone much smarted than I in the weird way of Macs.  Here is the fix on StackExchange